Setting up a public proxy server

Status
Not open for further replies.

agronick

Posts: 85   +0
Hi,
I have Squid installed on a Linux box running OpenSuSE 10.3. Does anyone know of a guide for configuring it for public access. So far it works fine from inside my internal network.

Does anyone know of any other proxy server programs for linux? Thanks.
 
Hum.. Why are you doing this? You do realise that you will not be able to keep this proxy "secret" (even if you use non-default ports)? There are literally thousands of machines out there doing port scans and looking for open proxies just like yours. Once found, your machine becomes a conduit for everything that needs to be hidden from law enforcement officials. (And you will be the one questioned about all that child porn, hacking attempts and spam.) You should be prepared to keep throrough logs of everything and have a fast internet connection.

Anyway, first you should find out whether it is your firewall or Squid itself that is blocking access from the internet.

For all the Squid documentation you would ever want, try the totally unthinkable www.squid.org :)
 
Yeah, I will configure the access control after I get it to work. Right now its not working from outside the internal network.
 
agronick said:
Yeah, I will configure the access control after I get it to work. Right now its not working from outside the internal network.
duh; not working from outside the internal net ==> firewall settings my friend!
 
jobeard said:
duh; not working from outside the internal net ==> firewall settings my friend!

If it was the firewall it wouldnt work from outside the computer. The ports are fowarded on the router. It should work.
 
somehow you reached the correct solution; the firewall needs to forward the port
in question to the system that has the service running :)
 
normally, a proxy server is used to funnel client systems on a LAN thru a single
control point(for logging and/or filtering), to control access to the external world.

why do you want the external world to have access to your proxy?
 
Because my school blocks and throttles almost all web traffic and a proxy server in the same city as my school would be faster than anything. Most encrypted proxys are blocked and slow.
 
hum; nice try, but if they have the configuration correct, you can not access
any service beyond the school firewall WITHOUT going thru the proxy.
(otherwise, everyone would be making this attempt).

If you do make contact, rest assured they will monitor the access log and
shut you down in a day or two.
 
You don't know what your talking about.

Can anyone else help?

Everyone is making this attempt. They block proxy servers listed on the internet. No one is monitoring the network traffic. A connection to my proxy server would just be a random IP address. Nothing they need to worry about.
 
Everyone is making this attempt. They block proxy servers listed on the internet. No one is monitoring the network traffic. A connection to my proxy server would just be a random IP address. Nothing they need to worry about.
If anyone succeeds, then the school has not locked down the Internet as they intended.
agronick said:
You don't know what your talking about.
you can lead a horse to water but you can't make him take a drink :)
this will be a learning experience for you -- best wishes.
 
The only thing the school can do is block connections to IP addresses. With an encrypted proxy server they would not know what data is being passed. All free encrypted proxys are blocked. Beleave me. They're good. Almost nothing works.


BTW What do you think my school should be doing that there not doing already.
 
agronick said:
The only thing the school can do is block connections to IP addresses.
Almost. It's actually IP+port(s)
With an encrypted proxy server they would not know what data is being passed. All free encrypted proxys are blocked. Beleave me. They're good. Almost nothing works.
That's correct, the data stream would be invisible.

Monitoring? Usually it is the address, port, url(for http) postoffice(for smtp),
and correspondents(for IM). When encryption is in effect, the address/port is all
that can be seen :)

In a commercial world, locking down the Internet includes prohibiting all
a) unsolicited inbound traffic
b) all outbound traffic

the proxy is then configured to be to sole exception and filtering/blocking occurs
according to the admin's desires. This usually includes all ports > 1024.
 
Status
Not open for further replies.
Back