[squid-users] Allow SFTP connection to port 9122
Matus UHLAR - fantomas
uhlar at fantomas.sk
Sat Jan 21 15:59:54 UTC 2023
>On 20/01/2023 2:45 am, Emanuel Gonzalez wrote:
>>I have configured an instance with squid as a proxy service.
>>HTTP/HTTPS requests pass through the proxy correctly.
>>
>>aclSafe_ports port9122
>>aclSSL_ports port9122
>>aclSafe_ports port22
>>aclSSL_ports port22
>>
>>
>>But I need to connect to an SFTP service that listens on port 9122.
>>
>>On the squid configuration side I have added port 9122 to the secure
>>ports and the connection host to the hosts allowed in the dstdomain.
>>
>>I have created the environment variables necessary to be able to
>>exit through the proxy:
>>
>>http_proxy=http://myprox.prod:3142
>>
>>ftp_proxy=http://myproxy.prod:3142
>>
>>https_proxy=http://myproxy.prod:3142
On 22.01.23 01:48, Amos Jeffries wrote:
>Squid does not support this type of configuration. Each type of
>protocol syntax needs to use a different proxy port number.
they are three types of requests to be passed over HTTP, which is
exactly what squid supports on single port.
GET http://
GET ftp://
CONNECT
imho the problem is that "nc -x" expects SOCKS proxy by default and OP issues:
'nc -v -xtheprovider-front.prod:3142 %h %p'
>Current Squid versions also do not have working support for native
>SFTP. For now you can only pass it through Squid if the client
>software sends the SFTP traffic over a HTTP(S) CONNECT tunnel.
nc would do that if he added "-X connect":
-X proxy_protocol
Use proxy_protocol when talking to the proxy server. Supported
protocols are 4 (SOCKS v.4), 5 (SOCKS v.5) and connect (HTTPS
proxy). If the protocol is not specified, SOCKS version 5 is
used.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !
More information about the squid-users
mailing list