[squid-users] SSL/SSH/SFTP/FTPS to alternate ports
Timothy Spear
n614cd at gmail.com
Sun Oct 12 14:50:25 UTC 2014
Sergey,
I do not control the destination ports, my servers communicate to servers at other companies. In some cases, there are SFTP communications I must perform on 443.
Tim
On Oct 12, 2014, at 8:08 AM, Sergey Tsabolov ( aka linuxman ) <sergios at greeklug.gr> wrote:
> Hello,
> About ports for SSH I think the best way add SSH server running on 2222 or 4444 ports and not need to change the https 443 ports with ssh ports.
> Is the simple way and not need the change the https way.
>
> On 12/10/2014 02:48 πμ, Timothy Spear wrote:
>> Hello,
>>
>> Here is the issue:
>> I can proxy through Squid just fine to HTTP and HTTPS. I can also run SSH via Corkscrew to a SSH server running on port 443 and it works fine.
>> What I cannot do, is access HTTPS or SSH on any other port except 443. I have lost track of the number of things I have tried so any help will be appreciated and I feel like I am missing something simple.
>> OS: Ubuntu 14.04.1 LTS
>> Squid: 3.3.8-1ubuntu6.1
>>
>> Here is my current Squid 3 configuration:
>>
>>
>> debug_options all,3
>>
>> # local network we proxy for
>> acl localnet src 10.110.98.0/24
>>
>> # what ports can be the desitnation
>> acl allowedPorts port 21
>> acl allowedPorts port 22
>> acl allowedPorts port 2222
>> acl allowedPorts port 80
>> acl allowedPorts port 443
>> acl allowedPorts port 8443
>>
>> acl CONNECT method CONNECT
>>
>> # determine the available sites
>> acl allowedSites dstdomain "/etc/squid3/allowed-sites.squid"
>>
>> # now block anything not on the localnet or ports
>> http_access deny !localnet
>>
>> # allow connect only for approved ports
>> http_access deny CONNECT !allowedPorts
>>
>> # now only allow to the specific sites
>> http_access allow localnet allowedSites allowedPorts
>>
>> http_port 3128
>> access_log /var/log/squid3/access.log squid
>> hosts_file /etc/hosts
>>
>>
>> Background (just FYI):
>> I am trying to setup Squid to control network access from a local subnet to a select number of domains. I do not need to bump the encrypted traffic and play man in the middle, I just need to prevent the servers on the local network from accessing unauthorized networks. Yes, I know I can do this in the Firewall, but that is IP based and I am dealing with enough other companies that maintaining the IP list has become a major pain. Instead I want to use domains, which I can do in Squid.
>>
>> Thanks,
>>
>> Tim
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>
> --
> --------------------------------------------------------------------------------------
> Don't send me documents in .doc , .docx, .xls, .ppt . , .pptx
> Send it with ODF format : .odt , .odp , .ods or .pdf .
> Try to use Open Document Format : http://el.libreoffice.org/
> Save you money & use GNU/Linux Distro http://distrowatch.com/
> -----------------------------------------------------------------------------------------
> First they ignore you, then they ridicule you, then they fight you, then you win!!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141012/af56ca7d/attachment.html>
More information about the squid-users
mailing list