how difficult would it be to get astaro to use SSL with squid? is this even possible? does IE or other browsers support this or will you have to us something like stunnel?
do you mind telling me specifically how you got it working or maybe point me to a howto somewhere? I've never used ssh to setup a tunnel. I've only used it as a replacement for telnet.
do you mind telling me specifically how you got it working or maybe point me to a howto somewhere? I've never used ssh to setup a tunnel. I've only used it as a replacement for telnet.
of course, you'll need an ssh client if your're on windows.
Putty should work, and it's free.
I use SecureCRT from VanDyke (work paid for it)
They also make a product just for tunneling, without terminal emulation, so you don't have to leave a terminal window open if you don't want.
if you're gonna use squid on ASL, make sure you have astaro's localhost (127.0.0.1) allowed to talk to squid.
you may have to setup a network definition for localhost.
btw, asl uses 8080 for squid, not the 3128 default I mentioned earlier.
thank you for pointing me in the right direction. Unfortunately the way I have my network setup makes things a little less straight forward and I have few questions.
First let me explain my network. I have an astaro box plugged into my cable modem. I also have a windows box and a e-smith box plugged into a switch that's pluged into a network card in the astaro box that i have designated as a dmz.
I have dnat'ed and firewall rules set up to allow ssh port 22 to go to the e-smith box.
I have ssh'ed into the e-smith box and can telnet to port 8088 (my astaro box's squid port). That connects fine. I also have authentication setup for squid which may or may not be causing part of my problem. Once I have closed this session, I've gone into putty and added under the tunnel section: source port 7222 destination: mydomain:8088 Then relogged into ssh.
(at this point in typing this question, I had an epiphany. I am still going to post this so it may help others.)
Next I went into my browser and put localhost:7222 in my proxy settings. that didn't work.
so I tried to telnet to localhost:7222 and that didn't work either.
My epiphany was that once connected to my mail server (e-smith) through shh the tunnel address had changed to my local DMZ address of my astaro box.
so I change my tunnel destination address to 192.168.x.1:8088 in putty. Then tried to telnet after reconnecting and it worked! Loaded settings in my browser and now i'm surfing again.
I really appreciate all your help! We use websense here at work and it always blocks the sites that I want to go to, not to mention all the logging that done. Now I'm surfing censorship free and encrypted!
