Dan Cameron - Latest Comments in What am I doing at Scattered

Re: What am I doing at Scattered

Nate — Fri, 25 Mar 2005 19:16:58 -0000

When your viewing porn and your boss walks into your office they can see what your doing. Busted!

Re: What am I doing at Scattered

Dan — Fri, 25 Mar 2005 17:32:05 -0000

So I have it set up and I am using my proxy server as we speak. But how secure is it? Can my work see what I am doing? Or capture packets?

It's pretty fast too, and now I can surf anywhere without a dumb filter hindering my gmail access or my porn access.

Re: What am I doing at Scattered

Dan — Fri, 25 Mar 2005 15:56:10 -0000

I got it to work.

YES.

I just need to check that I locked it down to my work ip only. Then Jared, we can look at my firewall soon. Or maybe you can check by using the ip on the tagboard.

Thanks.

Re: What am I doing at Scattered

Dan — Fri, 25 Mar 2005 14:54:45 -0000

Thanks, with the default set up can I use the ssh tunnel? It seems like I should, anyways what are the comands to do so. I will be playing with the config file today but I won't know the commands.

Re: What am I doing at Scattered

JaredB — Fri, 25 Mar 2005 14:33:33 -0000

Re: the security of the tunnel, etc. -
That's the great thing about the ssh tunnel; it doesn't matter what's between your computer and the ssh server, because all the packets that leave your pc are encrypted before they leave your pc, and only decrypted on your ssh server. Whether they have a proxy setup or not, they could log any and all the traffic you make anyway, the difference now is that if they did decide to do that all they would be capturing is the encrypted ssh traffic, so it would be useless to them.

The only thing to watch out for is that if you are tunneling everything (even non-private stuff) the admins might notice that your machine has an unusually high amount of traffic on port 22 (SSH) always going to the same server, and they could probably figure out what you're doing, or at least be suspicious even if they didn't know what you were doing. They still couldn't read your traffic, but they could try things like blocking that port (which is no problem since you can use any port, and it's unlikely they will block all ports). It's actually more likely that they would restrict you in a non-technical manner; ie: have your boss tell you to knock it off or you'll get fired. All that being said, a lot of admins do not monitor logs like they should, so they may not notice, and if they do, they might be cool and have no problem with it.

I will try to check out my squid configuration file later and pull out the relevant pieces that you need to watch out for. (It's been a while since I set it up). I could look at the firewall config too, if you want to call me on my cell phone or just give me the info next time I see you in person.

Re: What am I doing at Scattered

Dan — Fri, 25 Mar 2005 13:52:42 -0000

Also I have a module on my plesk that configures my firwall. If I give you my info can you log in and check it out, it's at its default right now and I can't figure out if it is setup correctly or if I need to start blocking some shiIt out.

Re: What am I doing at Scattered

Dan — Fri, 25 Mar 2005 13:46:57 -0000

I actually understood it. But I have a few questions. I would rather do it the way you are do it since I most likely will only be using this at work and it seems a lot more secure since I might screw something up if I configure squid wrong or even my firewall.
So,
What configuration do you have your squid set up with? That file is a mile and a half long.
What commands do you run in ssh to forward your port? Remember I am a newbie, 3 weeks old.

And I trust you when you say it is secure but if I use my work proxy to connect via ssh then tunnel my browser through ssh aren't I using my work proxy to connect to the box through ssh? Or is that the key behind tunneling because it is a direct connection bypassing the proxy at work.

Re: What am I doing at Scattered

JaredB — Fri, 25 Mar 2005 01:58:31 -0000

That page seems like a good start; now that it's installed all you really need to do is get familiar with the config file, which (I think) is pretty well commented, you might even be able to figure it out just by reading through the config file itself.

One extremely important point I would make is that you do *not* want to allow that port to be open on the firewall. Of course, the docs you read probably tell you that you do, because the idea (usually) is you set the browser on your workstation (lets call it "W") to point to the address of the server ("S"), and the appropriate port (3128 by default, but you can change this).

Actually, let me take one more step back and say that the first thing you need to do (and maybe you already have) is become *very* familiar with the firewall (iptables probably) configuration on the machine, and make *sure* that everything is closed except for ssh access. You can open up other ports (web, mail, etc) later, once you are more confident that you are doing it securely.

OK, back to the squid configuration. There are certainly ways that you can configure it to be accessible from the outside world (the W to S scenario described above) and restrict it to make sure it's only you that is using it (passwords, ip restrictions, etc.) but this is tricky, because if you slip up and misconfigure it, it will be an open proxy that other people can use/abuse since it's on a public server.

The way I do it on my server is that the port that squid is running on is not accessible from outside of that box, so neither I nor anyone else can set my browser to use my proxy server (directly). Rather, I will SSH into the server, and forward my local port 3128 to 127.0.0.1:3128 on the server. Then I set my browser's proxy to localhost:3128. To the browser, it appears that it is using a proxy server running on my laptop, when in reality, the SSH tunnel is forwarding that through to the port on the server it is connected to. So, from squid's point of view, I am using the proxy server from the local box, so both sides act as if everything is local, and the best thing is that the traffic between the two boxes is all encrypted through the SSH tunnel.

Confused yet?

Re: What am I doing at Scattered

Dan — Fri, 25 Mar 2005 00:03:28 -0000

I don't want to go through it now but I found this:
http://www.tldp.org/linuxfocus/English/March200...

You geeks think this is a good start?

Or is there just a couple things I need to configure?

Off to my PSP.

Re: What am I doing at Scattered

Dan — Thu, 24 Mar 2005 23:25:03 -0000

Okay cool so it's installed. now what?

Should I just be able to use the proxy server now, how would I set a different IP, or make sure my firewall is not blocking it?

If I set firefox to the proxy it doesn't work.

Re: What am I doing at Scattered

JaredB — Wed, 23 Mar 2005 21:53:51 -0000

Yes, the secret is finally out - Nate is a rocket scientist. I love those JPL jokes...

Re: What am I doing at Scattered

Nate — Wed, 23 Mar 2005 21:01:05 -0000

this link if you care to find out more. I bet OS X has a utility like rpm. It's probably better and easier to use, but rpm is the tool that Red Hat (rpm stands for Red Hat Package Manager I believe) and Fedora uses and I like it.

Just to get you started try:
$ rpm -qi squid
which should tell you a bunch about what you just installed. While your at it see that gcc is not installed:
rpm -qi gcc
but it's not hard to install the rpm if you really need it.

Re: What am I doing at Scattered

Dan — Wed, 23 Mar 2005 18:40:35 -0000

Okay I installed it with
rpm -Uhvf
Thanks guy from nasa (shown in the ip address), I guess really smart people like you guys really want to help newbie dumbasses like me.

So I installed it and it is in a couple directories in the system but where is the configure script? since I used the rpm I cannot find it.

Re: What am I doing at Scattered

JaredB — Wed, 23 Mar 2005 18:22:38 -0000

You probably only need the i386 one, unless you need to recompile in the future. Once you've got the .rpm on your system, you just do something like:

rpm -i whatever.rpm

Although you may want to check the documentation for the rpm command (man rpm), since I don't use that very much.

Re: What am I doing at Scattered

Anonymous — Wed, 23 Mar 2005 15:33:04 -0000

rpm -Uhvf

Re: What am I doing at Scattered

Dan — Wed, 23 Mar 2005 13:18:58 -0000

Okay I have the rpm. Which one do I need the src or the i386, I am guessing the i386.

After I upload it to the usr/local/ how do I run it? Or do I need to put it somewhere else?

Re: What am I doing at Scattered

JaredB — Wed, 23 Mar 2005 12:02:09 -0000

I still recommend trying a binary distribution, such as the RPMs at ftp://ftp.squid-cache.org/pub/contrib/RPM-v1.1/

No use in recompiling it unless you need to. I'm assuming that since Fedora descends from RedHat that it handles RPMs OK, although I could be wrong.

Re: What am I doing at Scattered

Dan — Wed, 23 Mar 2005 11:27:07 -0000

Nate is this "ls" a "one-s" or a "|-s" or a "l-s"
I am assuming it is an L
Anyways I tried them all and nothing.

Re: What am I doing at Scattered

Dan — Wed, 23 Mar 2005 11:23:10 -0000

/usr/lib/courier-imap/sbin:/usr/lib/courier-imap/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin

find / -name gcc -print 2/dev/null

Nothing

Re: What am I doing at Scattered

Dan — Wed, 23 Mar 2005 11:15:53 -0000

Fedora Core 2 is preinstalled on your server.

Newly installed Root-Servers always contain the latest security updates. For this
reason there might be slight deviations from this listing.

Kernel: 2.4.24
gcc: 2.95.4

Services:
sendmail MTA (Mail Transfer Agent)
sshd SSH Daemon
dhclient DHCP Client (Dynamic Host Configuration Protocol)
cron Cron Daemon
mysql Mysql Database
xinetd Internet Network Daemon
apache Apache Webserver
nfs Network-Filesystem Support
quota Harddrive Quota System
proftpd FTP Daemon

Versions:
apache-2.0.51
cyrus-sasl 2.1.18-2.2
glibc-2.3.3-27.1
iptables-1.2.9-2.3.1
mutt-1.4.1i
mysql-3.23.58
openssh-3.6.1p2-34
openssl-0.9.7a-35
perl-5.8.3
python-2.3.3

Partitions:
hda1: Linux
hda2: Linux swap
hda4: Extended
hda5: Linux
hda6: Linux
hda7: Linux

Re: What am I doing at Scattered

JaredB — Wed, 23 Mar 2005 03:45:29 -0000

Yes! There were already answers to this question before I even saw the post!

What distro is this again? (I know you mentioned FCS above, but I don't remember if that was on your side, or on the host server too) Depending on the distro, they may have binary packages available (rpm, etc) that don't require you to recompile the source at all; just a thought - I'm sure you already looked for this.

Re: What am I doing at Scattered

Dan — Wed, 23 Mar 2005 01:56:50 -0000

I will look into it tomorrow

Re: What am I doing at Scattered

Nate — Wed, 23 Mar 2005 01:30:23 -0000

$ echo $PATH
$ find / -name gcc -print 2/dev/null

Re: What am I doing at Scattered

Dan — Wed, 23 Mar 2005 01:25:44 -0000

I found usr/lib/gcc-lib

Re: What am I doing at Scattered

Dan — Wed, 23 Mar 2005 01:11:43 -0000

by the way what does the usr/bin hold? Are they files for installation. I see tomcat4 and java. that will be next.