<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
About ports for SSH I think the best way add SSH server running on
2222 or 4444 ports and not need to change the https 443 ports with
ssh ports.<br>
Is the simple way and not need the change the https way.<br>
<br>
<div class="moz-cite-prefix">On 12/10/2014 02:48 πμ, Timothy Spear
wrote:<br>
</div>
<blockquote
cite="mid:19B1C111-165B-4A69-8EB7-6CDCE8C27875@gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div>Hello,</div>
<div><br>
</div>
<div>Here is the issue:</div>
<div>I can proxy through Squid just fine to HTTP and HTTPS. I can
also run SSH via Corkscrew to a SSH server running on port 443
and it works fine.</div>
<div>What I cannot do, is access HTTPS or SSH on any other port
except 443. I have lost track of the number of things I have
tried so any help will be appreciated and I feel like I am
missing something simple. </div>
<div>OS: Ubuntu 14.04.1 LTS</div>
<div>Squid: <span style="font-family: Menlo; font-size: 11px;">3.3.8-1ubuntu6.1</span></div>
<div><br>
</div>
<div>Here is my current Squid 3 configuration:</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(206, 121, 36);">debug_options<span style="color:
#000000"> </span><span style="color: #c33720">all</span><span
style="color: #000000">,</span><span style="color: #c33720">3</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
min-height: 13px;"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"># local network we proxy for</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(195, 55, 32);"><span style="color: #ce7924">acl</span><span
style="color: #000000"> localnet </span><span style="color:
#ce7924">src</span><span style="color: #000000"> </span>10.110.98.0<span
style="color: #000000">/</span>24</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(195, 55, 32);"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"># what ports can be the desitnation</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: #ce7924">acl</span> allowedPorts <span
style="color: #ce7924">port</span> <span style="color:
#c33720">21</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: #ce7924">acl</span> allowedPorts <span
style="color: #ce7924">port</span> <span style="color:
#c33720">22</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: rgb(206, 121, 36);">acl</span> allowedPorts <span
style="color: rgb(206, 121, 36);">port</span> <span
style="color: rgb(195, 55, 32);">2222</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: #ce7924">acl</span> allowedPorts <span
style="color: #ce7924">port</span> <span style="color:
#c33720">80</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: rgb(206, 121, 36);">acl</span> allowedPorts <span
style="color: rgb(206, 121, 36);">port</span> <span
style="color: rgb(195, 55, 32);">443</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: rgb(206, 121, 36);">acl</span> allowedPorts <span
style="color: rgb(206, 121, 36);">port</span> <span
style="color: rgb(195, 55, 32);">8443</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"><span style="color: rgb(206, 121,
36);">acl</span> CONNECT <span style="color: rgb(206, 121,
36);">method</span> CONNECT</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"># determine the available sites</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: #ce7924">acl</span> allowedSites <span
style="color: #ce7924">dstdomain</span>
"/etc/squid3/allowed-sites.squid"</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
min-height: 13px;"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"># now block anything not on the
localnet or ports</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: #ce7924">http_access</span> <span
style="color: #c33720">deny</span> !localnet</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
min-height: 13px;"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
min-height: 13px;">
<div style="margin: 0px; color: rgb(83, 48, 225);"># allow
connect only for approved ports</div>
<div style="margin: 0px;"><span style="color: rgb(206, 121,
36);">http_access</span> <span style="color: rgb(195, 55,
32);">deny</span> CONNECT !allowedPorts</div>
<div><br>
</div>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(83, 48, 225);"># now only allow to the specific
sites</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;"><span
style="color: rgb(206, 121, 36);">http_access</span> <span
style="color: rgb(195, 55, 32);">allow</span> localnet
allowedSites allowedPorts</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
min-height: 13px;"><br>
</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;
color: rgb(206, 121, 36);">http_port<span style="color:
#000000"> </span><span style="color: #c33720">3128</span></div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;">access_<span
style="color: #c33720">log</span> /var/<span style="color:
#c33720">log</span>/squid3/access.<span style="color:
#c33720">log</span> squid</div>
<div style="margin: 0px; font-size: 11px; font-family: Menlo;">hosts_file
/etc/hosts</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Background (just FYI):</div>
<div>I am trying to setup Squid to control network access from a
local subnet to a select number of domains. I do not need to
bump the encrypted traffic and play man in the middle, I just
need to prevent the servers on the local network from accessing
unauthorized networks. Yes, I know I can do this in the
Firewall, but that is IP based and I am dealing with enough
other companies that maintaining the IP list has become a major
pain. Instead I want to use domains, which I can do in Squid.</div>
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
<div>Tim</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--------------------------------------------------------------------------------------
Don't send me documents in .doc , .docx, .xls, .ppt . , .pptx
Send it with ODF format : .odt , .odp , .ods or .pdf .
Try to use Open Document Format : <a class="moz-txt-link-freetext" href="http://el.libreoffice.org/">http://el.libreoffice.org/</a>
Save you money & use GNU/Linux Distro <a class="moz-txt-link-freetext" href="http://distrowatch.com/">http://distrowatch.com/</a>
-----------------------------------------------------------------------------------------
First they ignore you, then they ridicule you, then they fight you, then you win!!! </pre>
</body>
</html>