[geeks] Encrypted Web Proxy

[Sridhar Ayengar]

Sheldon T. Hall wrote:
> This tip is how to use SSH port forwarding to browse the web at your
> favorite coffee shop (or hacker conference).
> 
> 1) Setup a machine on your home network.  If you don't have a static IP
> address, then use dynamic DNS.
> 
> 2) On this machine setup squid (http://www.squid-cache.org/) and bind it
> only to localhost.  Do this with the "http_port 127.0.0.1:3128" line in
> squid.conf.  This will prevent others on the Internet from abusing your open
> proxy.
> 
> 3) Setup SSHD on this machine.  And do yourself a favor, require SSH key
> authentication and run SSHD on a port that is NOT 22.  This will keep all
> those brute force SSH grinders from filling your log files.
> 
> 4) At the coffee shop, do ssh -p <sshd_port> -L3128:127.0.0.1:3128
> <user at IP>.  This will setup your SSH tunnel.
> 
> 5) The most critical piece is to configure your web browser to use a proxy.
> Host: 127.0.0.1; port 3128
> 
> 6) Surf away.  All your web surfing will be encrypted to your home box
> before travelling to the Internet.  Be advised that your outbound DNS
> requests are still sent to the local network unencrypted.  But you have at
> least prevented snooping and/or modification on the HTTP(S) traffic.
> 
> You can forward almost any standard TCP application though an SSH tunnel and
> OpenSSH has recently introduced lightweight VPN features.  But that's a
> topic for another day.
> 
> --- end quote ---
> 
> Now, I don't travel much thee days, so I haven't tried this myself, yet, but
> it seems easy enough.

This is the kind of thing I'm looking for, but I was hoping to use 
something smaller than Squid.  Preferably something where I could stand 
a chance of reading and understanding the source code quickly.  Squid is 
just a bit too big to do it in a reasonable amount of time.

Peace...  Sridhar