<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div>Hello,</div><div><br></div><div>Here is the issue:</div><div>I can proxy through Squid just fine to HTTP and HTTPS. I can also run SSH via Corkscrew to a SSH server running on port 443 and it works fine.</div><div>What I cannot do, is access HTTPS or SSH on any other port except 443. I have lost track of the number of things I have tried so any help will be appreciated and I feel like I am missing something simple. </div><div>OS: Ubuntu 14.04.1 LTS</div><div>Squid: <span style="font-family: Menlo; font-size: 11px;">3.3.8-1ubuntu6.1</span></div><div><br></div><div>Here is my current Squid 3 configuration:</div><div><br></div><div><br></div><div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(206, 121, 36);">debug_options<span style="color: #000000"> </span><span style="color: #c33720">all</span><span style="color: #000000">,</span><span style="color: #c33720">3</span></div><div style="margin: 0px; font-size: 11px; font-family: Menlo; min-height: 13px;"><br></div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(83, 48, 225);"># local network we proxy for</div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(195, 55, 32);"><span style="color: #ce7924">acl</span><span style="color: #000000"> localnet </span><span style="color: #ce7924">src</span><span style="color: #000000"> </span>10.110.98.0<span style="color: #000000">/</span>24</div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(195, 55, 32);"><br></div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(83, 48, 225);"># what ports can be the desitnation</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span style="color: #ce7924">acl</span> allowedPorts <span style="color: #ce7924">port</span> <span style="color: #c33720">21</span></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span style="color: #ce7924">acl</span> allowedPorts <span style="color: #ce7924">port</span> <span style="color: #c33720">22</span></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span style="color: rgb(206, 121, 36);">acl</span> allowedPorts <span style="color: rgb(206, 121, 36);">port</span> <span style="color: rgb(195, 55, 32);">2222</span></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span style="color: #ce7924">acl</span> allowedPorts <span style="color: #ce7924">port</span> <span style="color: #c33720">80</span></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span style="color: rgb(206, 121, 36);">acl</span> allowedPorts <span style="color: rgb(206, 121, 36);">port</span> <span style="color: rgb(195, 55, 32);">443</span></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span style="color: rgb(206, 121, 36);">acl</span> allowedPorts <span style="color: rgb(206, 121, 36);">port</span> <span style="color: rgb(195, 55, 32);">8443</span></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;"><br></div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(83, 48, 225);"><span style="color: rgb(206, 121, 36);">acl</span> CONNECT <span style="color: rgb(206, 121, 36);">method</span> CONNECT</div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(83, 48, 225);"><br></div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(83, 48, 225);"># determine the available sites</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span style="color: #ce7924">acl</span> allowedSites <span style="color: #ce7924">dstdomain</span> "/etc/squid3/allowed-sites.squid"</div><div style="margin: 0px; font-size: 11px; font-family: Menlo; min-height: 13px;"><br></div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(83, 48, 225);"># now block anything not on the localnet or ports</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span style="color: #ce7924">http_access</span> <span style="color: #c33720">deny</span> !localnet</div><div style="margin: 0px; font-size: 11px; font-family: Menlo; min-height: 13px;"><br></div><div style="margin: 0px; font-size: 11px; font-family: Menlo; min-height: 13px;"><div style="margin: 0px; color: rgb(83, 48, 225);"># allow connect only for approved ports</div><div style="margin: 0px;"><span style="color: rgb(206, 121, 36);">http_access</span> <span style="color: rgb(195, 55, 32);">deny</span> CONNECT !allowedPorts</div><div><br></div></div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(83, 48, 225);"># now only allow to the specific sites</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span style="color: rgb(206, 121, 36);">http_access</span> <span style="color: rgb(195, 55, 32);">allow</span> localnet allowedSites allowedPorts</div><div style="margin: 0px; font-size: 11px; font-family: Menlo; min-height: 13px;"><br></div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(206, 121, 36);">http_port<span style="color: #000000"> </span><span style="color: #c33720">3128</span></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">access_<span style="color: #c33720">log</span> /var/<span style="color: #c33720">log</span>/squid3/access.<span style="color: #c33720">log</span> squid</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">hosts_file /etc/hosts</div></div><div><br></div><div><br></div><div>Background (just FYI):</div><div>I am trying to setup Squid to control network access from a local subnet to a select number of domains. I do not need to bump the encrypted traffic and play man in the middle, I just need to prevent the servers on the local network from accessing unauthorized networks. Yes, I know I can do this in the Firewall, but that is IP based and I am dealing with enough other companies that maintaining the IP list has become a major pain. Instead I want to use domains, which I can do in Squid.</div><div><br></div><div>Thanks,</div><div><br></div><div>Tim</div></body></html>