Can my Gentoo box act as a secure proxy and how?
August 25, 2010 2:26 PM   Subscribe

How can I go about setting up a Gentoo server as a secure proxy?

I have a server with the latest version of Gentoo on it, which at present I am using for testing. It has Apache/PHP/MySQL/FTP etc running. What I would now like to do (if this is possible) is set it up to act as a secure proxy so that I can tunnel through it from an insecure network.

For example... I work for company A. I am (for reasons I won't go into) forced to access the internet through a hotspot controlled by my bitter rivals at company B. Anything I send over this connection can and will be intercepted and checked. Is there a way that I can prevent this by securely connecting to my remote server, and then having that relay all my traffic out on its connection? The server is connected to the internet and locatable as it uses a dynamic ip service. (no-ip.com)
posted by Biru to Computers & Internet (9 answers total)
 
Make an SSH tunnel over your insecure connection, and set up your server at home as a SOCKS proxy using Squid.
posted by mkb at 2:30 PM on August 25, 2010


If you already have SSH enabled on the server, you can tunnel through that easily without setting anything up at all. You SSH in, saying you want to set up a dynamic SOCKS proxy, and you can can set Firefox to use that proxy. Here are some instructions. No need for Squid, the SSH client and server handle it all.
posted by zsazsa at 2:31 PM on August 25, 2010 [1 favorite]


So...

1. open SSH tunnel
2. set Firefox to use server as proxy
3. ???
4. Profit!

Is it really as easy as that? I have sshd running on the server. Would there be any advantage/disadvantage to running squid? I understand it does a bit of caching as well, which may help?
posted by Biru at 2:45 PM on August 25, 2010


Yeah, what zsazsa said.

Do note that while the traffic will be encrypted, it will be pretty clear that you're using a proxy since all your traffic will coming from/going to a single machine. It is very possible that you're going to get some ... "feedback" ... from the folks running the hotspot.
posted by redyaky at 2:48 PM on August 25, 2010


Seems I didn't search as well as I should have. this thread appears to answer quite specifically what I am attempting to do. Thanks for your help anyway guys.
posted by Biru at 2:49 PM on August 25, 2010


If you are doing this to avoid network monitoring, you'll probably want to set network.proxy.socks_remote_dns in your Firefox config (or the equivalent using another browser)
posted by madajb at 3:28 PM on August 25, 2010


Cheers for the tip madajb. To clarify, I don't care so much that the providers of the hotspot know I'm encrypting my traffic. I'd have told them that for the asking, I simply want to be sure that the traffic itself is not readable to those running the hotspot.
posted by Biru at 3:30 PM on August 25, 2010


There is a better option depending on your definition of better. A full SSH VPN setup.
Ubuntu page, there are others if you google 'ssh vpn'.

Basic idea is that you have ssh setup the tun0 devices on both ends of the connection, turn on forwarding on the remote side, then just configure a network between them and add routes. This is what I use from home to my work desktop and it's quite nice. *ALL* your network traffic (except the vpn tunnel itself) is encrypted and passes through your server.
posted by zengargoyle at 4:29 PM on August 25, 2010 [1 favorite]


I was able to test this tonight. These are the steps I used for a successful tunnel/proxy:

1. Set up SSHD on Gentoo Box, open the SSH port (22) on the router and route to the Gentoo box
2. On my laptop (Windows), download Putty.
3. Open a shell using putty to my Gentoo box, ensuring that in the options for SSH tunneling is enabled and a port assigned (any port is fine).
4. Set Firefox to use that port on localhost as its proxy.
5. Profit!

Full and detailed instructions here.
posted by Biru at 6:26 AM on August 30, 2010


« Older Sleeping is giving in   |   Using a French Oven without an Oven? Newer »
This thread is closed to new comments.