When you are connected to a third party internet access you can be subject to:
- Network spying of your web browsing;
- Web filtering for certain countries.
The purpose of this page is to describe how to combine squid and a single ssh tunnel to secure your web browsing without configuring a full VPN service. Of course you need a Mandriva 2009 server at home connected h24 to the Internet or the ability to wake it up remotely.
Squid is a web proxy. The web proxy is between the web browser and the internet. Normally it can do web caching or things like that. Here we will only use its ability to perform HTTP request instead of your web browser.
SSH tunnel allows you to forward a port from one computer to another using an encrypted layer. This is a very interesting feature. Here, it is used to hide both the protocol and the content. The Squid port 3128 will be forwarded from your home computer to your laptop through the Internet. You will then be able to access Squid at the address localhost:3128 but HTTP request will be sent from your home computer. SSH tunnel can be done through the linux SSH commands or from other operating systems (see excellent putty for windows).
Final step is to configure your web browser to use the proxy localhost:3128. Now when you request an URL, firefox ask it to localhost:3128, this is forwarded encrypted to the squid daemon on your home computer, Squid will sent the request to the site and download the result and finally, the result is sent back to your web browser through the SSH tunnel. The third party will only see encrypted packets and actions on the Internet will be performed from your home. Your web browsing is now secure and filters less.
Illustred example: GeoIT Tool from a hotel in Washington.
Firefox proxy settings:
And now a nice scent of camembert 
Main drawback of this is third party often close the SSH port.
Let’s see now how to set things up:
Server part:
Install the sshd package and use drakconf to start it automatically during computer start up and open the sshd port (22) in your firewall. Depending on you configuration you should also forward the ssh port in your router/internet box.
Installing squid for this simple purpose if very easy. All you have to do is install the squid package and, through drakconf, set the service to start automatically during start up. The default squid configuration is to restrict access to local network which is exactly what we want since the SSH tunnel will go directly to your computer.
Client part:
To establish the tunnel just type in:
#ssh -L 3128:localhost:3128 server_login@server_ip
That’s it.
Note: When connecting from a hot spot you may be ask to register be fore being able to access the internet. In such case you must disable the proxy setting for this step, establish the ssh connexion and set re-enable the proxy.
