Rules for squid via ssh tunnel

Robert Vangel vangelr at rfgt.net
Mon Aug 1 04:16:34 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gus Collins wrote:
> I believe this is suppose to be easily done, but I sure can't seem to
> make it work.  Here's my setup.
> 
> I setup a squid proxy on my firewall machine to allow http traffic from
> my wlan to be encrypted through a ssh tunnel (i.e., ssh -L
> 3128:squid_server:3128 ...).  Worked great until I added iptables to
> that setup.
> 
> My question is: what rules do I need on the server to allow my local
> wlan to access the web via the proxy running on the firewall?

You shouldn't need any rules to do with the port squid is running on. To
the firewall on the interface you are connecting through, it's all
looking like port 22.

The box you are ssh'ing to, is this the same box that squid is running on?

If so, try `ssh -L 3128:localhost:3128 [...]' (as long as squid is
listening on localhost).
> 
> I tried the rule below w/o success:
> 
> iptables -A INPUT -p tcp --dport 3128 -m state --state
> NEW,ESTABLISHED,RELATED

What did you join it to?

> 
> On the client, I have the default output policy of accept, so it should
> be ok?

Yes, but if you have still added any rules they will obviously override
the default policy.

> 
> Any help greatly appreciated!
> 
> Gus Collins
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFC7YYCV63eDkW7v4cRAnDyAJ0bg8/jiRmDUuQ2lTPKYx1BEp/aHwCfYmK+
Ne+lhWEkMVBG6Ceh5qEXX20=
=/Ad7
-----END PGP SIGNATURE-----



More information about the netfilter mailing list