Using Pi as a proxy server - experiences?

I am looking at using my Pi as a proxy server for for use during international travel.

Google gives me

formatting link
with what looks like a usable example.

Has anyone done this or similar?

Any other recommendations?

My ISP is Virgin and I have a Super Hub as my WiFi router.

TIA

Dave R

Reply to
David.WE.Roberts
Loading thread data ...

The Pi is somewhat slow for VPN use - no hardware encryption support.

Other than that, it's just another Linux box. You could just install squid on it and off you go if you weren't interested in encryption.

Gordon

Reply to
Gordon Henderson

I've used my Pi as a socks proxy using ssh, but only used Smoothwall for VPN. Using ssh as a socks proxy does not require that the client devices know how to do ssh, just that the apps on it can be configured to use such a proxy. If you only need to use the proxy for web access, an ssh socks proxy is the easiest to set up. All you need is ssh on the Pi and a suitable router config to forward the port you are going to use to the Pi. If your router supports it, have it forward a 4 digit port number of your choice to port 22 on the Pi, or, if your router has not such port mapping support, change the ssh port on the Pi to something in the 4 digit range. There is too much malware scanning for port 22 access to use that as a forwarded external port. Other than that, set up certificate based login if the remote device you are going to use supports that, so that you can disable password login for users from the internet and it should be reasonably secure.

That sort of setup gives you a chance in situations where you might be limited in terms of client software to implement VPN access. If you told us what type of remote client machine you intend to use (and its OS, if applicable) and what type of apps are going to use the connection, it would help us to be able to suggest something which may be more appropriate. Also, ssh includes encyption, so don't think you have to go to a VPN to have things encrypted.

--
    ??????????????? 
    ? ? ?     ?   ? 
 Click to see the full signature
Reply to
Jim Price

Be aware that the port you use could well be blocked by the hotel/cafe/whatever you are connecting from. Many only pass a (very) few well known ports. So mis-use something they would allow - https for example :-) And if anyone looks - well heck it's *supposed* to be encrypted.

--
Regards 
Dave Saville
Reply to
Dave Saville

internet cafes probably wouldn't allow you to modify the browser to use a proxy anyway.

The very use of any technology implies that the user has a machine under his or her control but the internet he runs over is not.

I.e. quite possibly a hotel or airport type wifi lounge with a laptop.

Pi perfectly reasonable as a squid proxy under these circs if for whatever reason the content you wish to explore is e.g. restricted to UK IP addresses only.

However if its down the back end of an ADSL link the overall speed will be limited by the ability of the Pi - or any other proxy - to stream proxied content UP the link top the remote user.

Give the expense of travel altogether, I would say a better way to achieve the result is to simply rent a virtual private server for the

up as an open proxy instead.

If I were to do that I would also ensure that proxy access was firewalled out and only ssh access was available. Then use that to open a proxy shaped hole in the firewall on a session basis.

You could even script that so that any ssh login that succeeds opens a hole in the (rest of the) firewall for the originating IP address, and closes it when the session finishes.

--
Ineptocracy 

(in-ep-toc?-ra-cy) ? a system of government where the least capable to  
 Click to see the full signature
Reply to
The Natural Philosopher

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.