Open in app

Sign in

Write

Sign in

Forward Proxy to another proxy

Kenichi Shibata
2 min readJun 8, 2017

--

If you are in a corporate computer not directly connected to the internet, But connected to a outside network with a tunnel to the internet then you might need to double forward your traffic.

Case Study

Local Computer → Firewalled Connection → Github (access denied)

Local Computer → External Network (no direct internet) → NAT Server (not firewalled with internet access)

Description

The first connection is the default firewalled connection which is given in your corporate network. However, as you see basic connection to git servers like github over the https protocol is not allowed.

There is another network available an External Network with no direct internet access but instead uses a NAT server to connect to the internet. So how do we use the second connection to connect to the internet without Firewall restriction?

What we need

Our end result should be a direct connection from local computer to the NAT Server

Local Computer → Nat Server

Solution

First of all we need to install a squid forward proxy to proxy our traffic to the external network instead of the firewalled connection

Allow access to our computer or set of computer using this guide

Squid proxy server quick start

Here is a quick start plan for installing the squid-cache.org proxy server. Squid is a caching proxy server that uses…

itknowledgeexchange.techtarget.com

Second since we have access to the NAT server from the external network do the same thing in there. Install a squid forward proxy and configure it

Our network should now look like

Local Computer → External Network (Squid1) → NAT Server (Squid2)

Now we can use unrestricted connection to the Internet from the External Network but not from the Local Computer

Lastly to finish our setup to the internet we have to add some tweaks to the squid1 configuration so it will forward all the traffic to squid2

# on squid1
vi /etc/squid/squid.conf# add the following statements
cache_peer NAT Server IP parent 3128 0 no-digestnever_direct allow all

Hook it up

Now test it on you local computer browser by setting proxy to Squid1:3128 port. And check your ip on ipinfo.com.

Chrome Proxy

How to change or disable your proxy in Chrome | ExpressVPN

A proxy server is an intermediary between your computer and the Internet, often used to hide your real location and…

www.expressvpn.com

Firefox Proxy Settings

How to set up Mozilla Firefox to use proxy server

Select the Tools menu from the menu bar, and from there Options

www.aston.ac.uk

If your ip is now NAT Server’s public IP then you should now have unrestricted access to the internet

VPN
Squid
Firewall
Proxy

--

--

Kenichi Shibata

Written by Kenichi Shibata

432 Followers

Git Ninja! Linux Nerd. Javascript evangelist. AWS Architect. Software engineer. Kubernetes Mentor and Architect

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams