Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

squid / ssh tunnel

  • 26-01-2009 11:54am
    #1
    Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭


    So I'm trying to use squid through an SSH tunnel. Here's what I've done:

    Set up squid on home machine (gentoo)
    Verified that it works (on the home machine I set the HTTP proxy in firefox to localhost:3128)
    Created an SSH tunnel from my work machine (ubuntu) like this:

    ssh -L 8080:home:3128 khannie@home

    (home is defined in /etc/hosts)

    then I set my proxy in work firefox to localhost:8080

    So far no joy (nothing even shows up in the squid logs). Any ideas?


Comments

  • Registered Users, Registered Users 2 Posts: 2,755 ✭✭✭niallb


    Two things:
    Check that it still works at home when you connect to
    $(IP address of ethernet interface rather than localhost):3128

    and look through squid.conf for ACL entries.
    You'll need one defined that contains your work address,
    and then you'll need to permit access to that acl.

    acl work src 0.0.0.0/0.0.0.0
    http_access allow work

    restrict as necessary!


  • Registered Users, Registered Users 2 Posts: 231 ✭✭djr


    Khannie wrote: »

    ssh -L 8080:home:3128 khannie@home

    (home is defined in /etc/hosts)

    the 1st instance of "home" in that command needs to be the internal address of the box you're connecting yo. the 2nd home would be the external address.

    i.e. if your home lan is 192.168.2.0/24, and the squid is running on 2.5, and your internet ip address (of the router/server) is 10.20.10.1

    ssh -L 8080:192.168.2.5:3128 khannie@10.20.30.1

    if you are ssh-ing to the same box that the squid is running on, you can use

    ssh -L 8080:127.0.0.1:3128 khannie@10.20.30.1


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    Cheers lads. Sorted. Very much appreciate it. Anonymous surfing in work ftw! :D
    niallb wrote: »
    Two things:
    Check that it still works at home when you connect to
    $(IP address of ethernet interface rather than localhost):3128
    djr wrote: »
    if you are ssh-ing to the same box that the squid is running on, you can use

    ssh -L 8080:127.0.0.1:3128 khannie@10.20.30.1

    This proved (surprisingly, but not so much with hindsight) critical. I was putting in the external IP, but of course that doesn't apply to the NAT'd box.


  • Registered Users, Registered Users 2 Posts: 231 ✭✭djr


    Khannie wrote: »
    Anonymous surfing in work ftw! :D

    fortunately for you, your employer allows outbound ssh connections ;)

    d.


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    Ah sure there's a way around everything if you're geeky enough and there's a single port open. I used a program before which piggybacked an SSH connection on a HTTP proxy.

    edit: I should add that I highly recommend this anonymous surfing malarky. I don't surf much in work at all, but by jebus it's nice to not feel spied upon. Also, I enabled compression on the connection and it's actually a fairly decent browsing experience (not to mention it reducing my bandwidth footprint).


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 159 ✭✭TeaServer


    Nice one. I had tried using Squid before for slightly different reasons. I needed an Irish IP address for RTE and I travel a good bit with work.

    I must try this again with that tip.

    Cheers!


  • Registered Users, Registered Users 2 Posts: 36 ld50


    An even simpler method using "-D port" then set firefox SOCKS setting to "localhost port"
    This won't use your squid server and is much better for those who have an ssh account on a machine they can't install stuff on. I use it all the time at work.

    mh


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    Can you explain how that works? I still connect to my home machine?

    e.g. ssh -D 1234 khannie@home

    nvm...I just tested it. Savage stuff. Very nice indeed.


Advertisement