Route traffic on a gateway through SSH tunnel
Steve Bertrand
steve at ibctech.ca
Mon Apr 20 17:12:09 UTC 2009
Adrian Chadd wrote:
> G'day;
>
> 2009/4/19 Steve Bertrand <steve at ibctech.ca>:
>
>> I have a Squid proxy/content filter at my office that I would like to
>> route all 80/443 traffic from my home connection, through the proxy. The
>> proxy and the termination point of my home connection are located in two
>> different PoPs, within different ASs.
>
> Eww. People still use Squid?
hmmm... I'm trying to figure out what you are implying here. If Squid is
"eww", what do you recommend?
>> Does anyone have any suggestions or comments they can share regarding
>> such a setup?
>
> Well, i'd first look at what you're doing with the "fwd" next-hop
> rewriting. All ipfw fwd does is next-hop rewriting with an optional
> redirect-to-local-socket-termination feature.
>
> You need to redirect to a local squid or some other proxy which can do
> the DNS lookups as required (if required!) and bounce the request
> upstream.
>
> I'd suggest setting up Squid on your local CPE to handle the "ipfw fwd
> any 127.0.0.1:3128" redirection (and use http_port 127.0.0.1:3128
> transparent in squid.conf) and then configure squid with a parent
> proxy (cache_peer, disable never_direct, etc) to talk exclusively to
> your upstream proxy(ies).
Thanks for the great feedback Adrian. I've done what you recommended,
and things work exactly as I originally desired, from PC through the
parent proxy.
The only thing that doesn't work properly, is SSL proxying, but that's
something I can fiddle with.
BTW, I am using Squid as a backend to DansGuardian. Both reside on the
same box, at my office. The only user of this configuration is my home
connection.
Steve
More information about the freebsd-net
mailing list