On 11.12.2012 01:56, abdul rafi wrote:
Hello all,
I am using squid 2.7 as a forward proxy on a windows 2003 server.
I need to establish a remote connection to the internet server
188.x.x.x on port 3306 from my local IP 10.1.1.1. (to connect to
mysql
database)
Do I need to use tcp_outgoing_address tag in the config file as
marking the port as 'Safe_ports' is not allowing the connection to
establish? If not then what should I do? I am trying to find a
solution from so many days and still no luck :(
Below is my squid acl configuration;
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 3306 # remote connection
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access allow Safe_ports
You have now created an "open proxy". Where anyone who can reach it has
unlimited access to use *HTTP* to relay any type of traffic to one of
those ports.
http_access allow CONNECT !SSL_ports
The correct way to permit CONNECT tunnels to 3306 is:
acl SSL_ports port 3306
However, it is extremely doubtful that your MySQL client is using *HTTP
protocol* to connect to your MySQL server. There is a dedicated MySQL
proxy available as art of MySQL you will want to look at instead of
using Squid.
Amos
