B, I was going to attach the logs, but I now feel like an idiot. :D The jump box I am running Squid on, currently only allows 80 and 443 outbound. I recalled this when I went to scp the log files and the connection was refused.... I detest overlooking things like this. Sometimes, you really need question any assumptions.
Tim On Oct 12, 2014, at 11:11 AM, crazy world <crazywo...@outlook.com> wrote: > Do you have the log for the connection when you can't access? Other than 22 > and 443 as you said. > > Thanks, > > -B > > Subject: Re: [squid-users] SSL/SSH/SFTP/FTPS to alternate ports > From: n61...@gmail.com > Date: Sun, 12 Oct 2014 10:49:05 -0400 > CC: n61...@gmail.com; squid-users@lists.squid-cache.org > To: crazywo...@outlook.com > > Here is the access log. I should have included it in the original post. This > is accessing a test machine I setup to hit SSH on 22 and 443. I can also hit > HTTPS on multiple other ports. > > 1413125068.706 87 10.110.98.21 TCP_MISS/503 0 CONNECT XXX.XXXX.com:22 - > HIER_NONE/- - > 1413125086.496 8061 10.110.98.21 TCP_MISS/200 3657 CONNECT XXX.XXXX.com:443 > - HIER_DIRECT/54.68.15.208 - > > Yes, my intent in the rule set is to provide a list of allowed ports and > sites. > > Tim > > On Oct 11, 2014, at 11:37 PM, B <crazywo...@outlook.com> wrote: > > check out your access log seeing what it says. Sounds like you are looking > for an AFW from squid. The ports themselves are defined. You need to make > sure the other ports are opened. > > Your rule tells squid to block the non-allowed sites to the non-allowed > ports. Still sounds like FW function, but with the domain feature only. > > -B > On 10/12/2014 7:48 AM, Timothy Spear wrote: > Hello, > > Here is the issue: > I can proxy through Squid just fine to HTTP and HTTPS. I can also run SSH via > Corkscrew to a SSH server running on port 443 and it works fine. > What I cannot do, is access HTTPS or SSH on any other port except 443. I have > lost track of the number of things I have tried so any help will be > appreciated and I feel like I am missing something simple. > OS: Ubuntu 14.04.1 LTS > Squid: 3.3.8-1ubuntu6.1 > > Here is my current Squid 3 configuration: > > > debug_options all,3 > > # local network we proxy for > acl localnet src 10.110.98.0/24 > > # what ports can be the desitnation > acl allowedPorts port 21 > acl allowedPorts port 22 > acl allowedPorts port 2222 > acl allowedPorts port 80 > acl allowedPorts port 443 > acl allowedPorts port 8443 > > acl CONNECT method CONNECT > > # determine the available sites > acl allowedSites dstdomain "/etc/squid3/allowed-sites.squid" > > # now block anything not on the localnet or ports > http_access deny !localnet > > # allow connect only for approved ports > http_access deny CONNECT !allowedPorts > > # now only allow to the specific sites > http_access allow localnet allowedSites allowedPorts > > http_port 3128 > access_log /var/log/squid3/access.log squid > hosts_file /etc/hosts > > > Background (just FYI): > I am trying to setup Squid to control network access from a local subnet to a > select number of domains. I do not need to bump the encrypted traffic and > play man in the middle, I just need to prevent the servers on the local > network from accessing unauthorized networks. Yes, I know I can do this in > the Firewall, but that is IP based and I am dealing with enough other > companies that maintaining the IP list has become a major pain. Instead I > want to use domains, which I can do in Squid. > > Thanks, > > Tim > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
