Here is the access log. I should have included it in the original post. This is accessing a test machine I setup to hit SSH on 22 and 443. I can also hit HTTPS on multiple other ports.
1413125068.706 87 10.110.98.21 TCP_MISS/503 0 CONNECT XXX.XXXX.com:22 - HIER_NONE/- - 1413125086.496 8061 10.110.98.21 TCP_MISS/200 3657 CONNECT XXX.XXXX.com:443 - HIER_DIRECT/54.68.15.208 - Yes, my intent in the rule set is to provide a list of allowed ports and sites. Tim On Oct 11, 2014, at 11:37 PM, B <crazywo...@outlook.com> wrote: > check out your access log seeing what it says. Sounds like you are looking > for an AFW from squid. The ports themselves are defined. You need to make > sure the other ports are opened. > > Your rule tells squid to block the non-allowed sites to the non-allowed > ports. Still sounds like FW function, but with the domain feature only. > > -B > On 10/12/2014 7:48 AM, Timothy Spear wrote: >> Hello, >> >> Here is the issue: >> I can proxy through Squid just fine to HTTP and HTTPS. I can also run SSH >> via Corkscrew to a SSH server running on port 443 and it works fine. >> What I cannot do, is access HTTPS or SSH on any other port except 443. I >> have lost track of the number of things I have tried so any help will be >> appreciated and I feel like I am missing something simple. >> OS: Ubuntu 14.04.1 LTS >> Squid: 3.3.8-1ubuntu6.1 >> >> Here is my current Squid 3 configuration: >> >> >> debug_options all,3 >> >> # local network we proxy for >> acl localnet src 10.110.98.0/24 >> >> # what ports can be the desitnation >> acl allowedPorts port 21 >> acl allowedPorts port 22 >> acl allowedPorts port 2222 >> acl allowedPorts port 80 >> acl allowedPorts port 443 >> acl allowedPorts port 8443 >> >> acl CONNECT method CONNECT >> >> # determine the available sites >> acl allowedSites dstdomain "/etc/squid3/allowed-sites.squid" >> >> # now block anything not on the localnet or ports >> http_access deny !localnet >> >> # allow connect only for approved ports >> http_access deny CONNECT !allowedPorts >> >> # now only allow to the specific sites >> http_access allow localnet allowedSites allowedPorts >> >> http_port 3128 >> access_log /var/log/squid3/access.log squid >> hosts_file /etc/hosts >> >> >> Background (just FYI): >> I am trying to setup Squid to control network access from a local subnet to >> a select number of domains. I do not need to bump the encrypted traffic and >> play man in the middle, I just need to prevent the servers on the local >> network from accessing unauthorized networks. Yes, I know I can do this in >> the Firewall, but that is IP based and I am dealing with enough other >> companies that maintaining the IP list has become a major pain. Instead I >> want to use domains, which I can do in Squid. >> >> Thanks, >> >> Tim >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
