pantz.org banner
Install and configure a squid proxy
Posted on 09-25-2006 00:13:00 UTC | Updated on 09-25-2006 00:13:00 UTC
Section: /software/squid/ | Permanent Link

Update: I found out any eaiser way to do a encrypted http tunnel through an untrusted network with just SSH. Please see the ssh section of my website for info on that or use my search feature to look for ssh and squid. It can also be done with Putty on windows. I'll leave the info below anyway.

I want to setup SSH to tunnel my web traffic through Squid. Squid would be the proxy server for my web traffic when I'm connected to a network I don't trust. For example if I'm using a public WiFi connection. SSH would tunnel http requests from the remote machine through my gateway at home. All http traffic is usually sent in the clear so anyone can see what sites your visiting because your on their network connection. So lets encrypt the traffic. I plan on doing this by tunneling my traffic thru SSH and running the Squid http proxy on localhost. I know all the traffic going from the gateway squid proxy to the internet is not encrypted but I trust the gateway. Any http request going out of there anyway would be unencrypted. It's just the way the protocol was designed.

Squid (version 2.5) will be setup on my OpenBSD 3.8 gateway machine at home. Squid will be listening on 127.0.0.1 (localhost) so no one can connect to it from the internal lan or the internet. The gateway machine only has SSHD running on it and is only available to certian IP ranges from the internet. The http requests will be tunneled from the client machine through SSH and sent to squid on the gateway machine. Squid will process the request and sent it back the browser on the client machine which has been setup to use proxy settings. Do the following steps below.

1. Install the simple version of squid without any packages with the words like "transparent" or "SNMP" on the OpenBSD gateway machine

pkg_add -vf ftp://ftp.usa.openbsd.org/pub/OpenBSD/3.8/packages/i386/squid-2.5.STABLE10.tgz

2. Edit /etc/squid/squid.conf and see below for the only lines I changed from the default config file. The rest of the settings were left to default. Just check yours match the ones below at a minimum. Change your file according to your tastes then save it.

# These lines are only the ones that were
# changed from the default config. There
# are more config options the conf file.

http_port 127.0.0.1:8080
udp_incoming_address 127.0.0.1
cache_access_log none
cache_store_log none
dns_nameservers 192.168.0.1
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl our_networks src 127.0.0.1

3. Initialize the cache with the following command.

squid -z

4. Start squid with the following command.

/usr/local/sbin/squid

5. To test it go to a machine on the inside lan or a machine that can access the gateway from outside the lan. SSh to the gateway machine with the command "ssh -L 8080:localhost:8080 192.168.0.1". This command creates a port that listens on port 8080 on the local machine (locahost). We will be pointing our browsers to this port to have our traffic tunneled to the gateway machine. When that encrypted traffic gets to the other side it is directed to localhost port 8080 on the gateway where Squid has been setup to listen for requests.

6. After that ssh connection is connected open your web browser. Go to the proxy settings of the browser (in firefox Edit->Preferences->General->Connection->Connection Settings->Manual Proxy Configuration"). Under the http proxy section put in the proxy host name of "locahost" and port "8080". Click ok and your done.

7. Surf to ipchicken.com and your IP address that shows up should be the IP address of the gateway. If your on the internal lan then this is no big deal but if you set the proxy settings correctly you should be able to hit any webpage and if it comes up your working through the proxy.

8. If it worked then make Squid start on boot by putting this in your /etc/rc.local file.

    if [ -x /usr/local/sbin/squid ]; then
        echo -n ' squid';       /usr/local/sbin/squid
    fi

Del.icio.us! | Digg Me! | Reddit!

Related stories


RSS Feed RSS feed logo
About


3com
3ware
alsa
alsactl
alsamixer
amd
android
apache
areca
arm
ati
auditd
awk
badblocks
bash
bind
bios
bonnie
cable
carp
cat5
cdrom
cellphone
centos
chart
chrome
cifs
cisco
cloudera
comcast
commands
comodo
compiz-fusion
corsair
cpufreq
cpufrequtils
cpuspeed
cron
crontab
crossover
cu
cups
cvs
database
dbus
dd
dd_rescue
ddclient
debian
decimal
dhclient
dhcp
diagnostic
diskexplorer
disks
dkim
dns
dos
dovecot
drac
dsniff
dvdauthor
e-mail
echo
editor
emerald
ethernet
expect
ext3
ext4
fat32
fedora
fetchmail
fiber
filesystems
firefox
firewall
flac
flexlm
floppy
flowtools
fonts
format
freebsd
ftp
gdm
gmail
gnome
greasemonkey
greylisting
growisofs
grub
hacking
hadoop
harddrive
hba
hex
hfsc
html
html5
http
https
idl
ie
ilo
intel
ios
iperf
ipmi
iptables
ipv6
irix
javascript
kde
kernel
kickstart
kmail
kprinter
krecord
kubuntu
kvm
lame
ldap
linux
logfile
lp
lpq
lpr
maradns
matlab
memory
mencoder
mhdd
mkinitrd
mkisofs
moinmoin
motherboard
mouse
movemail
mplayer
multitail
mutt
myodbc
mysql
mythtv
nagios
nameserver
netflix
netflow
nginx
nic
ntfs
ntp
nvidia
odbc
openbsd
openntpd
openoffice
openssh
openssl
openvpn
opteron
parted
partimage
patch
perl
pf
pfflowd
pfsync
photorec
php
pop3
pop3s
ports
postfix
power
procmail
proftpd
proxy
pulseaudio
putty
pxe
python
qemu
r-studio
raid
recovery
redhat
router
rpc
rsync
ruby
saltstack
samba
schedule
screen
scsi
seagate
seatools
sed
sendmail
sgi
shell
siw
smtp
snort
solaris
soundcard
sox
spam
spamd
spf
sql
sqlite
squid
srs
ssh
ssh.com
ssl
su
subnet
subversion
sudo
sun
supermicro
switches
symbols
syslinux
syslog
systemrescuecd
t1
tcpip
tcpwrappers
telnet
terminal
testdisk
tftp
thttpd
thunderbird
timezone
ting
tls
tools
tr
trac
tuning
tunnel
ubuntu
unbound
vi
vpn
wget
wiki
windows
windowsxp
wireless
wpa_supplicant
x
xauth
xfree86
xfs
xinearama
xmms
youtube
zdump
zeromq
zic
zlib