[squid-users] SSL/SSH/SFTP/FTPS to alternate ports
Sergey Tsabolov ( aka linuxman )
sergios at greeklug.gr
Sun Oct 12 12:08:22 UTC 2014
Hello,
About ports for SSH I think the best way add SSH server running on 2222
or 4444 ports and not need to change the https 443 ports with ssh ports.
Is the simple way and not need the change the https way.
On 12/10/2014 02:48 πμ, Timothy Spear wrote:
> Hello,
>
> Here is the issue:
> I can proxy through Squid just fine to HTTP and HTTPS. I can also run
> SSH via Corkscrew to a SSH server running on port 443 and it works fine.
> What I cannot do, is access HTTPS or SSH on any other port except 443.
> I have lost track of the number of things I have tried so any help
> will be appreciated and I feel like I am missing something simple.
> OS: Ubuntu 14.04.1 LTS
> Squid: 3.3.8-1ubuntu6.1
>
> Here is my current Squid 3 configuration:
>
>
> debug_optionsall,3
>
> # local network we proxy for
> acllocalnet src10.110.98.0/24
>
> # what ports can be the desitnation
> acl allowedPorts port 21
> acl allowedPorts port 22
> acl allowedPorts port 2222
> acl allowedPorts port 80
> acl allowedPorts port 443
> acl allowedPorts port 8443
>
> acl CONNECT method CONNECT
>
> # determine the available sites
> acl allowedSites dstdomain "/etc/squid3/allowed-sites.squid"
>
> # now block anything not on the localnet or ports
> http_access deny !localnet
>
> # allow connect only for approved ports
> http_access deny CONNECT !allowedPorts
>
> # now only allow to the specific sites
> http_access allow localnet allowedSites allowedPorts
>
> http_port3128
> access_log /var/log/squid3/access.log squid
> hosts_file /etc/hosts
>
>
> Background (just FYI):
> I am trying to setup Squid to control network access from a local
> subnet to a select number of domains. I do not need to bump the
> encrypted traffic and play man in the middle, I just need to prevent
> the servers on the local network from accessing unauthorized networks.
> Yes, I know I can do this in the Firewall, but that is IP based and I
> am dealing with enough other companies that maintaining the IP list
> has become a major pain. Instead I want to use domains, which I can do
> in Squid.
>
> Thanks,
>
> Tim
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
--
--------------------------------------------------------------------------------------
Don't send me documents in .doc , .docx, .xls, .ppt . , .pptx
Send it with ODF format : .odt , .odp , .ods or .pdf .
Try to use Open Document Format : http://el.libreoffice.org/
Save you money & use GNU/Linux Distro http://distrowatch.com/
-----------------------------------------------------------------------------------------
First they ignore you, then they ridicule you, then they fight you, then you win!!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141012/78559e3a/attachment.html>
More information about the squid-users
mailing list