Rules for squid via ssh tunnel

All of lore.kernel.org
 help / color / mirror / Atom feed

* Rules for squid via ssh tunnel
@ 2005-07-30  2:25 Gus Collins
  2005-08-01  2:16 ` Robert Vangel
  0 siblings, 1 reply; 2+ messages in thread
From: Gus Collins @ 2005-07-30  2:25 UTC (permalink / raw)
  To: netfilter

I believe this is suppose to be easily done, but I sure can't seem to 
make it work.  Here's my setup.

I setup a squid proxy on my firewall machine to allow http traffic from 
my wlan to be encrypted through a ssh tunnel (i.e., ssh -L 
3128:squid_server:3128 ...).  Worked great until I added iptables to 
that setup.

My question is: what rules do I need on the server to allow my local 
wlan to access the web via the proxy running on the firewall?

I tried the rule below w/o success:

iptables -A INPUT -p tcp --dport 3128 -m state --state 
NEW,ESTABLISHED,RELATED

On the client, I have the default output policy of accept, so it should 
be ok?

Any help greatly appreciated!

Gus Collins

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Rules for squid via ssh tunnel
  2005-07-30  2:25 Rules for squid via ssh tunnel Gus Collins
@ 2005-08-01  2:16 ` Robert Vangel
  0 siblings, 0 replies; 2+ messages in thread
From: Robert Vangel @ 2005-08-01  2:16 UTC (permalink / raw)
  To: netfilter

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gus Collins wrote:
> I believe this is suppose to be easily done, but I sure can't seem to
> make it work.  Here's my setup.
> 
> I setup a squid proxy on my firewall machine to allow http traffic from
> my wlan to be encrypted through a ssh tunnel (i.e., ssh -L
> 3128:squid_server:3128 ...).  Worked great until I added iptables to
> that setup.
> 
> My question is: what rules do I need on the server to allow my local
> wlan to access the web via the proxy running on the firewall?

You shouldn't need any rules to do with the port squid is running on. To
the firewall on the interface you are connecting through, it's all
looking like port 22.

The box you are ssh'ing to, is this the same box that squid is running on?

If so, try `ssh -L 3128:localhost:3128 [...]' (as long as squid is
listening on localhost).
> 
> I tried the rule below w/o success:
> 
> iptables -A INPUT -p tcp --dport 3128 -m state --state
> NEW,ESTABLISHED,RELATED

What did you join it to?

> 
> On the client, I have the default output policy of accept, so it should
> be ok?

Yes, but if you have still added any rules they will obviously override
the default policy.

> 
> Any help greatly appreciated!
> 
> Gus Collins
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFC7YYCV63eDkW7v4cRAnDyAJ0bg8/jiRmDUuQ2lTPKYx1BEp/aHwCfYmK+
Ne+lhWEkMVBG6Ceh5qEXX20=
=/Ad7
-----END PGP SIGNATURE-----


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2005-08-01  2:16 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-30  2:25 Rules for squid via ssh tunnel Gus Collins
2005-08-01  2:16 ` Robert Vangel

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.