Setting up a public proxy server

By agronick
Nov 26, 2007
Topic Status:
Not open for further replies.
  1. Hi,
    I have Squid installed on a Linux box running OpenSuSE 10.3. Does anyone know of a guide for configuring it for public access. So far it works fine from inside my internal network.

    Does anyone know of any other proxy server programs for linux? Thanks.
  2. Nodsu

    Nodsu Newcomer, in training Posts: 9,431

    Hum.. Why are you doing this? You do realise that you will not be able to keep this proxy "secret" (even if you use non-default ports)? There are literally thousands of machines out there doing port scans and looking for open proxies just like yours. Once found, your machine becomes a conduit for everything that needs to be hidden from law enforcement officials. (And you will be the one questioned about all that child porn, hacking attempts and spam.) You should be prepared to keep throrough logs of everything and have a fast internet connection.

    Anyway, first you should find out whether it is your firewall or Squid itself that is blocking access from the internet.

    For all the Squid documentation you would ever want, try the totally unthinkable www.squid.org :)
  3. agronick

    agronick Newcomer, in training Topic Starter Posts: 120

    Yeah, I will configure the access control after I get it to work. Right now its not working from outside the internal network.
  4. jobeard

    jobeard TS Ambassador Posts: 13,273   +280

    duh; not working from outside the internal net ==> firewall settings my friend!
  5. gamingguy27

    gamingguy27 TechSpot Enthusiast Posts: 253

    Try smoothwall.

    Alex.
  6. agronick

    agronick Newcomer, in training Topic Starter Posts: 120

    If it was the firewall it wouldnt work from outside the computer. The ports are fowarded on the router. It should work.
  7. jobeard

    jobeard TS Ambassador Posts: 13,273   +280

    somehow you reached the correct solution; the firewall needs to forward the port
    in question to the system that has the service running :)
  8. jobeard

    jobeard TS Ambassador Posts: 13,273   +280

    normally, a proxy server is used to funnel client systems on a LAN thru a single
    control point(for logging and/or filtering), to control access to the external world.

    why do you want the external world to have access to your proxy?
  9. agronick

    agronick Newcomer, in training Topic Starter Posts: 120

    Because my school blocks and throttles almost all web traffic and a proxy server in the same city as my school would be faster than anything. Most encrypted proxys are blocked and slow.
  10. jobeard

    jobeard TS Ambassador Posts: 13,273   +280

    hum; nice try, but if they have the configuration correct, you can not access
    any service beyond the school firewall WITHOUT going thru the proxy.
    (otherwise, everyone would be making this attempt).

    If you do make contact, rest assured they will monitor the access log and
    shut you down in a day or two.
  11. agronick

    agronick Newcomer, in training Topic Starter Posts: 120

    You don't know what your talking about.

    Can anyone else help?

    Everyone is making this attempt. They block proxy servers listed on the internet. No one is monitoring the network traffic. A connection to my proxy server would just be a random IP address. Nothing they need to worry about.
     
  12. jobeard

    jobeard TS Ambassador Posts: 13,273   +280

    If anyone succeeds, then the school has not locked down the Internet as they intended.
    you can lead a horse to water but you can't make him take a drink :)
    this will be a learning experience for you -- best wishes.
  13. agronick

    agronick Newcomer, in training Topic Starter Posts: 120

    The only thing the school can do is block connections to IP addresses. With an encrypted proxy server they would not know what data is being passed. All free encrypted proxys are blocked. Beleave me. They're good. Almost nothing works.


    BTW What do you think my school should be doing that there not doing already.
  14. jobeard

    jobeard TS Ambassador Posts: 13,273   +280

    Almost. It's actually IP+port(s)
    That's correct, the data stream would be invisible.

    Monitoring? Usually it is the address, port, url(for http) postoffice(for smtp),
    and correspondents(for IM). When encryption is in effect, the address/port is all
    that can be seen :)

    In a commercial world, locking down the Internet includes prohibiting all
    a) unsolicited inbound traffic
    b) all outbound traffic

    the proxy is then configured to be to sole exception and filtering/blocking occurs
    according to the admin's desires. This usually includes all ports > 1024.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.