Monthly Archives: July 2025

Squid and client proxy

This document outlines the steps to set up and configure Squid on a VPS, and then use SSH tunneling to create either a SOCKS5 proxy or an HTTP proxy accessible from your local machine, including your LAN.

1.Install squid on vps

1.1 Install squid

To install Squid on your Virtual Private Server (VPS), use one of the following commands based on your Linux distribution:

For centos/rhel:

sudo yum install squid

or

For debian/ubuntu:

apt-get install squid

After installation, start the Squid service:

service squid start

 

1.2 SSH Parameter Explanation for Port Forwarding on your laptop

  • Local Port Forwarding (-L): This tunnels an HTTP/HTTPS port.

-L [LOCAL_BIND_ADDRESS:]LOCAL_PORT:REMOTE_HOST:REMOTE_PORT

 

  • Dynamic Port Forwarding (-D): This creates a dynamic application-level port forwarding, typically for SOCKS proxies.

-D [LOCAL_BIND_ADDRESS:]LOCAL_PORT

 

  • -N: Do not execute a remote command (useful for just forwarding ports).
  • -f: Go to background after authentication.

 

 

2.Use SOCKS5 proxy

This section describes how to establish a SOCKS5 proxy using SSH dynamic port forwarding.

2.1 SOCKS5 Proxy Accessible Only on Localhost

By default, the SOCKS5 proxy created listens only on your loopback interface (127.0.0.1) on your laptop.

powershell -command “ssh -NfD 3128 username@VPS_HOST”

 

This command sets up a SOCKS5 proxy on your local machine, listening on port 3128.

Result: You can connect to 127.0.0.1:3128 from your laptop, but not to your LAN IP (e.g., 192.168.1.106:3128).

Table 1.Connection status  from local or LAN of your laptop

Command status
Telnet hostname 3128 NOT connected
Telnet 127.0.0.1 3128 connected

 

2.2 SOCKS5 Proxy Accessible on All Network Interfaces (including LAN)

To allow other devices on your LAN to connect to the SOCKS proxy, specify 0.0.0.0 as the bind address.

powershell -command “ssh -NfD 0.0.0.0:3128 username@VPS_HOST”

  • -D 0.0.0.0:3128: This specifies dynamic application-level port forwarding.
    0.0.0.0 tells SSH to bind the SOCKS proxy to all available network interfaces on your laptop, and 3128 is the local port it will listen on.

Result: SSH will listen for connections on all available network interfaces on your laptop, including your LAN IP (e.g.,  192.168.1.106).

Table 2.Connection status  from local or LAN of your laptop

Command status
Telnet hostname 3128 connected
Telnet 127.0.0.1 3128 connected

 

 

3.Use HTTP proxy

This section details how to establish an HTTP proxy using SSH local port forwarding.

3.1 HTTP Proxy Accessible Only on Localhost

This setup forwards a local port on your laptop to the Squid proxy running on your VPS’s localhost.

powershell -command “ssh -NfL 1080:localhost:3128 username@VPS_HOST”

  • -L 1080:localhost:3128: This local port forwarding ensures that any traffic coming to your laptop’s port 1080 will be forwarded through the SSH tunnel to localhost:3128 on your VPS.
  • Caution: The remote VPS can use localhost or 127.0.0.1 to connect to itself.

Result: You can connect to 127.0.0.1:1080 from your laptop, but not to your LAN IP (e.g., 127.0.0.1:1080). All traffic from 127.0.0.1:1080 will go through the SSH tunnel to localhost:3128 by your Squid proxy on the VPS.

Table 3.Connection status  from local or LAN of your laptop

Command status
Telnet hostname 1080 NOT connected
Telnet 127.0.0.1 1080 connected

 

 

3.2HTTP Proxy Accessible on All Network Interfaces (including LAN)

To make the HTTP proxy accessible to other devices on your LAN, you need to bind the local port to 0.0.0.0.

powershell -command “ssh -NfL 0.0.0.0:1080:127.0.0.1:3128 usename@VPS_HOST”

  • -L 0.0.0.0:1080:127.0.0.1:3128: This specifies a local port forwarding to tunnel an HTTP/HTTPS port.
    • 0.0.0.0: This is the bind address on your local laptop, making the HTTP proxy accessible from all interfaces, including your LAN IP (e.g., 192.168.1.106).
    • 1080: This is the local port on your laptop that you will connect to. You can choose any unused port (e.g., 1080, 8118, etc.).
    • 127.0.0.1: This is the destination address on the VPS, telling SSH to connect to the Squid proxy running on the VPS’s localhost.
    • 3128: This is the port Squid is listening on on the VPS.

Result: Any traffic coming to your laptop’s port 1080 will be forwarded through the SSH tunnel to 127.0.0.1:3128 on your VPS. You can now connect to your 1080 port using your LAN IP.

Table 4.Connection status  from local or LAN of your laptop

Command status
Telnet hostname 1080 connected
Telnet 127.0.0.1 1080 connected