How to access Facebook behind firewall using Squid

Posted under » Ubuntu » Linux » LAMP Security updated on 17 April 2023

If you have money and are not are not technically inclined, get a VPN or proxy service. It will cost about US$8 a month. However, even VPN is likely blocked by your IT dept. If you have admin access to a linux (Ubuntu) server then Squid worth a try.

You may need to install Squid 1st. Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Cache will speed up your downloads. Squid is also an ACL (access control list).

Sometimes your IT dept, prevents you from changing your host file (for your own good) on your PC. At the workplace, they use the corp DNS for staff to access corporate intranet that resides on their network private IPs or at the cloud. On the other hand, you want to access Facebook that (may) is blocked by the firewall/DNS so you have to bypass that by creating your 'own DNS' by connecting to a Squid PC.

You don't need a powerful squid server. On your squid server outside your office network you

$ apt-get install squid //or
$ apt-get install squid squid-common

Common installation is preferred. You can modify the configuration later for allowing more access like via HTTP etc. The config file is at /etc/squid3/squid.conf Best that you make a copy of this standard config in case you mess it up later. A good idea is to set your Squid server to listen on TCP port 8675 instead of the default TCP port 3128, change the http_port directive as such: http_port 8675

To stop and start

$ /etc/init.d/squid restart
$ service squid stop
$ service squid status
$ service squid stop

You may want to verify the status of the service with

$ systemctl status squid

To find out which port squid is running

$ netstat -plant

Following are the some important squid file locations you should be aware of:

• Squid configuration file: /etc/squid/squid.conf
• Squid Access log: /var/log/squid/access.log
• Squid Cache log: /var/log/squid/cache.log

It is a good idea to change the default port 3128 in the config to another if you have need to use several tunnels.

Since the title is about Facebook, the next step is to create a SSH tunnel.

$ ssh -D 8675 username@sshd_server

You can kill the connection via looking for the pid.

$ ps -ax  | grep ssh

If you are using windows, you can use Putty

• Create a session like SSH and save it
• then go connection > SSH > Tunnels
• Source port : 3128 (if squid default)
• Choose dynamic
• Choose auto
• then press add button. You will see D3128
• save settings
• then connect as usual. disconnect and proxy will not work

Once tunnel is done, you need to know how to use it. My browser of choice is Mozilla Firefox. You can use a plugin like Foxyproxy as shown below.

• then go options > advanced > networks > settings >
• select manual proxy config
• socks host : localhost
• & port : 8675
• select socks 5

In Windows, if you use IE, Chrome and Safari use the main connection's manager where you can adjust the proxy. Since this tunelling is via socks, you cannot use

export http_proxy=http://proxy.server.com:8675/

Instead use this

ALL_PROXY=socks://localhost:8675/

That's it, you can now go to Facebook. You might also want to check your new IP or http://www.ipaddresslocation.org/.

If you want to open up squid to http, then read this.