Re: [squid-users] Connection to remote server

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 11 Dec 2012 11:27:01 +1300

On 11.12.2012 01:56, abdul rafi wrote:
> Hello all,
>
> I am using squid 2.7 as a forward proxy on a windows 2003 server.
>
> I need to establish a remote connection to the internet server
> 188.x.x.x on port 3306 from my local IP 10.1.1.1. (to connect to
> mysql
> database)
>
> Do I need to use tcp_outgoing_address tag in the config file as
> marking the port as 'Safe_ports' is not allowing the connection to
> establish? If not then what should I do? I am trying to find a
> solution from so many days and still no luck :(
>
> Below is my squid acl configuration;
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 3306 # remote connection
> acl CONNECT method CONNECT
>
> http_access deny !Safe_ports
> http_access allow Safe_ports

You have now created an "open proxy". Where anyone who can reach it has
unlimited access to use *HTTP* to relay any type of traffic to one of
those ports.

> http_access allow CONNECT !SSL_ports

The correct way to permit CONNECT tunnels to 3306 is:
   acl SSL_ports port 3306

However, it is extremely doubtful that your MySQL client is using *HTTP
protocol* to connect to your MySQL server. There is a dedicated MySQL
proxy available as art of MySQL you will want to look at instead of
using Squid.

Amos
Received on Mon Dec 10 2012 - 22:27:05 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 11 2012 - 12:00:05 MST