Sergey, I do not control the destination ports, my servers communicate to servers at other companies. In some cases, there are SFTP communications I must perform on 443.
Tim On Oct 12, 2014, at 8:08 AM, Sergey Tsabolov ( aka linuxman ) <serg...@greeklug.gr> wrote: > Hello, > About ports for SSH I think the best way add SSH server running on 2222 or > 4444 ports and not need to change the https 443 ports with ssh ports. > Is the simple way and not need the change the https way. > > On 12/10/2014 02:48 πμ, Timothy Spear wrote: >> Hello, >> >> Here is the issue: >> I can proxy through Squid just fine to HTTP and HTTPS. I can also run SSH >> via Corkscrew to a SSH server running on port 443 and it works fine. >> What I cannot do, is access HTTPS or SSH on any other port except 443. I >> have lost track of the number of things I have tried so any help will be >> appreciated and I feel like I am missing something simple. >> OS: Ubuntu 14.04.1 LTS >> Squid: 3.3.8-1ubuntu6.1 >> >> Here is my current Squid 3 configuration: >> >> >> debug_options all,3 >> >> # local network we proxy for >> acl localnet src 10.110.98.0/24 >> >> # what ports can be the desitnation >> acl allowedPorts port 21 >> acl allowedPorts port 22 >> acl allowedPorts port 2222 >> acl allowedPorts port 80 >> acl allowedPorts port 443 >> acl allowedPorts port 8443 >> >> acl CONNECT method CONNECT >> >> # determine the available sites >> acl allowedSites dstdomain "/etc/squid3/allowed-sites.squid" >> >> # now block anything not on the localnet or ports >> http_access deny !localnet >> >> # allow connect only for approved ports >> http_access deny CONNECT !allowedPorts >> >> # now only allow to the specific sites >> http_access allow localnet allowedSites allowedPorts >> >> http_port 3128 >> access_log /var/log/squid3/access.log squid >> hosts_file /etc/hosts >> >> >> Background (just FYI): >> I am trying to setup Squid to control network access from a local subnet to >> a select number of domains. I do not need to bump the encrypted traffic and >> play man in the middle, I just need to prevent the servers on the local >> network from accessing unauthorized networks. Yes, I know I can do this in >> the Firewall, but that is IP based and I am dealing with enough other >> companies that maintaining the IP list has become a major pain. Instead I >> want to use domains, which I can do in Squid. >> >> Thanks, >> >> Tim >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users > > -- > -------------------------------------------------------------------------------------- > Don't send me documents in .doc , .docx, .xls, .ppt . , .pptx > Send it with ODF format : .odt , .odp , .ods or .pdf . > Try to use Open Document Format : http://el.libreoffice.org/ > Save you money & use GNU/Linux Distro http://distrowatch.com/ > ----------------------------------------------------------------------------------------- > First they ignore you, then they ridicule you, then they fight you, then you > win!!!
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
