how to configure squid to use ssh tunnel for external sites?

[kunalv-shah]

I have a setup where I have ubuntu as squid proxy server at my home. All computers and ipad at my home use that ubuntu as proxy server. Now I want squid to redirect all request to ec2 instance for browsing. For example if I am browsing site www.example.com from my home computer, it goes to squid proxy on the same network, now instead of directly serving pages from internet, I want squid proxy to make ssh tunnel to ec2 instance and get pages from www.example.com through ec2 instance. EC2 instance is ubuntu again.
I figured out how to configure suqid to cater to my home computers but not sure how should I setup squid to tunnel to ec2 to cater to internet rather than directly going internet. Any pointers here will be helpful.
Attached is the image of my home setup.

dD2UI.jpg

[slickymaster]

Please do not post large images into your posts. Many of our users have slow internet connections and data limits. Large images can take a long time to load -- and may even cost a user extra money. Use the attachment functionality provided by the paperclip button above the text entry box.

[kunalv-shah]

duly noted.

[SeijiSensei]

Run squid on the remote box and point your browser to it instead.

[kunalv-shah]

That is not possible. Browser on my laptop does not have direct access to remote box.

[SeijiSensei]

Is that by design or just a routing problem?

You can configure a local Squid proxy to forward requests to another proxy upstream.

https://www.google.com/search?q=squi...upstream+proxy

[kunalv-shah]

Hi, thanks for the pointer.
to answer your first question, it is by design. I want to make sure that I use secure connection up till proxy.

about your pointer to local proxy to upstream proxy. I did take a look at it as a possibility. Just one question on that, is the communication between local proxy and upstream proxy secure? is it possible that someone can do
"man in the middle" sneaking between two proxies? that was the reason why I wanted to have proxy to ssh tunnel. If local proxy to upstream proxy is as secure as ssh tunnel then this is the perfect solution I am looking for.

[SeijiSensei]

Well, my preference is always to use OpenVPN to create static tunnels. All traffic between the local and remote machines is encrypted. I assume that would be true for SSH tunnels, but I never use them.

[mitesh.agrwl]

Hi,

All traffic between the local and remote machines is encrypted. I assume that would be true for SSH tunnels, but I never use them.

The traffic is encrypted in SSH tunnels also. The difference is, OpenVPN uses encryption at layer 3 while SSH uses encryption at Layer 4. Both type of encryption has its own advantages and disadvantages.

[kunalv-shah]

Actually my question was if I have a local proxy which forwards requests to upstream proxy, will the traffic between local proxy and upstream proxy encrypted? If not, I would like some way to secure the communications between local proxy and upstream proxy.