<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">check out your access log seeing what
it says. Sounds like you are looking for an AFW from squid. The
ports themselves are defined. You need to make sure the other
ports are opened.<br>
<br>
Your rule tells squid to block the non-allowed sites to the
non-allowed ports. Still sounds like FW function, but with the
domain feature only.<br>
<br>
<div class="moz-signature">-B</div>
On 10/12/2014 7:48 AM, Timothy Spear wrote:<br>
</div>
<blockquote
cite="mid:19B1C111-165B-4A69-8EB7-6CDCE8C27875@gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div>Hello,</div>
<div><br>
</div>
<div>Here is the issue:</div>
<div>I can proxy through Squid just fine to HTTP and HTTPS. I can
also run SSH via Corkscrew to a SSH server running on port 443
and it works fine.</div>
<div>What I cannot do, is access HTTPS or SSH on any other port
except 443. I have lost track of the number of things I have
tried so any help will be appreciated and I feel like I am
missing something simple. </div>
<div>OS: Ubuntu 14.04.1 LTS</div>
<div>Squid: <span style="font-family: Menlo; font-size: 11px;">3.3.8-1ubuntu6.1</span></div>
<div><br>
</div>
<div>Here is my current Squid 3 configuration:</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(206, 121, 36);">debug_options<span style="color:
#000000"> </span><span style="color: #c33720">all</span><span
style="color: #000000">,</span><span style="color: #c33720">3</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
min-height: 13px;"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"># local network we proxy for</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(195, 55, 32);"><span style="color: #ce7924">acl</span><span
style="color: #000000"> localnet </span><span style="color:
#ce7924">src</span><span style="color: #000000"> </span>10.110.98.0<span
style="color: #000000">/</span>24</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(195, 55, 32);"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"># what ports can be the desitnation</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: #ce7924">acl</span> allowedPorts <span
style="color: #ce7924">port</span> <span style="color:
#c33720">21</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: #ce7924">acl</span> allowedPorts <span
style="color: #ce7924">port</span> <span style="color:
#c33720">22</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: rgb(206, 121, 36);">acl</span> allowedPorts <span
style="color: rgb(206, 121, 36);">port</span> <span
style="color: rgb(195, 55, 32);">2222</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: #ce7924">acl</span> allowedPorts <span
style="color: #ce7924">port</span> <span style="color:
#c33720">80</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: rgb(206, 121, 36);">acl</span> allowedPorts <span
style="color: rgb(206, 121, 36);">port</span> <span
style="color: rgb(195, 55, 32);">443</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: rgb(206, 121, 36);">acl</span> allowedPorts <span
style="color: rgb(206, 121, 36);">port</span> <span
style="color: rgb(195, 55, 32);">8443</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"><span style="color: rgb(206, 121,
36);">acl</span> CONNECT <span style="color: rgb(206, 121,
36);">method</span> CONNECT</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"># determine the available sites</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: #ce7924">acl</span> allowedSites <span
style="color: #ce7924">dstdomain</span>
"/etc/squid3/allowed-sites.squid"</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
min-height: 13px;"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"># now block anything not on the
localnet or ports</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: #ce7924">http_access</span> <span
style="color: #c33720">deny</span> !localnet</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
min-height: 13px;"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
min-height: 13px;">
<div style="margin: 0px; color: rgb(83, 48, 225);"># allow
connect only for approved ports</div>
<div style="margin: 0px;"><span style="color: rgb(206, 121,
36);">http_access</span> <span style="color: rgb(195, 55,
32);">deny</span> CONNECT !allowedPorts</div>
<div><br>
</div>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"># now only allow to the specific
sites</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: rgb(206, 121, 36);">http_access</span> <span
style="color: rgb(195, 55, 32);">allow</span> localnet
allowedSites allowedPorts</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
min-height: 13px;"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(206, 121, 36);">http_port<span style="color:
#000000"> </span><span style="color: #c33720">3128</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;">access_<span
style="color: #c33720">log</span> /var/<span style="color:
#c33720">log</span>/squid3/access.<span style="color:
#c33720">log</span> squid</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;">hosts_file
/etc/hosts</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Background (just FYI):</div>
<div>I am trying to setup Squid to control network access from a
local subnet to a select number of domains. I do not need to
bump the encrypted traffic and play man in the middle, I just
need to prevent the servers on the local network from accessing
unauthorized networks. Yes, I know I can do this in the
Firewall, but that is IP based and I am dealing with enough
other companies that maintaining the IP list has become a major
pain. Instead I want to use domains, which I can do in Squid.</div>
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
<div>Tim</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
</body>
</html>