On Thu, Oct 27, 2011 at 03:34:00AM -0700, Kristen Eisenberg wrote: > hello all: > > Here is the thing. A friend of mine in China wanted to access Google's > android developer site, unfortunately since Google stopped business in > China, its tech sites seemed also being blocked by the Great Firewall. > > So he asked me for a solution. I checked and it seems Squid proxy is the way > to go. > > I've instlled Squid on my Ubuntu 9.10 home server, however, the > configuration seems complex in both server and client (I presume it's a > browser). > > Now the question: if my sole purpose is to allow my friend to access certain > websites throu the proxy server, what info I need from him and how to config > the /etc/squid/squid.conf? What I need to let him know so that he can do his > part to make the connection? > > I did some google, and start wondering if the ssh tunneling or firefox > configureation is part of this effort? > > Anyway, I am really out of depth in this domain - the question might sound > silly, but any help is greatly appreciated. > ssh tunneling would be an alternative to squid. Although I don't have direct experience with it in China, ssh tunneling has been quite successful for me in the past. The idea is the ssh client running on the computer in China is the proxy server, probably listening to localhost. Firefox or another browser is configured to use the proxy server (the foxyproxy extension helps with it in firefox) and the all of the firefox http, https and dns traffic goes through the proxy, over the ssh tunnel and eventually appears to be coming from the ssh server (outside of China). The only thing to stop this from working, is if the firewall blocks ssh traffic.
If you use Squid instead, there will still be normal appearing web traffic, possibly on an alternate port, to a certain host (the proxy server) outside China that isn't blocked. The real destinations will then see the traffic as coming from that one host outside China. Squid also doesn't help to proxy the dns traffic like the ssh tunnel does. The ssh method is so much simpler, more secure and useful (for just shell sessions too, besides the proxy traffic) that I definitely recommend it. This article for example: http://www.extremetech.com/computing/93106-escaping-the-firewall-with-an-ssh-tunnel-socks-proxy-and-putty/ seems to be a good description of how to set it up with the PuTTY ssh client and firefox in Windows. On the ssh server, the default settings should allow the proxying and there is no configuration needed beyond the normal account setup. I hope this helps :) Nick Schmalenberger _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech