I've setup squid proxy st time on centos 5.This is my current setup.squid.conf:Quote:acl our_networks src 192.168.10.0/24 ttp_access allow our_networksQuote:
internet -- modem -- Firewall --switch--squid proxy (192.168.10.100)
--client workstation ((192.168.10.200)
(client workstation is connected to the same switch as the squid proxy)
[code]...
Currently my DHCP Server is working now what i want to have is auto detection of squid proxy in any browser but I still got an error in my dhcp server when I restart it.
My Config:
# DHCP configuration generated by Firestarter
ddns-update-style interim;
ignore client-updates;
[code]....
At the moment I have a proxy and all the users have to configure it in the browser to access internet. I want to make the users able to browse even without configuring the proxy in the browser. but eventually it should be received in the proxy rather than giving an error to the user. I heard with transparent proxy I can redirect all the traffic from a particular network, to a particular host( ie my existing proxy).
I tried this using firewall rules. But then the existing proxy doesn't understand the protocol of the requests. I heard that it should be in the kind of proxy protocol.
I've been trying to make myself anonymous, but I cant find 'Tor' anywhere, tried 'yum & kpackagekit' neither have it. I did find 'Privoxy', installed it, set proxy for HTTP and HTTPS in Firefox, but it says 'unknown proxy' when I try to use it! I've been to the Privoxy web site and read through the 'User manual', but most of it is 'geek' to me!
View 8 Replies View RelatedI'm running proxoid (tethering app for android) which operates using a proxy server.
I set the system-wide proxy settings and they seem to work for most part except not on Google Chrome and Opera. Firefox works fine though flash is never detected. I get a 105 "NAME NOT RESOLVED" error on Chrome.
Also whenever I install something using apt-get, it tells me that the packages cannot be authenticated.
I am trying to set up my squid3 proxy as a transparent proxy - right now, I have to manually configure browsers to access via proxy. I understand that I have to put some rules into Iptables and also some further directives in the squid.conf.
I have a couple of specific questions. The proxy server is running on a Ubuntu 10.04 workstation and this machine also acts as a dhcp server for the network. I have just one subnet , namely 192.168.0.1-254 There is only 1 network card. Is it much easier to put in a second network card or is it just as easy to configure the existing lan card as a dual IP?
Is it necessary to configure these 2 IP's ( whether they are via 2 lan cards or dual IP on single card ) to be on different subnets. i.e ETH0 192.168.0.1 and ETH1 192.168.1.1 or is ok to have something like ETH0 192.168.0.1 and ETH1 192.168.0.254 ( where ETH0 is the one facing the LAN and ETH1 points to the modem router / switch i.e The Internet ) Where specifically do I save the Iptables rule configuration file and what must I call it ?
I've been doing some security testing in a lab environment that does not have direct internet access. It's actually a little complicated: From home to connect to my lab machine, I
1. SSH to machineA.
2. SSH from machineA to machineB
where machineB is my actual lab machine. neither machineA or machineB allow anything other than SSH, and machineB is only accessible from machineA. However, I really need to run yum on machineB. I have managed to get internet access via Firefox on machineB by creating a series of SOCKS proxy via SSH.
1. machineB: ssh -L 12345:localhost:12345 user@machineA
2. machineA: ssh -D 12345 user@machineC
3. machineB: configure firefox to use socks proxy, localhost, 12345
where machineC has internet without limits placed. This is the only way I have managed to get internet working. I tried using ssh -L all the way from machineB->machineA->machineC but it didn't work (even when setting Firefox to use http proxy). I tried using ssh -D all the way, but again that doesn't work either.
I do have access via Firefox using socks proxy. However, yum update fails to retrieve mirror list, and from what I have found I don't believe yum supports socks proxy directly. Instead, it uses http_proxy / ftp_proxy. how to get yum to go out over the SOCKS proxy I created (same one using in Firefox)? It seems like since Firefox can access the internet and everything without issues, i should be able to get yum to tunnel through the same connection to access everything.... I tried
[URL]
is there a way to force wget to use a specific squid proxy when making connections ? - I use a squid proxy normally, but I need this specific request to go via a different one. I dont have to use wget, I just need a way to test squid's blocking rules by requesting various pages through it, this proxy is not my normally proxy on the network and so I cant rely on wget taking the environment variable.
Also, this is as part of a script, so anything that avoids editing wget config files would be best. - Perhaps curl can do this ? - currently im using the exit code of wget to determine if the connection was made.
I have Fedora Core 13 running. I have successfully (I think) installed squid, although I may have it configured incorrectly. I can ssh into the box from work via putty, but I can't use the proxy. I get a message "the connection to the server was reset while the page was loading" I can use the proxy from my home network, and have watched the tcpdump for port 3128 while using the proxy. I have turned off iptables completely (I'm not sure yet how to just allow squid)...
View 3 Replies View RelatedI have to set up a proxy for my work's network. No computer except the proxy has a direct internet connection. The proxy will NOT be transparent so it authenticates with Active Directory and allows or denies pages. The squid proxy is up, and working accordingly, denying and allowing what's needed to who's needed. BUT! Thunderbird and Outlook didn't work, so in less than 10 minutes I was forced to fall back.
I read googling a lot, and searching a bit here about socks, which seems to be what I need but also that squid is already a socks proxy. Web pages were the concern, it's not needed that other stuff is authenticated, it might as well be transparent for Outlook, Thunderbird and other programs *for example, it's not needed to block a Warcraft III game, though, allowing it explicitly is not the point either* but as of now, none can connect *haven't actually tried Warcraft though, but stuff like Adobe's updater didn't work either and I recall someone mentioned Windows Live messenger didn't either* The Squid Proxy is a CentOS.
I am working on fc10. I connect to internet using two connections: with proxy and without proxy. Initially I had some problem in configuring yum for proxy and I resolved it by creating files proxy.sh and proxy.csh in /etc/profile.d with the required details (export_proxy).Now when I connect to my connection without proxy I have some problems .Whenever I try to do yum update I get the following error:
"[URL]: [Errno 12] Timeout: <urlopen error timed out> Trying other mirror. Error: failure: repodata/primary.xml.gz from adobe-linux-i386: [Errno 256] No more mirrors to try." what changes do I need to make in order to use yum in the connection without proxy?
I want to forbid a user to make changes to preferences of iceweasel, specifically to modify proxy settings of the browser. Although user should still be able to use the browser.
I assume these settings are stored in some file on a harddrive? If so, what is this file and can i simply make it read-only for users? Or any other solution?
how do i set the proxy in fedora and also editing the update location from the add or remove software in fedora 15.
View 1 Replies View RelatedI just installed the Lucid server, set IP address, Default gateway and Preferred DNSs and need to be able to use apt-get. Right now this is not possible and my guess is that I have not set the proxy used in my LAN (which is 192.168.255.60:8080) cause I have no clue how to do it.I can ping every other machine locally but not on the Internet...
View 8 Replies View RelatedI want to set up a web proxy on my laptop so I can access the net from my cell phone without using verizon's proxy. I don't understand exactly how proxies work, but I was wondering if this is possible to set up a proxy without a domain.
View 3 Replies View RelatedWhen setting up an SSH proxy, I know you can configure Firefox to route DNS requests through the proxy. Is this possible from linux directly? I'm trying to use wget through the proxy, including DNS lookups.
View 3 Replies View RelatedI have a netbook running Fedora 10 that i use for work, whilst at work i move around allot of schools. Each have varying proxy settings etc... So i was wondering if it was possible to set the system proxy (the one in System->Preferances->Internet And Network->Network Proxy) from bash. That way i can write a script that looks at my IP (each school has a diff ip e.g. 10.x.y.z) and then sets the system proxy accordingly.
View 6 Replies View Relatedi setup yum to use my proxy (/etc/yum.conf , /etc/profile.d / KDE network setting)and it works great.
but rpm does not.(the command rpm) how do i setup rpm to use the same proxy yum is setup with ??
I'm having an issue on multiple Lucid boxes where I can't get proxy ARP to work. This is to be used in conjunction with openswan IPSec. I've enabled forwarding and disabled sending/accepting ICMP redirects for each interface as per openswan's requirements. I've added the proxy arp lines for all, default, eth0, and lo to sysctl.conf:
Code:
net.ipv4.conf.eth0.proxy_arp = 1
I then connect the IPSec client, and I have connectivity to the server. When I try to ping (or otherwise access) something else on its subnet, I reach the intended target, but then it ARPs for the sending machine, and the Ubuntu server doesn't respond to the ARP.
I have an ARP entry that looks like this, added via arp -s 192.168.254.100 -D eth0 -i eth0 pub:
Address: 192.168.254.100 (the correct virtual IP for the client)
HWtype: *
HWaddress: <from_interface>
Flags Mask: MP
Iface: eth0
Best I can tell, everything is in order... I can listen in with wireshark on the server and see that it's receiving the ARPs, but I can't get it to respond to them.
On Ubuntu, I know that a user can set a global proxy setting (through a gui, Network Proxy) which will affect all protocols (right?). However, I have set up a server box (no gui) and would like for most of its ports to not go through a proxy. Instead, I'd only like the activity that transmission-daemon does (but not the web UI) to go through a proxy. Is this in any way possible?
View 2 Replies View RelatedI have been struggling to configure a squid proxy server on my ubuntu 11.04 VPS.
Following these instructions[URL].. it is all good BUT I don't want to have to SSH tunnel into the server. Just want to have a proxy set in my proxy server settings in firefox/chrome. Even lock the proxy to certain static IP addresses so no one else can use it except IPs I designate.
1. Can this be done without a VPN or SSH tunnel ?
2. What is the best way to put some security on the proxy server ?
Setting up an Internet proxy In the past I had set a computer to act as an Internet proxy. This would be multihomed, and running dansguardian, tinyproxy and firehol. Then webmin would be used as interface. By time I realised that this system is far from effective. Is there some other way to setup a proxy to be placed between users and the Internet? I would like (the admin) to be able to see in which sites users go and have a lot of control on access..
View 2 Replies View RelatedI have been ssh tunneling, which works great.I can browse the internet by simply tunneling my traffic through my SSH server.the following command: ssh -ND 9999 username at myserver.i cant postlinks.is all I have type, and I can connect to a SOCKS proxy server on localhost:9999.My problem is that I have an application that only supports HTTP proxies.Is there any way I can get it tunneling over the socks proxy?
View 4 Replies View Relatedtrying to configure a transparent proxy with squid (and filter content with dansguardian) in Debian/Ubuntu. If i configure firefox to use it, it runs ok. I had seen a lot of iptables rules to use fowarding proxy to a lan, but i would like to use squid and dansguardin in a single pc that run them and filter web content.
View 5 Replies View RelatedI dont know my question is right or wrong.I want to know can i use apache as a proxy .Is there any relation between apache and squid proxy.
View 1 Replies View RelatedHow can I forward ssl protocol to another proxy with iptables or squid or something?I want to forward ssl protocol to xxx.xxx.xxx.xxx:443 when get ssl request from clients
=======n Windows I am OK with Mozilla browser:I can choice ssl protocol from Tools => options => Advanced => Network => setting => manual proxy configuration => ssl proxy:xxx.xxx.xxx.xxx:443this is OK for me How can I setup in linux for clients?(no need for manual choice ssl proxy in client browser)
I am using FC11. My problem is whatever application that needs access to the internet are blocked by company's proxy server. So, configuration is like
my_machine---------> firewall ----------> outside world..google and etc
Now, If I am using firefox then I have configured it to use proxy server and required login details and etc. But, my eclipse, ssh, git and all those needs internet connection as well... Is there anything like which sets all details (proxy server, user name and passwd) system wide ? So that I dont have to pass it to each application...
I can bypass our firewall in IE. They use wildcards, like 10*. I've tried 10.100.0/16, but am still getting to our firewall. How can I specify the correct settings for Firefox?
View 4 Replies View Relatedthere is a proxy server running on some machine on some specific port. so we connect to proxy to establish the connection over the internet.
now is it possible to connect to internet without connecting to proxy?
I have a problem in Eclipse for accessing update sites (for plugins). I am behind a NTLM proxy. Strangely, this proxy asks for a password while in Linux but not when in Windows�
To get around this annoying password issue, I already setup a working cntlmd proxy. I can use this proxy for mounting a remote DavFS2 share, for example. But the issue I have with Eclipse seems to involve proxy configuration. So I decided a transparent proxy could solve this issue. I installed tinyproxy on top of cntlmd, and added the following rule to the firewall:
Code:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to 8888
Now, I can configure Firefox for direct access to the Internet, and display a web site only if I give this web site's IP instead of its name! I surmise that it's because when configured for direct access, Firefox performs DNS lookups using the local (intranet) DNS, instead of squeezing its lookups through the proxy and accessing a broader DNS (I wonder which). How can I make all DNS lookups go transparently through the transparent proxy?
