[vox-tech] squid proxy server & client configuration to bypass GFW

Nick Schmalenberger nick at schmalenberger.us
Thu Oct 27 04:39:18 PDT 2011


On Thu, Oct 27, 2011 at 03:34:00AM -0700, Kristen Eisenberg wrote:
> hello all:
> 
> Here is the thing. A friend of mine in China wanted to access Google's
> android developer site, unfortunately since Google stopped business in
> China, its tech sites seemed also being blocked by the Great Firewall.
> 
> So he asked me for a solution. I checked and it seems Squid proxy is the way
> to go.
> 
> I've instlled Squid on my Ubuntu 9.10 home server, however, the
> configuration seems complex in both server and client (I presume it's a
> browser).
> 
> Now the question: if my sole purpose is to allow my friend to access certain
> websites throu the proxy server, what info I need from him and how to config
> the /etc/squid/squid.conf? What I need to let him know so that he can do his
> part to make the connection?
> 
> I did some google, and start wondering if the ssh tunneling or firefox
> configureation is part of this effort?
> 
> Anyway, I am really out of depth in this domain - the question might sound
> silly, but any help is greatly appreciated.
>
ssh tunneling would be an alternative to squid. Although I don't
have direct experience with it in China, ssh tunneling has been
quite successful for me in the past. The idea is the ssh client
running on the computer in China is the proxy server, probably
listening to localhost. Firefox or another browser is configured
to use the proxy server (the foxyproxy extension helps with it in
firefox) and the all of the firefox http, https and dns traffic
goes through the proxy, over the ssh tunnel and eventually
appears to be coming from the ssh server (outside of China). The
only thing to stop this from working, is if the firewall blocks
ssh traffic.

If you use Squid instead, there will still be normal appearing
web traffic, possibly on an alternate port, to a certain host
(the proxy server) outside China that isn't blocked. The real
destinations will then see the traffic as coming from that one
host outside China. Squid also doesn't help to proxy the dns
traffic like the ssh tunnel does.

The ssh method is so much simpler, more secure and useful (for
just shell sessions too, besides the proxy traffic) that I
definitely recommend it. This article for example:
http://www.extremetech.com/computing/93106-escaping-the-firewall-with-an-ssh-tunnel-socks-proxy-and-putty/
seems to be a good description of how to set it up with the PuTTY
ssh client and firefox in Windows. On the ssh server, the default
settings should allow the proxying and there is no configuration
needed beyond the normal account setup. I hope this helps :)
Nick Schmalenberger


More information about the vox-tech mailing list