Change the default listening port for the USS Gateway proxy

Updated 6 months ago by admin

This article explains how to change the default listening port for the USS Gateway proxy.

In this example, the steps will demonstrate changing the default listening port from 8080 to 50000.

From the Gateway CLI ensure you are logged into the root account; this is achieved via the command: sudo su then entering the password.

  1. Ensure you have logged in to the USS Gateway command line
  2. Elevate permissions to root by typing: sudo su and entering the password.
  3. Add the following lines to the proxy override configuration file using nano or vi e.g. nano /usr/local/uss-squid5/etc/squid.conf.pre-override
http_port 50000 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=32MB cert=/usr/local/uss-squid5/ussgw.pem options=SINGLE_DH_USE,SINGLE_ECDH_USE tls-dh=prime256v1:/usr/local/uss-squid5/dhparam.pem
acl is_proxy_http myportname 50000

Please note that the above should appear on two lines e.g.

http_port 50000 ........ dhparam.pem
acl is_proxy_http myportname 50000
  1. Next, restart services or reboot the Gateway. To restart, run these commands in order:

service ussgw_sysmond stop

service ussgw_sysmond start

service uss-squid5 stop

service uss-squid5 start

  1. Confirm that the proxy service (squid) is listening on the new port 5000 as well as 8080.

sudo netstat -anpt | grep squid

 It should appear in the first few lines:

tcp        0      0 0.0.0.0:3128            0.0.0.0:*               LISTEN      1674/(squid-1)      

tcp        0      0 0.0.0.0:3129            0.0.0.0:*               LISTEN      1674/(squid-1)      

tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      1674/(squid-1)      

tcp        0      0 0.0.0.0:50000           0.0.0.0:*               LISTEN      1674/(squid-1) 

  1. Optionally, block access to port 8080 if it is no longer required (note this does not persist reboots - for more information see this article)

iptables -A INPUT -p tcp --dport 8080 -j DROP

After completing these steps you will now be able to proxy HTTP/HTTPs requests to port 50000. 


How did we do?