l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2011 Oct 27 19:45

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] squid proxy server & client configuration to bypassGFW
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] squid proxy server & client configuration to bypassGFW

On Thu, Oct 27, 2011 at 03:34:00AM -0700, Kristen Eisenberg wrote:
> hello all:
> Here is the thing. A friend of mine in China wanted to access Google's
> android developer site, unfortunately since Google stopped business in
> China, its tech sites seemed also being blocked by the Great Firewall.
> So he asked me for a solution. I checked and it seems Squid proxy is the way
> to go.
> I've instlled Squid on my Ubuntu 9.10 home server, however, the
> configuration seems complex in both server and client (I presume it's a
> browser).
> Now the question: if my sole purpose is to allow my friend to access certain
> websites throu the proxy server, what info I need from him and how to config
> the /etc/squid/squid.conf? What I need to let him know so that he can do his
> part to make the connection?
> I did some google, and start wondering if the ssh tunneling or firefox
> configureation is part of this effort?
> Anyway, I am really out of depth in this domain - the question might sound
> silly, but any help is greatly appreciated.
ssh tunneling would be an alternative to squid. Although I don't
have direct experience with it in China, ssh tunneling has been
quite successful for me in the past. The idea is the ssh client
running on the computer in China is the proxy server, probably
listening to localhost. Firefox or another browser is configured
to use the proxy server (the foxyproxy extension helps with it in
firefox) and the all of the firefox http, https and dns traffic
goes through the proxy, over the ssh tunnel and eventually
appears to be coming from the ssh server (outside of China). The
only thing to stop this from working, is if the firewall blocks
ssh traffic.

If you use Squid instead, there will still be normal appearing
web traffic, possibly on an alternate port, to a certain host
(the proxy server) outside China that isn't blocked. The real
destinations will then see the traffic as coming from that one
host outside China. Squid also doesn't help to proxy the dns
traffic like the ssh tunnel does.

The ssh method is so much simpler, more secure and useful (for
just shell sessions too, besides the proxy traffic) that I
definitely recommend it. This article for example:
seems to be a good description of how to set it up with the PuTTY
ssh client and firefox in Windows. On the ssh server, the default
settings should allow the proxying and there is no configuration
needed beyond the normal account setup. I hope this helps :)
Nick Schmalenberger
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.