How to access Facebook behind firewall using Squid

Posted under » Ubuntu » Linux » LAMP Security on 17 January 2011

For sure this is not as simple as it sounds. The easiest way is to use a proxy server.

If you have money and are not are not technically inclined, get a VPN or proxy service. It will cost about US$8 a month. There are free services that offer a work-around but its unsatisfying.

However, if you have admin access to a linux (Ubuntu) server then Squid is the way to go.

You may need to install Squid 1st. Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Cache will speed up your downloads. Squid is also an ACL (access control list).

Sometimes it's not safe to change your host file or DNS file on your PC so connecting to a Squid PC with the changed host file is preferable.

So its not just for accessing Facebook. At the workplace, this tunneling is often used to access corporate intranet that resides on their network private IPs.

apt-get install squid //or
apt-get install squid squid-common

Common installation is preferred. You can modify the configuration later for allowing more access like via HTTP etc. The config file is at /etc/squid3/squid.conf Best that you make a copy of this standard config in case you mess it up later.

A good idea is to set your Squid server to listen on TCP port 8675 instead of the default TCP port 3128,
Change the http_port directive as such: http_port 8675

To stop and start

/etc/init.d/squid3 restart 
service squid3 stop
service squid3 status
service squid3 stop

You may want to verify the status of the service with.

systemctl status squid

To find out which port squid is running

netstat -plant

Following are the some important squid file locations you should be aware of:

Since the title is about facebook, the next step is to create a SSH tunnel. If you are using windows, you can use putty. If you are using Ubuntu, then use Gnome SSH Tunnel Manager.

Or using the ssh tunnel command

ssh -D 3128 username@sshd_server

You can kill the connection via looking for the pid.

ps -ax  | grep ssh

Putty is a bit tricky so here is an explanation.

Once tunnel is done, you need to know how to use it.

My browser of choice is Mozilla Firefox. You can use a plugin like Foxy proxy or you want to do the manual way.

In Windows if you use IE, Chrome and Safari, there it is by using the main connection's manager where you can adjust the proxy.

Since this tunelling is via socks, you cannot use

export http_proxy=http://proxy.server.com:3128/

Instead use this

ALL_PROXY=socks://localhost:3128/

That's it, you can now go to facebook. You might also want to check your new IP or http://www.ipaddresslocation.org/.

If you want to open up squid to http, then read this.

If you want to read about TSOCKS read this.

web security linux ubuntu python django git Raspberry apache mysql php drupal cake javascript css AWS