[squid-users] Getting ping to work via proxy

[Grant Taylor]

Pre-script:  The following is in response to one specific statement from 
Antony and not really Squid related.

On 7/1/23 5:08 PM, Antony Stone wrote:
> There is no such thing as an ICMP proxy.

I'm not aware of an ICMP proxy.  But my ignorance of one doesn't 
preclude one (or more) from existing.

Also, Building Internet Firewalls from O'Reilly, both 1st and 2nd 
edition, make reference to "SOCKS wrappers for ping and traceroute.

Section 9.5.3 SOCKS Components

--8<--
The SOCKS package includes the following components:

  - The SOCKS server. This server must run on a Unix system, although it 
has been ported to many different variants of Unix.

  - The SOCKS client library for Unix machines.

  - SOCKS-ified versions of several standard Unix client programs sucn 
as FTP and Telnet.

  - SOCKS wrappers for ping and traceroute.

  - The runsocks program to SOCKS-ify dynamically linked programs at 
runtime without recompiling.

In addition, client libraries for Macintosh and Windows systems are 
available as separate packages.

Figure 9-4. Using SOCKS for proxying.
-->8--

So there seems to have been a way to use ping and traceroute via SOCKS 
proxy once upon a time.  It may have been lost to the sands of time.

I suspect that the book is talking about the SOCKS server from NEC, 
something that I've not been able to get my hands on yet.

It may be talking about something from Trusted Internet Solutions' 
(a.k.a. TIS's) Firewall Toolkit (a.k.a. fwtk).  I've not yet messed with 
the old copies of TIS FWTK that I have.

Seeing as how this is SOCKS related and me not being aware of Squid 
supporting SOCKS, it's still very much a "no, Squid doesn't support ICMP 
proxying".  At least not without doing some things that encapsulate ICMP 
traffic in some sort of tunnel that happens to flow through Squid.  But 
even that is HTTP(S) traffic as far as Squid is concerned.

Maybe websocket has something that it can do, but I'm not up on that.





Grant. . . .