On 11.12.2012 01:56, abdul rafi wrote:
> Hello all,
>
> I am using squid 2.7 as a forward proxy on a windows 2003 server.
>
> I need to establish a remote connection to the internet server
> 188.x.x.x on port 3306 from my local IP 10.1.1.1. (to connect to
> mysql
> database)
>
> Do I need to use tcp_outgoing_address tag in the config file as
> marking the port as 'Safe_ports' is not allowing the connection to
> establish? If not then what should I do? I am trying to find a
> solution from so many days and still no luck :(
>
> Below is my squid acl configuration;
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 3306 # remote connection
> acl CONNECT method CONNECT
>
> http_access deny !Safe_ports
> http_access allow Safe_ports
You have now created an "open proxy". Where anyone who can reach it has
unlimited access to use *HTTP* to relay any type of traffic to one of
those ports.
> http_access allow CONNECT !SSL_ports
The correct way to permit CONNECT tunnels to 3306 is:
acl SSL_ports port 3306
However, it is extremely doubtful that your MySQL client is using *HTTP
protocol* to connect to your MySQL server. There is a dedicated MySQL
proxy available as art of MySQL you will want to look at instead of
using Squid.
Amos
Received on Mon Dec 10 2012 - 22:27:05 MST
This archive was generated by hypermail 2.2.0 : Tue Dec 11 2012 - 12:00:05 MST