On 12/10/2014 11:33 AM, Timothy Spear wrote:
B,
I was going to attach the logs, but I now feel like an idiot. :D
The jump box I am running Squid on, currently only allows 80 and 443
outbound. I recalled this when I went to scp the log files and the
connection was refused
I detest overlooking things like this. Sometimes, you really need
question any assumptions.
You are not alone! Sometimes-Always
Tim
On Oct 12, 2014, at 11:11 AM, crazy world crazywo...@outlook.com
mailto:crazywo...@outlook.com wrote:
Do you have the log for the connection when you can't access? Other
than 22 and 443 as you said.
Thanks,
-B
Subject: Re: [squid-users] SSL/SSH/SFTP/FTPS to alternate ports
From: n61...@gmail.com mailto:n61...@gmail.com
Date: Sun, 12 Oct 2014 10:49:05 -0400
CC: n61...@gmail.com mailto:n61...@gmail.com;
squid-users@lists.squid-cache.org
mailto:squid-users@lists.squid-cache.org
To: crazywo...@outlook.com mailto:crazywo...@outlook.com
Here is the access log. I should have included it in the original
post. This is accessing a test machine I setup to hit SSH on 22 and
443. I can also hit HTTPS on multiple other ports.
1413125068.706 87 10.110.98.21 TCP_MISS/503 0 CONNECTXXX..com
http://xxx..com/:22 - HIER_NONE/- -
1413125086.496 8061 10.110.98.21 TCP_MISS/200 3657
CONNECTXXX..com http://xxx..com/:443 -
HIER_DIRECT/54.68.15.208 -
Yes, my intent in the rule set is to provide a list of allowed ports
and sites.
Tim
On Oct 11, 2014, at 11:37 PM, B crazywo...@outlook.com
mailto:crazywo...@outlook.com wrote:
check out your access log seeing what it says. Sounds like you
are looking for an AFW from squid. The ports themselves are
defined. You need to make sure the other ports are opened.
Your rule tells squid to block the non-allowed sites to the
non-allowed ports. Still sounds like FW function, but with the
domain feature only.
-B
On 10/12/2014 7:48 AM, Timothy Spear wrote:
Hello,
Here is the issue:
I can proxy through Squid just fine to HTTP and HTTPS. I can
also run SSH via Corkscrew to a SSH server running on port
443 and it works fine.
What I cannot do, is access HTTPS or SSH on any other port
except 443. I have lost track of the number of things I have
tried so any help will be appreciated and I feel like I am
missing something simple.
OS: Ubuntu 14.04.1 LTS
Squid: 3.3.8-1ubuntu6.1
Here is my current Squid 3 configuration:
debug_optionsall,3
# local network we proxy for
acllocalnetsrc10.110.98.0/24
# what ports can be the desitnation
aclallowedPortsport21
aclallowedPortsport22
acl allowedPorts port
aclallowedPortsport80
acl allowedPorts port 443
acl allowedPorts port 8443
aclCONNECTmethodCONNECT
# determine the available sites
aclallowedSitesdstdomain/etc/squid3/allowed-sites.squid
# now block anything not on the localnet or ports
http_accessdeny!localnet
# allow connect only for approved ports
http_access deny CONNECT !allowedPorts
# now only allow to the specific sites
http_accessallowlocalnet allowedSites allowedPorts
http_port3128
access_log/var/log/squid3/access.logsquid
hosts_file /etc/hosts
Background (just FYI):
I am trying to setup Squid to control network access from a
local subnet to a select number of domains. I do not need to
bump the encrypted traffic and play man in the middle, I just
need to prevent the servers on the local network from
accessing unauthorized networks. Yes, I know I can do this in
the Firewall, but that is IP based and I am dealing with
enough other companies that maintaining the IP list has
become a major pain. Instead I want to use domains, which I
can do in Squid.
Thanks,
Tim
___
squid-users mailing list
squid-users@lists.squid-cache.org
mailto:squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
--
Ron Wheeler
President
Artifact Software Inc
email: rwhee...@artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
