hi all,
just figuring out this whole linux thing, and having a blast.

A question about squid:
I have set up squid on my server for the purpose of accessing through ssh tunneling to bypass my (extremely restrictive) firewall in the country I live. It all works a treat...

I am concerned though that perhaps anyone can access it, and might eat up my bandwidth. So perhaps I could limit access to the localhost or something to only allow those connected to the server to access it. Would this work, and if so how?

Obviously I would like make it as fast as possible for me. Is it worthwhile playing around with the configuration to try and speed it up more, or is it not worth it for a single user proxy?

Many thanks,
Damian

I used to use squid over ssh too.
I believe the default configuration allows only localhost to access it, so you do not need to change it.

I've since removed squid because it's unnecessary, as SSH (or at least Putty) supports the use of dynamic SOCKS5 proxies, I simply set Firefox to use the SOCKS5 proxy. Lots of other applications supports SOCKS5 too (i.e. Pidgin), and those which do not can by socksified using Freecap.

thanks for your reply.

Whilst trying to get things to work, I have set squid.conf to
'http_access allow all' to get it to work, when I try 'http_access allow localhost' it won't allow me to connect.

Just to clarify, I run the following script on my localcomputer
ssh -L 8080:serverip:3128 username@serverip

then set my proxyserver in my browser as 127.0.0.1:8080

works fine, but only when i 'allow all'. Is there another way of doing this. I'm noticing my transfer traffic increasing significantly and am getting a little suspicious.

Many thanks,
Damo

ssh -L 8080:serverip:3128 username@serverip

Use localhost or 127.0.0.1 instead of serverip

oh dear, my fears have just been realised as my account has been disabled because of my proxies openness....

just to confirm, the ssh script I mentioned is from my local computer that I use to access the proxy... so I believe I have to have the serverip in both parts of the script... please correct me if I am wrong.

Also, how do they find an open proxy so quickly?? My server has only been up for a couple of weeks!!

dammit!!

Damo

The server is making the actual connection in behalf of you, so localhost:3128 will be applied by the server, not by the client

You will still connect to username@serverip, of course

just to let you know, I have resolved this issue and am now using the Socks solution. Although so far it doesn't appear to be as fast, maybe I will revert to my old configuration (albeit more securely).

I am not onto bigger issues getting my webserver to run properly (see the Apache forum)

Many thanks.
Damo

Hi, we helped Damok use his ssh client to create a socks tunnel to his vps. then he just points his socks proxy to the local machine.

ssh -D 2001 root@1.2.3.4

this creates a socks server on your local PC @ 127.0.0.1:2001. In this case he was running a mac. If you have a windows PC, putty can create the socks proxy.

noting that SOCKS via SSH does not require root(, though your needs might).