Vitriolic Humor: May 2005 Archives

From the default configuration, I make the following changes to my squid.conf file

http_port 0.0.0.0:3128
cache_dir null /tmp
(for non-caching proxy)
or
cache_dir ufs /squiddir 5300 16 256
(for caching proxy, use a separate disk spindle where possible, separate controller channel if available.)
acl our_networks src (My class C)/24 127.0.0.1
http_access allow our_networks
cache_mgr root
cache_effective_user squid
cache_effective_group squid

Start the squid service (as root: 'service squid start' on Fedora) and you should have a functional proxy (caching or non-caching, as you chose in your configuration file.

Be sure your firewall is blocking port 3128 from the public Internet, or you will be in for a big surprise.

Point your favorite browser at (your proxy's IP address) port 3128 (unless you chose a different port in your configuration) and you'll be ready to browse through the proxy.

Rather than opening up port 3128 to the public Internet, I would strongly suggest configuring an ssh tunnel from wherever you are back to your proxy.

For SSH.com Secure Shell, the settings are:
Listen Port: 3128
Destination Host: 127.0.0.1
(assuming that the box you are ssh'ing to is your proxy, otherwise specify the IP address of the proxy in as seen from the box you are SSH'ing to (usually the private, local network IP address) here.)
Destination Port: 3128
Allow Local Connections Only: Yes
Type: tcp

For PuTTY the settings are:
Source Port: 3128
Destination: 127.0.0.1:3128
(Select "Local" radio button)

Again, 127.0.0.1 assumes the box you are creating an SSH session to is the same box running the proxy. If they are two separate boxes, specify the IP address you would use to connect between box1 and box2 (probably your NAT'd local, private IP address.)

You can choose to use a hostname here, but be sure your ssh target box knows your proxy box by this DNS name for it to work. The DNS reference is between you ssh target and proxy, not necessarily the same reference as returned by a public DNS query on the Internet.

Connect an SSH session with the correct tunneling settings, point your browser's proxy settings to 127.0.0.1:3128 and you should be browsing through your proxy. Opera will show you this on the status line "Sending request to www.slashdot.org (your.proxy.ip.here)". Firefox doesn't seem to show this by default.

All you browser developers, I'm still waiting for a nice standard "Proxy On/Off button" to be built into a browser, default view, default installation. Opera had a nice check box feature that can be added to a tool bar. Works great, but I lost the URL to where to get it.

instructions browser ssh fedora core 5 fc5 open source http configuration server ssh2 fc3 redhat how-to guide httpd linux distribution diy proxy through ssh security technology management howto proxy manage proxy over ssh software core managing fc4 squid distributions installation web home fedora core proxy thru ssh fedora fedora core 4 setup fedoracore fedora core 3 putty

Posted by speedeep at 12:00 PM | Permalink | Comments (1)

I was out early this morning (6:30am, sun had risen), snapping pictures of whatever caught my eye. Nicer part of town, nice homes, click, snap, click, snap, when this lady approaches me:

"What are you taking pictures for?"

I thought of several great smart ass retorts along the lines of "because I want to, toss off!", "so I can remember this god-forsaken city when I leave it", "I'm casing your house", "What are you asking me questions for?". I decided to be polite (just this once!) and explain to her that I'm a photographer and I was taking pictures of the architectural details that caught my attention. I do that now and again. She smiled and moved along.

Now I don't fault her for her "Neighborhood Watch"-sytle due diligence, but more and more these days, I feel like an accused criminal taking pictures. Everybody wants to know what I'm doing, why, who am I taking pictures for, how will they be used, etc. I know we're post-9/11, I know we're all on high alert, but everywhere I go it seems I questioned for taking pictures. I'm not that suspicious, I don't photograph surreptitiously, I make absolutely no bones about what I'm doing.

I think I'm going to have a set of cards printed out that say:

David Morrison Photographer
I photograph beautiful things. I photograph ugly things.
Patterns, colors, shapes, shades, details, generalizations.
People, places, things. Structures, cultures, history.
I photograph whatever catches my eye.
I'm photographing right now, please do not disturb me.

If you are interested, you can see my work at:
http://photo.transmit.net/

Thanks.

It may be the only way I can politely deal with inquiries. One of these days I won't be able to suppress my inner smart ass, and I'll get myself in trouble...

[Edit, April 12, 2005]
I think I've come up with a new approach to handling this subject: If someone interrupts my photography, I'm not going to interrupt my flow, I'll just take a picture of them and post it on-line. Boy I can't wait to see the next person's response...
[End Edit]

For those unfamiliar with my photography, please visit:

My personal website, with 4500+ of my photos online:
http://www.transmit.net/gallery/

And on flickr.com:
http://www.flickr.com/photos/speedeep/archives/date-taken/2005/detail/

photography pain criminial photo projects crime 911 civil rights photographer's rights photographer curious travel problems life politics difficulty anger art query work inquisitive photoblog digital annoyance criminal photography rights technology annoy

Posted by speedeep at 10:56 AM | Permalink | Comments (1)

Vitriolic Humor

A stream-of-thought blog on programming, web development, digital photography, fast motorcycles and anything else that strays across my neurons...

May 19, 2005

Running a Squid proxy on Fedora Core 3 / 4 : notes on implementation and configuration

May 9, 2005

What are you taking pictures for?