setting up apache2 to serve as an SSL/TLS proxy for older systems?

Jeffrey Walton noloader at gmail.com
Sat Jul 25 16:15:05 UTC 2020


On Sat, Jul 25, 2020 at 11:59 AM Ken Cunningham
<ken.cunningham.webuse at gmail.com> wrote:
>
> I have a home network set up like most everyone else:
>
> 192.168.N.N --> Router --> Internet
>
>
> When older systems behind the firewall try to access newer SSL/TLS  servers, via macports or safari or other, they can generate errors as they don't support new protocols.
>
> I am wondering if I can use Apache2 or Squid or SOCKS or something else to proxy these outgoing requests through a current machine, using their current SSL/TLS support, and send them back to the client in a format they understand.
>
> When I have tried following web setup procedures for Squid, for example, it doesn't seem to work, but that could be my inexperience with this.
>
> Is this possible, if I were to keep plugging at it?

You should be able to do it with Squid. I don't know about Apache.

I've found troubleshooting NAT at your ISP's router can be a pain. My
most recent Verizon router does not seem to allow me to port forward
to hosts behind their router. I had to setup an "Internet Host" (or
"DMZ Host") and forward all inbound traffic to my internet host. Then,
at my internet host, I could NAT to hosts in my network. (My internet
host is a pfSense firewall).

In your case, setup the internet host and put Squid on it.

Turn on logging at the ISP router. Make sure you see the client
hitting the router, and the traffic being passed to your internet
host. Once you know all traffic is being forwarded to your internet
host, then you can troubleshoot Squid.

Attached is what the "Internet Host" (or "DMZ Host") looks like under Verizon.

Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot from 2020-07-25 12-13-51.png
Type: image/png
Size: 108904 bytes
Desc: not available
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20200725/4ccb59ab/attachment.png>


More information about the macports-users mailing list