Squid setup help

Tyler Aviss tjaviss-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Aug 31 14:20:58 UTC 2009


On Fri, Aug 28, 2009 at 6:22 PM, Jamon Camisso<jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org> wrote:
> On 08/28/2009 09:04 PM, Madison Kelly wrote:
>>
>> Hi all,
>>
>> A friend of mine is moving to a less than democratic country that
>> filters web access. I want to setup a really simple proxy server for her
>> to use so that she can stay in touch with her friends and family via
>> facebook (blocked there, atm).
>>
>> I've been looking through the squid3 docs but it's a bleeping novel.
>> Searching for sample configs fail to work, too. I freely admit this
>> might be a pebkac issue. I've never really looked into nor cared much
>> about proxies.
>>
>> Can someone here give me a hand or sample config file for setting up
>> squid? I've got a small server with a single Internet-facing IP address.
>>
>> I think I want a transparent, non-caching proxy server. She uses
>> Firefox, so I don't care about IE issues. Lastly, I don't know what her
>> IP will be nor do I know if it will stay within a given range. The
>> config files I've found so far all seem to expect you to know the IP
>> range you want to allow.
>
> I think you might find that OpenVPN is an easier solution. Perhaps that's
> just because I'm not sure how squid will handle DNS requests -- if it leaks
> and your friend's country limits access by DNS (in whole or in part), squid
> might still not work for her. I know you can specify DNS servers in squid's
> config though so maybe it is a non-issue.
>
> It just seems that, while a cache might make access faster, OpenVPN tunnels
> everything by design, e.g. it is explicitly designed to be secure and to
> achieve the functionality you're after. Squid, not so much, it's more of an
> everyperson's reverse cache/proxy/accelerator etc.
>
> My $0.02.
>
> Jamon
> --


I'd second that. Squid is more intended for caching and/or a larger
amount of users. Setting it up with network allow-lists isn't too
hard, but setting up the password access etc etc requires using
special auth programs and other special config to restrict which users
can utilize the proxy. Messing up leaves you with an open-proxy which
is ripe for abuse.

So long as you don't mind her pushing most or all of her traffic
through your box at a given time, the VPN is probably a better
solution in terms of setting up and security. You can even run an
OpenVPN client under PortableApps on a USB-stick now.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list