1

I am trying to setup a private forward proxy in a small server. I mean to use it during a conference to tunnel my internet access through an ssh tunnel to the proxy server.

So I created a virtual host inside apache-2.2 running the proxy, the proxy_http and the proxy_connect module. I use this configuration: 

<VirtualHost localhost:8080>
        ServerAdmin xxxxxxxxxxxxxxxxxxxx
        ServerName yyyyyyyyyyyyyyyyyyyy

        ErrorLog /var/log/apache2/proxy-error_log
        CustomLog /var/log/apache2/proxy-access_log combined

        <IfModule mod_proxy.c>
                ProxyRequests On
                <Proxy *>
                        # deny access to all IP addresses except localhost
                        Order deny,allow
                        Deny from all
                        Allow from 127.0.0.1
                </Proxy>
                 # The following is my preference. Your mileage may vary.
                 ProxyVia Block
                ## allow SSL proxy
                AllowCONNECT 443
        </IfModule>
</VirtualHost>

After restarting apache I create a tunnel from client to server: 

#> ssh -L8080:localhost:8080 <server address>

and try to access the internet through that tunnel: 

#> links -http-proxy localhost:8080 http://www.linux.org

I would expect to see the requested page. Instead a get a "connection refused" error. In the shell holding open the ssh tunnel I get this:

channel 3: open failed: connect failed: Connection refused

Anyone got an idea why this connection is refused ?

arkascha
  • 168
  • 1
  • 8

2 Answers2

3

I agree with CanOfSpam3 that using -D8080 is a better option then setting up a proxy with Apache. However, to answer your question, I would guess you have missed the Listen line in Apache to listen to port 8080 in addition to the usual ones. <VirtualHost> alone does not make Apache listen to the IP:Port mentioned, you also need to ask Apache to listen on that with Listen. Here's the reference from Apache

Raymond Tau
  • 682
  • 3
  • 16
2

Raymonds answer is most likely (without seeing the rest of your config) the problem you're having with the apache portion.

Have you looked at using the SSH Socks tunnel? Instead of -L8080:localhost:8080 you could -D8080, which would using socks let you tunnel anything socks compliant. So for your example, you should be able to ssh -D8080 <server address> then links -socks-proxy localhost:8080 http://www.linux.org which would cut the apache server out of the mess and still have you pop out of <server address>.

CanOfSpam3
  • 51
  • 4