Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: squid As A Proxy Server (External IP's Using This Server)

  1. #1
    Join Date
    Dec 2008
    Location
    sudo find / | grep CaseyC
    Beans
    41
    Distro
    Ubuntu 12.04 Precise Pangolin

    Question squid As A Proxy Server (External IP's Using This Server)

    I am curious, I have tried to set this up before: I have a VPS on a server that I rent, I installed squid to use as a proxy server, however my home PC (not on the same subnet as the squid) and I could not get my PC to connect and navigate the internet.

    Does anyone know or have a guide on how to setup squid on an external network, that will allow a PC on another network to connect it and use it as a proxy server?

  2. #2
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    9,152
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: squid As A Proxy Server (External IP's Using This Server)

    Did you configure your browser to use the proxy's IP and port?

    Is the port open on the remote server, or at least open to connections from your IP address?

    What do you see when you type "telnet ip.of.proxy.server 3128" on your client?

    Is there any reason to think the ISP is intercepting port 3128? What if you set an arbitrary port like 33128? (Use the http_port directive in squid.conf to do this.)

    If you tried to set up a transparent proxy, that isn't going to work if squid is running on a machine outside your network. You need remove the transparent directive, restart squid, then tell the browser to use the proxy by IP and port specifically.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  3. #3
    Join Date
    Dec 2008
    Location
    sudo find / | grep CaseyC
    Beans
    41
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: squid As A Proxy Server (External IP's Using This Server)

    Right now I have this in my Firefox windows: The proxy server is refusing connections. Firefox is configured to use a proxy server that is refusing connections.

    Obiviously I have something setup wrong. Here were my steps:

    1. sudo apt-get install squid3.
    2. Edited /etc/squid3/squid.conf -> http_port 33128 (not commented out).
    3. Edited /etc/squid3/squid.conf -> http_access allow all (I added this line).

    Here is some more of my acl's that were pre-set when I installed squid.


    Code:
    # Only allow cachemgr access from localhost
    http_access allow manager localhost
    http_access allow all
    http_access deny manager
    
    # Deny requests to certain unsafe ports
    http_access deny !Safe_ports
    
    # Deny CONNECT to other than secure SSL ports
    http_access deny CONNECT !SSL_ports

  4. #4
    Join Date
    Dec 2008
    Location
    sudo find / | grep CaseyC
    Beans
    41
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: squid As A Proxy Server (External IP's Using This Server)

    Attached is my squid.conf file zipped.
    Attached Files Attached Files

  5. #5
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    9,152
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: squid As A Proxy Server (External IP's Using This Server)

    Here's a hint for the future. You can strip out all the comments by running this command

    Code:
    grep -v '^#' squid.conf | grep -v '^$' > squid.stripped.conf
    The first "grep" command removes ("-v") anything beginning with a hash mark ("#"). It passes the result to another grep which removes blank lines. The result is stored in the file squid.stripped.conf in the current directory.

    Applying that to your squid.conf results in

    Code:
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32 ::1
    acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
    acl SSL_ports port 443
    acl Safe_ports port 80          # http
    acl Safe_ports port 21          # ftp
    acl Safe_ports port 443         # https
    acl Safe_ports port 70          # gopher
    acl Safe_ports port 210         # wais
    acl Safe_ports port 1025-65535  # unregistered ports
    acl Safe_ports port 280         # http-mgmt
    acl Safe_ports port 488         # gss-http
    acl Safe_ports port 591         # filemaker
    acl Safe_ports port 777         # multiling http
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access allow all
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost
    http_access deny all
    http_port 33128
    coredump_dir /var/spool/squid3
    refresh_pattern ^ftp:           1440    20%     10080
    refresh_pattern ^gopher:        1440    0%      1440
    refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
    refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
    refresh_pattern .               0       20%     4320
    Now the "allow all" should enable connections from any address, so I'm guessing there is some type of firewalling in the way. Since you changed the port to 33128, please try running the "telnet" command I gave you above. You should get a response like this:

    Code:
    $ telnet 10.1.1.5 33128
    Trying 10.1.1.5...
    Connected to 10.1.1.5.
    Escape character is '^]'.
    Use Ctrl-] to exit the session. If you don't get this response, log into the VPS and try the same command from a prompt there using 127.0.0.1 as the address. Does that work?
    Last edited by SeijiSensei; June 25th, 2013 at 11:13 PM.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  6. #6
    Join Date
    Dec 2008
    Location
    sudo find / | grep CaseyC
    Beans
    41
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: squid As A Proxy Server (External IP's Using This Server)

    When I telnet from a Windows PC, and here is the output

    Code:
    Microsoft Telnet> open 11.22.33.44 33128
    Connecting To 11.22.33.44...Could not open connection to the host, on port 33
    128: Connect failed
    Microsoft Telnet>
    And thank you for the regex grep snippet I use regex's at work every day and completely forgot about them. Here is the output currently that I have configured in my squid.conf file. Note: I have removed the http_access deny all line that appeared below the http_access allow all

    Code:
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32 ::1
    acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
    acl SSL_ports port 443
    acl Safe_ports port 80          # http
    acl Safe_ports port 21          # ftp
    acl Safe_ports port 443         # https
    acl Safe_ports port 70          # gopher
    acl Safe_ports port 210         # wais
    acl Safe_ports port 1025-65535  # unregistered ports
    acl Safe_ports port 280         # http-mgmt
    acl Safe_ports port 488         # gss-http
    acl Safe_ports port 591         # filemaker
    acl Safe_ports port 777         # multiling http
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access allow all
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost
    http_port 33128
    coredump_dir /var/spool/squid3
    refresh_pattern ^ftp:           1440    20%     10080
    refresh_pattern ^gopher:        1440    0%      1440
    refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
    refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
    refresh_pattern .               0       20%     4320

    I have started / stopped / started the service, rebooted the server as well...

  7. #7
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    9,152
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: squid As A Proxy Server (External IP's Using This Server)

    Have you tried "telnet localhost 33128" on the server itself? How about "telnet ip.of.external.interface 33128"?
    Last edited by SeijiSensei; June 26th, 2013 at 09:55 PM.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  8. #8
    Join Date
    Dec 2008
    Location
    sudo find / | grep CaseyC
    Beans
    41
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: squid As A Proxy Server (External IP's Using This Server)

    I was able to connect using telnet localhost 33128. So this appears to be something on my end?

    I enabled outbound and inbound connections on my local PC to accept connections ranging from 33000 and 34000, restarted my firewall, and I was unable to telnet to the vpn server I have. Next I disabled my firewall all together. (Note: I am using this PC at work so there might be network restrictions on my corp network?)

  9. #9
    Join Date
    Apr 2008
    Location
    LOCATION=/dev/random
    Beans
    5,767
    Distro
    Ubuntu Development Release

    Re: squid As A Proxy Server (External IP's Using This Server)

    Quote Originally Posted by CaseyC View Post
    Note: I am using this PC at work so there might be network restrictions on my corp network?
    I think this is your problem.

    Wherever I have set up corporate networks the only connections allowed to the internet are through the companies own proxy server. This is to stop people doing exactly what you are attempting.

    Have a word with IT support and see if you can agree on a solution with them (they may well just say no, you can't do it).
    Cheesemill

  10. #10
    Join Date
    Dec 2008
    Location
    sudo find / | grep CaseyC
    Beans
    41
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: squid As A Proxy Server (External IP's Using This Server)

    Thanks I believe you are correct as well! The only time I have to work on it is between Nessus scans during the day, where RHEL and SLES scans can take awhile, I started my little project .

    I will attempt this at another location and see if it works!

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •