Re: Updating ports tree with subversion behind an http proxy server

[dweimer]

On 2012-10-05 10:16, dweimer wrote:

I am working on switching from updating my systems with csup to
subversion, for the systems I have behind a proxy server.  When I was
using csup, I used an SSH connection, tunneling the 5999 port through
the proxy server.  Now that I am looking at subversion, I have found
the ~/.subverison/servers file, edited the [global] section removed
the comment # from the front of the http-proxy-host and
http-proxy-port lines, and added the correct values.
Realizing I may still have to add some configuration settings to
allow the subversion http methods through to the proxy, I went ahead
and tried to run a test check out command.  However it doesn't try to
hit the proxy server, I just get an immediate no route to host error
returned.
I know the server has access to the proxy, I was able to use pkg_add
with the necessary environment variables to add subversion to this
system.  The system is a fresh clean install of FreeBSD 9.0-release,
with only the packages added for subversion.  Looking at the proxy
server logs the check out doesn't log anything, which leads me to
believe that svn isn't reading its configuration file, or is simply
ignoring the http-proxy-host and http-proxy-port lines.
Has anyone setup one of their FreeBSD systems to use subversion
behind an http proxy, and know what I am missing?


Never mind, turns out I was just doing something stupid, had to use svn 
co http:// instead of svn co svn://...


--
Thanks,
   Dean E. Weimer
   http://www.dweimer.net/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Updating ports tree with subversion behind an http proxy server

[dweimer]

I am working on switching from updating my systems with csup to 
subversion, for the systems I have behind a proxy server.  When I was 
using csup, I used an SSH connection, tunneling the 5999 port through 
the proxy server.  Now that I am looking at subversion, I have found the 
~/.subverison/servers file, edited the [global] section removed the 
comment # from the front of the http-proxy-host and http-proxy-port 
lines, and added the correct values.
Realizing I may still have to add some configuration settings to allow 
the subversion http methods through to the proxy, I went ahead and tried 
to run a test check out command.  However it doesn't try to hit the 
proxy server, I just get an immediate no route to host error returned.
I know the server has access to the proxy, I was able to use pkg_add 
with the necessary environment variables to add subversion to this 
system.  The system is a fresh clean install of FreeBSD 9.0-release, 
with only the packages added for subversion.  Looking at the proxy 
server logs the check out doesn't log anything, which leads me to 
believe that svn isn't reading its configuration file, or is simply 
ignoring the http-proxy-host and http-proxy-port lines.
Has anyone setup one of their FreeBSD systems to use subversion behind 
an http proxy, and know what I am missing?


--
Thanks,
   Dean E. Weimer
   http://www.dweimer.net/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Transparent SOCKS proxy (server side)?

[David Naylor]

2009/1/6 Mel :
> On Tuesday 06 January 2009 10:07:17 David Naylor wrote:
>> 2009/1/6 Mel :
>> > On Tuesday 06 January 2009 05:49:22 David Naylor wrote:
>> >> Hi,
>> >>
>> >> My ISP's NAT, unfortunately, does not work more than it does.  This is a
>> >> problem as I need to provide 'direct' internet access for the computers
>> >> inside my network.
>> >>
>> >> I would like to set up a transparent SOCKS proxy (similar to transparent
>> >> HTTP proxy, aka squid) on the server.  Does anyone know how to do this
>> >> (and which ports to use)?  This needs to be a server side solution since
>> >> I am unable to implement this on the clients...
>> >
>> > http://www.freshports.org/net/dante/
>>
>> As far as I know dante can only be made "transparent" with the use of
>> client side software (such as the libsocks.so libraries under *nix) and not
>> from the server side (i.e. tunneling the traffic through a SOCKS proxy).
>> The way I think of
>> it is similar to NAT (in the capturing of traffic)?
>>
>> Or am I missing something?
>
> In pf terms: rdr traffic, or use something like this:
> http://bayxao.wordpress.com/2007/03/18/transparent-socks-proxy-client/

The above link only talks about client side solutions.  I could see how rdr
(which I understand to be the same as NAT?) could work, except it needs
to be redirected to a program that then routes the traffic through the socks
server?  I have not been able to find such a program (and the above socks
clients only act as a wrapper for other programs?).

Perhaps a simple program that gets the redirected incoming traffic [like
squid does] but then just connects to the destination server (with a socks
wrapper doing the routing through the socks server)??? Or just a socks
based solution?

David
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Transparent SOCKS proxy (server side)?

[Mel]

On Tuesday 06 January 2009 10:07:17 David Naylor wrote:
> 2009/1/6 Mel :
> > On Tuesday 06 January 2009 05:49:22 David Naylor wrote:
> >> Hi,
> >>
> >> My ISP's NAT, unfortunately, does not work more than it does.  This is a
> >> problem as I need to provide 'direct' internet access for the computers
> >> inside my network.
> >>
> >> I would like to set up a transparent SOCKS proxy (similar to transparent
> >> HTTP proxy, aka squid) on the server.  Does anyone know how to do this
> >> (and which ports to use)?  This needs to be a server side solution since
> >> I am unable to implement this on the clients...
> >
> > http://www.freshports.org/net/dante/
>
> As far as I know dante can only be made "transparent" with the use of
> client side software (such as the libsocks.so libraries under *nix) and not
> from the server side (i.e. tunneling the traffic through a SOCKS proxy). 
> The way I think of
> it is similar to NAT (in the capturing of traffic)?
>
> Or am I missing something?

In pf terms: rdr traffic, or use something like this:
http://bayxao.wordpress.com/2007/03/18/transparent-socks-proxy-client/

-- 
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Transparent SOCKS proxy (server side)?

[David Naylor]

2009/1/6 Mel :
> On Tuesday 06 January 2009 05:49:22 David Naylor wrote:
>> Hi,
>>
>> My ISP's NAT, unfortunately, does not work more than it does.  This is a
>> problem as I need to provide 'direct' internet access for the computers
>> inside my network.
>>
>> I would like to set up a transparent SOCKS proxy (similar to transparent
>> HTTP proxy, aka squid) on the server.  Does anyone know how to do this (and
>> which ports to use)?  This needs to be a server side solution since I am
>> unable to implement this on the clients...
>
> http://www.freshports.org/net/dante/

As far as I know dante can only be made "transparent" with the use of client
side software (such as the libsocks.so libraries under *nix) and not from the
server side (i.e. tunneling the traffic through a SOCKS proxy).  The
way I think of
it is similar to NAT (in the capturing of traffic)?

Or am I missing something?

David
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Transparent SOCKS proxy (server side)?

[Mel]

On Tuesday 06 January 2009 05:49:22 David Naylor wrote:
> Hi,
>
> My ISP's NAT, unfortunately, does not work more than it does.  This is a
> problem as I need to provide 'direct' internet access for the computers
> inside my network.
>
> I would like to set up a transparent SOCKS proxy (similar to transparent
> HTTP proxy, aka squid) on the server.  Does anyone know how to do this (and
> which ports to use)?  This needs to be a server side solution since I am
> unable to implement this on the clients...

http://www.freshports.org/net/dante/
-- 
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Transparent SOCKS proxy (server side)?

[David Naylor]

Hi,

My ISP's NAT, unfortunately, does not work more than it does.  This is a 
problem as I need to provide 'direct' internet access for the computers 
inside my network.  

I would like to set up a transparent SOCKS proxy (similar to transparent HTTP 
proxy, aka squid) on the server.  Does anyone know how to do this (and which 
ports to use)?  This needs to be a server side solution since I am unable to 
implement this on the clients...

I know there is a Linux specific program that does this, called KSB 
[http://ksb.sourceforge.net] that looks like what I would like, except the 
wrong OS :-(

Regards

David


signature.asc
Description: This is a digitally signed message part.

RE: Restart Squid proxy server

[Johan Hendriks]

>Hallo,

>How to restart the squid proxy server in freebsd?

>Thanks...


Use the following command
/usr/local/etc/rc.d/squid restart

Regards,
Johan Hendriks
Double L Automatisering

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Restart Squid proxy server

[Ruel Luchavez]

Hallo,

How to restart the squid proxy server in freebsd?

Thanks...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Authenticating proxy server with fine tuned controls

[Craig Russell]

Hi-
I am looking for an authenticating transparent proxy server with tiered access. 
 ie, A user who logs into the proxy can access sites based upon group 
membership; group1 has unfettered access to the internet, group2 gets filtered 
access.  Ideally, I'd like to be able to setup groups for various sites and 
add/subtract users to allow access to various internal sites.

As a diagram, I'd like to do this:

Group1:Unfettered access to internet
Group2:Filtered access to internet
Group3:Access to internal website x
Group4:Access to internal website y

If user1 is in Group1 and Group3 they can access the internet and internal 
website x
If user2 is in Group2 they can only access filtered websites.
If user3 is in Group2 and Group4 they get filtered internet access and access 
to internal website y


Is their an open-source or commercial product that provides for this type of 
granular control of access?

I've setup squid with authentication before, although it was several years ago, 
but I didn't need to have that granular of a control set.


Thanks,

Craig



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: My Proxy Server(Squid) in FreeBSD 5.4 used to be hang

[Tek Bahadur Limbu]

Hi Prakash,


Prakash Poudyal wrote:

Hello Everybody,

I have IBM Server which consists of FreeBSD 5.4 and its consist of Squid for
running proxy server. After running for 2 or 3 days it canonot be  ping the
server and also does provide the service but you know when I go and access
that server directly it start to work. It would not be hang , it start to
work. I donot what is its problem. So please could give me some idea related
to it.


Without providing some technical aspects of your server and squid 
configurations, it's difficult for us to help you resolve your problems.


Are you running squid transparently?

Please post your squid.conf and the output of "sysctl -A".

Also describe your network topology. Are you running some kind of 
firewall in your Squid box?


What's the output from the command:

netstat -m


What does your cache.log and access.log say?



Thanking you...



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






--

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

System Administrator

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal

http://www.wlink.com.np
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

My Proxy Server(Squid) in FreeBSD 5.4 used to be hang

[Prakash Poudyal]

Hello Everybody,

I have IBM Server which consists of FreeBSD 5.4 and its consist of Squid for
running proxy server. After running for 2 or 3 days it canonot be  ping the
server and also does provide the service but you know when I go and access
that server directly it start to work. It would not be hang , it start to
work. I donot what is its problem. So please could give me some idea related
to it.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: How to make good Squid(Proxy ) Server in FreeBSD 5.4 ?

[Prakash Poudyal]

Thank you Tek,

I will try best to do it, else I will mail you again. Thank you very much.

Sincerely yours,
Prakash

On 8/27/07, Tek Bahadur Limbu <[EMAIL PROTECTED]> wrote:
>
> Hi Prakash,
>
> Prakash Poudyal wrote:
> > Hello Everybody,
> >
> > Can anybody give me idea related to configure the squid (proxy server).
> I
> > need to know hhow much I need to fix the cache memeory . My machine
> consist
> > of 2 GB Ram and dual processor . And operating system is FreeBSD 5.4.
> And I
> > do have client more than 500 and most of them are research orriented.
> And
> > also I am trying to configure another proxy server as for the parent
> proxy.
> > So please tell me how to make parent proxy as well. So please give me
> some
> > idea or tips so that I could run the server properly and my clients
> would
> > have a good smile in there face.
> >
>
> Configuring a Squid proxy server is a long and enduring process. Also it
> depends upon what you want to achieve. A high hit ratio rate, fast
> median service times, etc. There is no shortcut in setting up a proxy
> server. As time goes on, you need different settings to tune it. What
> worked today might not work tomorrow.
>
> With FreeBSD, you have an 2 options to install Squid. Either from ports
> or source.
>
> If you are install Squid from source, the following options might help:
>
> '--enable-removal-policies=lru heap'
> '--enable-storeio=coss,ufs diskd null aufs' '--enable-delay-pools'
> '--enable-snmp' '--enable-cache-digests' '--with-large-files'
> '--enable-large-cache-files' '--enable-kill-parent-hack'
>
>
> Also, I suggest you to go with the latest version of Squid which is
> squid-2.6.14 currently.
>
> Version-2.6 is extremely CPU friendly.
>
> Regarding the cache_mem parameter, just use 32 MB for a default option.
>
> A system with 2 GB of memory and Dual processor should be able to handle
> 500 or more customers.
>
> Regarding a parent-child hierarchy using Squid, just configure and
> install the parent Squid as you would do normally.
>
> In your child Squid proxy, just add the following lines in your squid.conf
> :
>
>
> cache_peer ParentProxyIP   parent 3128  3130
>
> That should do it for a basic parent/child relationship.
>
> Your Squid Port and ICP port might be different.
>
> Hope it helps.
>
>
> Thanking you...
>
>
>
>
> > Thank you,
> >
> >
> >
> > Prakash
> > ___
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "
> [EMAIL PROTECTED]"
> >
> >
> >
>
>
> --
>
> With best regards and good wishes,
>
> Yours sincerely,
>
> Tek Bahadur Limbu
>
> (TAG/TDG Group)
> Jwl Systems Department
>
> Worldlink Communications Pvt. Ltd.
>
> Jawalakhel, Nepal
>
> http://www.wlink.com.np
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: How to make good Squid(Proxy ) Server in FreeBSD 5.4 ?

[Tek Bahadur Limbu]

Hi Prakash,

Prakash Poudyal wrote:

Hello Everybody,

Can anybody give me idea related to configure the squid (proxy server). I
need to know hhow much I need to fix the cache memeory . My machine consist
of 2 GB Ram and dual processor . And operating system is FreeBSD 5.4. And I
do have client more than 500 and most of them are research orriented. And
also I am trying to configure another proxy server as for the parent proxy.
So please tell me how to make parent proxy as well. So please give me some
idea or tips so that I could run the server properly and my clients would
have a good smile in there face.



Configuring a Squid proxy server is a long and enduring process. Also it 
depends upon what you want to achieve. A high hit ratio rate, fast 
median service times, etc. There is no shortcut in setting up a proxy 
server. As time goes on, you need different settings to tune it. What 
worked today might not work tomorrow.


With FreeBSD, you have an 2 options to install Squid. Either from ports 
or source.


If you are install Squid from source, the following options might help:

'--enable-removal-policies=lru heap'
'--enable-storeio=coss,ufs diskd null aufs' '--enable-delay-pools' 
'--enable-snmp' '--enable-cache-digests' '--with-large-files' 
'--enable-large-cache-files' '--enable-kill-parent-hack'



Also, I suggest you to go with the latest version of Squid which is 
squid-2.6.14 currently.


Version-2.6 is extremely CPU friendly.

Regarding the cache_mem parameter, just use 32 MB for a default option.

A system with 2 GB of memory and Dual processor should be able to handle 
500 or more customers.


Regarding a parent-child hierarchy using Squid, just configure and 
install the parent Squid as you would do normally.


In your child Squid proxy, just add the following lines in your squid.conf:


cache_peer ParentProxyIP   parent 3128  3130

That should do it for a basic parent/child relationship.

Your Squid Port and ICP port might be different.

Hope it helps.


Thanking you...





Thank you,



Prakash
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






--

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal

http://www.wlink.com.np
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

How to make good Squid(Proxy ) Server in FreeBSD 5.4 ?

[Prakash Poudyal]

Hello Everybody,

Can anybody give me idea related to configure the squid (proxy server). I
need to know hhow much I need to fix the cache memeory . My machine consist
of 2 GB Ram and dual processor . And operating system is FreeBSD 5.4. And I
do have client more than 500 and most of them are research orriented. And
also I am trying to configure another proxy server as for the parent proxy.
So please tell me how to make parent proxy as well. So please give me some
idea or tips so that I could run the server properly and my clients would
have a good smile in there face.

Thank you,



Prakash
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: pop3 proxy server (antispam/virus)

[PeterPluta]

Not sure what you're looking for. But i've done something like it with
postfix, amavisd-new, and dovecot. You can spread the load to 3 different
servers or more if needed. Example box 1 (postfix), box 2 (amavisd-new,
spamassassin, clamav), box 3 (dovcot).


Roberto Pereyra wrote:
> 
> Hi all !!
> 
> Somebody knows a pop3 proxy server to use for spam/virus filter ?
> 
> My users have his pop3 accounts in a external server (ISP).
> 
> Thanks in advance.
> 
> roberto
> 
> 
> -- 
> Ing. Roberto Pereyra
> ContenidosOnline
> http://www.contenidosonline.com.ar
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
> 
> 

-- 
View this message in context: 
http://www.nabble.com/pop3-proxy-server-%28antispam-virus%29-tf3804500.html#a10771377
Sent from the freebsd-questions mailing list archive at Nabble.com.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

pop3 proxy server (antispam/virus)

[Roberto Pereyra]

Hi all !!

Somebody knows a pop3 proxy server to use for spam/virus filter ?

My users have his pop3 accounts in a external server (ISP).

Thanks in advance.

roberto


--
Ing. Roberto Pereyra
ContenidosOnline
http://www.contenidosonline.com.ar
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Proxy server.

[Efren Bravo]

Hi,

> > Does somebody know a proxy distinct to Squid
> that
> > works with a parent proxy?
> 
> Privoxy.
> 
> You find the port in www/privoxy, and minor
> improvements at:
> .

Thank you very much, I installed and configured
it and works great on what I need... Later I'll
try with opps...



__ 
LLama Gratis a cualquier PC del Mundo. 
Llamadas a fijos y móviles desde 1 céntimo por minuto. 
http://es.voice.yahoo.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Proxy server.

[Fabian Keil]

Efren Bravo <[EMAIL PROTECTED]> wrote:
 
> Does somebody know a proxy distinct to Squid that
> works with a parent proxy?

Privoxy.

You find the port in www/privoxy, and minor improvements at:
.

Fabian
-- 
http://www.fabiankeil.de/


signature.asc
Description: PGP signature

Re: Proxy server.

[Igor Robul]

On Tue, May 23, 2006 at 03:42:17PM +0200, Efren Bravo wrote:
> Hi,
> 
> Does somebody know a proxy distinct to Squid that
> works with a parent proxy?
www/oops
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Proxy server.

[Efren Bravo]

Hi,

Does somebody know a proxy distinct to Squid that
works with a parent proxy?

Thanks.



__ 
LLama Gratis a cualquier PC del Mundo. 
Llamadas a fijos y móviles desde 1 céntimo por minuto. 
http://es.voice.yahoo.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: proxy server

[Andrew P.]

On 10/13/05, Dave <[EMAIL PROTECTED]> wrote:
> Hi,
> I've been checking out this thread on squid. I've got squid right now doing
> transparent proxying with pf and that is working reat! But i'd like to
> extend it to do what your doing:
> ftp-proxying, currently i use ftp-proxy out of inetd and only passive client
> connections from behind the nat work, active doesn't
> addblocking, i'll take your suggestion and use adzap
> and i'd like to use dansguardian for content filtering, but it requires
> apache on the gateway box i don't know if i like that, is there a way around
> that dependency?
> Do you have a howto or notes for setting all this up?
> Thanks.
> Dave.
>

Not really. In fact it wasn't me who set this all up,
I just happen to manage it all now. You'll have
to read through all squid faqs to make it shine.

Adzap doesn't require anything at all (except for
perl, of course), but it doesn't harm if you have
a local webserver to serve some static content.
thttpd is the right solution for this, but Apache
won't hurt even on a very loaded production
server.

You'll also want to process squid logs. If you
have a spare box - that's fine, you can do it
all there. But we've found it quite comfortable
to do all processing on the proxy itself,
in the night. We use calamaris and sarg
(and it helps to have apache on the proxy,
to the results), and we're looking at other
analyzers, too.

I don't remember any major problem with
our proxy (except for some failing hardware),
there's nothing tricky in setting it up and
maintaining it. If you'll have a specific
issue, I'll be very glad to try and help you out.


Cheerz,
Andrew P.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: proxy server

[Brian E. Conklin]

We use Squid  and SquidGuard .

Squid is authenticating against a Windows Active Directory domain. And
squidGuard is performing all of our filtering.

Works fantastic!

Brian E. Conklin, MCP+I, MCSE
Director of Information Services
Mason General Hospital
http://www.masongeneral.com


> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Efren Bravo
> Sent: Wednesday, October 12, 2005 3:34 PM
> To: freeBSD 
> Subject: proxy server
> 
> 
> Hi,
> 
> I want to install a proxy server to manage these features: http cache,
> content filtering (forbidden words, ActiveX, java, url. etc), users,
> groups, ips' control access, time ranges to ie access.  
>   
> I want to hear some suggestions based on your experiences.  
>   
> Thanks...
> 
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "[EMAIL PROTECTED]"
> 
=
Mason General Hospital
901 Mt. View Drive
PO Box 1668
Shelton, WA 98584
http://www.masongeneral.com
(360) 426-1611
=
This message is intended for the sole use of the individual and entity
to whom it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you
are not the addressee nor authorized to receive for the addressee, you
are hereby notified that you may not use, copy, disclose or distribute
to anyone this message or any information contained in the message. If
you have received this message in error, please immediately notify the
sender and delete the message.

Replying to this message constitutes consent to electronic monitoring
of this message.

Thank you.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: proxy server

[Igor Robul]

Efren Bravo wrote:


Hi,

I want to install a proxy server to manage these features: http cache,
content filtering (forbidden words, ActiveX, java, url. etc), users,
groups, ips' control access, time ranges to ie access.  
 
I want to hear some suggestions based on your experiences.  
 


You can try "oops" proxy server ( /usr/ports/www/oops ).
It works fine for me (more than 100 users)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: proxy server

[Andrew P.]

On 10/13/05, Efren Bravo <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I want to install a proxy server to manage these features: http cache,
> content filtering (forbidden words, ActiveX, java, url. etc), users,
> groups, ips' control access, time ranges to ie access.
>
> I want to hear some suggestions based on your experiences.
>
> Thanks...
>
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>

We've got squid+adzap filtering out porn and ads.

It's a dual PIII server, with an IDE hard disk. It serves
3000+ clients (around 30Gb daily). It works great. We
also use jftpgw as an ftp proxy.

Users, groups, ip-addresses, time ranges are all
easily configurable via squid, but for comprehensive
Chinese-style filtering of the content (not just based
on the URL), you'll need something like
dansguardian, like Andras told us here.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: proxy server

[Andras Kende]

> Hi,
>
> I want to install a proxy server to manage these features: http cache,
> content filtering (forbidden words, ActiveX, java, url. etc), users,
> groups, ips' control access, time ranges to ie access.
>
> I want to hear some suggestions based on your experiences.
>
> Thanks...
>
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
>

Hello,

I installed squid proxy with dansguardian content filtering for a school
with 100+ users with great success..

Andras Kende
http;//www.kende.com





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

proxy server

[Efren Bravo]

Hi,

I want to install a proxy server to manage these features: http cache,
content filtering (forbidden words, ActiveX, java, url. etc), users,
groups, ips' control access, time ranges to ie access.  
  
I want to hear some suggestions based on your experiences.  
  
Thanks...


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: force use proxy server

[Bart Silverstrim]

On Jul 20, 2005, at 2:52 AM, vladone wrote:


Hi!
How i can redirect web traffic from my lan, throught my proxy server?


We set up Squid/SquidGuard, set the machine to forward traffic and 
created a firewall rule to forward port 80 traffic to the port Squid 
was listening to, then told the DHCP server to hand out the IP of the 
Squid server as the gateway address for client machines to use.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: force use proxy server

[victor]

you might want to try setup a transparent proxy by using squid. 
(www.squid-cache.org)


I have found this article using goole, you might find it useful.

http://tomclegg.net/squid-tproxy


Tor.

vladone wrote:


Hi!
How i can redirect web traffic from my lan, throught my proxy server?

___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


 




--


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

force use proxy server

[vladone]

Hi!
How i can redirect web traffic from my lan, throught my proxy server?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Using port system in network using proxy server

[Ruslan N. Gogunsci]

Hello freebsd-questions,

On Wed, 22 Sep 2004 15:44:17 +0100
Dick Davies <[EMAIL PROTECTED]> wrote:

> * Mark Jayson Alvarez <[EMAIL PROTECTED]> [0933 14:33]:
> > Good day!
> > 
> >Do you have any idea on how I can install through
> > freebsd port system when my internet connection is on
> > LAN and our LAN uses proxy server? I can set the proxy
> > details easily in my web browsers but I don't know how
> > to do it in making ports. Some sort of proxy
> > environment variable perhaps?
> 
> export http_proxy=http://your.proxy:3128
If you want cvsup ports tree and don't have socks proxy, try www.http-tunnel.com

> 
> (don't forget the http:// prefix - I think there's a ftp_proxy too?)
> 
> -- 
> A sine curve goes off to infinity or at least the end of the blackboard.
>   -- Prof. Steiner
> Rasputin :: Jack of All Trades - Master of Nuns
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Using port system in network using proxy server

[Dick Davies]

* Mark Jayson Alvarez <[EMAIL PROTECTED]> [0933 14:33]:
> Good day!
> 
>Do you have any idea on how I can install through
> freebsd port system when my internet connection is on
> LAN and our LAN uses proxy server? I can set the proxy
> details easily in my web browsers but I don't know how
> to do it in making ports. Some sort of proxy
> environment variable perhaps?

export http_proxy=http://your.proxy:3128

(don't forget the http:// prefix - I think there's a ftp_proxy too?)

-- 
A sine curve goes off to infinity or at least the end of the blackboard.
-- Prof. Steiner
Rasputin :: Jack of All Trades - Master of Nuns
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Using port system in network using proxy server

[Mark Jayson Alvarez]

Good day!

   Do you have any idea on how I can install through
freebsd port system when my internet connection is on
LAN and our LAN uses proxy server? I can set the proxy
details easily in my web browsers but I don't know how
to do it in making ports. Some sort of proxy
environment variable perhaps?

Thanks!

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Imap Proxy server?

[Antoine Jacoutot]

On Tuesday 25 May 2004 20:06, [EMAIL PROTECTED] wrote:
> Hey all,
> I have looked into this before but never really found too much info on
> it.  On one of my FreeBSD boxes I run Squirrelmail.  I was told that
> there is a Imap Proxy server that can be ran on the local box to help
> with some slowness with accessing email.  I have installed the Imap
> Proxy server from the ports but there doesn't seem to be any decent
> documentation.  Also the link to the project site is no longer valid:
> http://www.kuleuven.net/projects/imapproxy/
>
> Has anyone installed / configured this and gotten it to work correctly?

Use http://www.imapproxy.org
It works fine and it is in the portss tree (/usr/ports/mail/up-imapproxy)

Antoine
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Imap Proxy server?

[whizkid]

Hey all,
I have looked into this before but never really found too much info on
it.  On one of my FreeBSD boxes I run Squirrelmail.  I was told that
there is a Imap Proxy server that can be ran on the local box to help
with some slowness with accessing email.  I have installed the Imap
Proxy server from the ports but there doesn't seem to be any decent
documentation.  Also the link to the project site is no longer valid: 
http://www.kuleuven.net/projects/imapproxy/

Has anyone installed / configured this and gotten it to work correctly?
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: bypassing a proxy server

[Toomas Aas]

Hi!

> Furthermore, I want the FreeBSD machine to run an anonymous ftp
> server. Forgive the crappy drawing (I never claimed to be an artist),
> but this is how the network looks at the moment (except that there
> are 10 Windows clients, not 2):
> 
> 
>  |---|
>  |windows|
>|||--||client |
>|  Win2000   ||  |----|---|
>  T1|proxy server||switch|
>| & gateway  ||  ||---|
>|||---|--||windows|
>  |   |client |
>  |   |---|
>  |
>|-||
>| FBSD ftp |
>|  server  |
>|--|
> 
> OK, I'm convinced, running a ftp server from a NAT gateway is a
> disaster. So I'm looking for a way around it. I have an old unused hub,
> and I've been thinking that this might be a possible solution (sort of
> like a DMZ?)...
> 
>  |---|
>  |windows|
>|----||--||client |
>|  Win2000   ||  ||---|
>  T1--HUB---|proxy server||switch|
>   || & gateway  ||  ||---|
>   ||||--||windows|
>   |  |client |
>   |  |---|
>   |
>  ||-|
>  | FBSD ftp |
>  |  server  |
>  |--|

Yes, with that kind of setup your FTP server is likely to be much 
better accessible than with the previous one :-)

Assuming, of course, that the external interface of Windows 2000 server 
is Ethernet and there are no tricks like PPPoE involved.

> The only problem I see here is I don't know how I'm going to get an
> address for the ftp server. The Win2000 gateway has a static address, it
> dishes out addresses to the clients with dhcp. The NAT addresses are of
> course internal addresses like 10.0.0.12, but the school does own a
> block of 64 static addresses. 

Well, then you just need to ask your school's admin to give you one of 
those static (I assume you mean public?) addresses and assign it to 
your FreeBSD machine manually. 

> If I simply stick a hub in front of the gateway machine, all traffic
> to the gateway will also be sent to the ftp server - I know that will
> cause packet collisions, but I can live with the crappy performance
> because it's a very low traffic environment. My main concern is
> simply how to assign an address to the ftp server without
> disconnecting the gateway machine.

You just need to assign an address which is different from that of the 
public interface of the Windows server :-) Otherwise the Windows admin 
*will* come for your head :-)
--
Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/
* I've got a life but it won't run on my operating system.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: bypassing a proxy server

[Matthew Seaman]

On Mon, Mar 15, 2004 at 08:10:04PM +0100, Robert Storey wrote:

> The only problem I see here is I don't know how I'm going to get an
> address for the ftp server. The Win2000 gateway has a static address, it
> dishes out addresses to the clients with dhcp. The NAT addresses are of
> course internal addresses like 10.0.0.12, but the school does own a
> block of 64 static addresses. If I simply stick a hub in front of the
> gateway machine, all traffic to the gateway will also be sent to the ftp
> server - I know that will cause packet collisions, but I can live with
> the crappy performance because it's a very low traffic environment. My
> main concern is simply how to assign an address to the ftp server
> without disconnecting the gateway machine.

As your school owns a /26 network (which gives you 62 usable host
addresses, plust the network and broadcast addresses) you can just
assign one of the unused static addresses to the FTP server.  It's as
simple as that.  As this machine is going to be visible on the
Internet, you should contact whoever runs the DNS for your network and
get the machine's hostname and IP number properly registered (ie. both
forward (A) and inverse (PTR) records).

You should setup the FTP server's static address by inserting the
correct data into /etc/rc.conf, rather than attempting to use
DHCP. You can probably extract the correct settings by running
ipconfig in a DOS shell on your Win2000 machine.  As a helpful hint:
the netmask for a /26 is 255.255.255.192 or 0xffc0, and the
broadcast address will end with either .63, .127, .191 or .255.
Getting a DHCP service out of the external side of your Windows
gateway machine should not be possible, for proper security.

Don't worry about the Hub being a performance bottleneck -- you'll
hardly notice it against the limitations of T1 bandwidth.  However, do
realise that your FTP server will be exposed to the Internet and some
care will need to be taken to make sure that it is properly secured.
(Running FreeBSD is a very good start in that direction).

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgp0.pgp
Description: PGP signature

Re: bypassing a proxy server

[Jerry McAllister]

> 
> As some of you may recall, I'm engaged in an ongoing saga trying to set
> up a FreeBSD machine on a school's network. The school is Windows only -
> the administration knows nothing about FreeBSD (or Linux), and it's up
> to me to prove to them that FBSD is worth teaching to the students. Due
> to my lobbying, the school has given me one old computer to play with,
> and I have installed FreeBSD on it. But there are problems. The biggest
> is that the gateway machine is Windows 2000 and it's running a proxy
> server (to keep the students from visiting naughty web sites). So the
> FreeBSD machine cannot get through to the Internet with http, though the
> Windows machines can. On the other hand, the FBSD box can get through
> the gateway with ssh and ftp (though performance is sluggish, even with
> a T1 line). Furthermore, I want the FreeBSD machine to run an anonymous
> ftp server. Forgive the crappy drawing (I never claimed to be an
> artist), but this is how the network looks at the moment (except that
> there are 10 Windows clients, not 2):

Someone else will hopefully respond about the ftp stuff - 
but, there should be no problem getting the http stuff to work
through the proxy server.You just have to change your browser 
to use whatever port the proxy server requires and make sure the 
manager of the proxy sets the proxy server to allow your machine 
to talk to it the same as they allow the windows clients (browsers) 
and it should work.  Of course, you will be blocked from the same 
porno sites as everyone else.  I haven't taken any survey of all
browser clients, but any that I have used allow the port to be
set.  They have things explicitly allowing you to configure them
to run through a proxy.

As for ftp, does the proxy server proxy ftp as well as http?
Ours do not so I haven't had to look at that.  There is also
stuff in the list archive and maybe even FAQs about getting ftp
through NATs and firewalls that may apply.  Look for Passive FTP
and such things.

jerry


> 
>  |---|
>  |windows|
>||    |------|    |client |
>|  Win2000   ||  ||---|
>  T1|proxy server||switch|
>| & gateway  ||  ||---|
>|||---|--||windows|
>  |   |client |
>  |   |---|
>  |
>|-||
>| FBSD ftp |
>|  server  |
>|--|
> 
> The problem is that this doesn't work. People from outside the network
> can't get through to the FBSD ftp server. Clearly, that Win2000 proxy
> server is an evil machine. When I last discussed this problem (on this
> list), Matthew wrote back and offered me a pretty thorough explanation
> of the problem, which is posted here:
> 
> http://freebsd.rambler.ru/bsdmail/freebsd-questions_2002/msg34253.html
> 
> OK, I'm convinced, running a ftp server from a NAT gateway is a
> disaster. So I'm looking for a way around it. I have an old unused hub,
> and I've been thinking that this might be a possible solution (sort of
> like a DMZ?)...
> 
>      |---|
>  |windows|
>|||--||client |
>|  Win2000   ||  ||---|
>  T1--HUB---|proxy server||switch|
>   || & gateway  ||  ||---|
>   ||||--||windows|
>   |  |client |
>   |  |---|
>   |
>  ||-|
>  | FBSD ftp |
>  |  server  |
>  |--|
> 
> The only problem I see here is I don't know how I'm going to get an
> address for the ftp server. The Win2000 gateway has a static address, it
> dishes out addresses to the clients with dhcp. The NAT addresses are of
> course internal addresses like 10.0.0.12, but the school does own a
> block of 64 static addresses. If I simply stick a hub in front of the
> gateway machine, all traffic to the gateway will also be sent to the ftp
> server - I know that will cause packet collisions, but I can live with
> the crappy performance because it's a very low traffic environment. My
> main concern is simply how to assign an address to the ftp server
> without disconnecting the gateway machine.
> 
> I'm sorry if I'm asking a dumb question, but I'm a novice when it comes
> to setting up networks. I ha

RE: bypassing a proxy server

[Remko Lodder]

Hi,

questions are never stupid, you did some research at forehand that makes you
smarter
then others, but they are also not stupid.

You want to have portforwarding on the Win2k machine to your fbsd system,
(with
a dedicated internal ip), it maps connections from the extern ip on the
win2k
machine to your machine and back, at least that is done in most
firewallsetups including
mine(bsd based so no windows actually). But it might be possible to do so, i
cannot
imagine that there isn't a tool for windows which does the same.

The hub setup won't work, you should never get a ip addr through that hub,
in my
humble opinion.

Also i cannot see the logic of your anonymous ftp server, be aware that
there
are risks, it might be breached, there might be warez and other shit on it
then,
make sure you asked permission for that, before they kick you.

So Portmapping is your answer i think
Cheers

--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene

-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Robert Storey
Verzonden: maandag 15 maart 2004 20:10
Aan: [EMAIL PROTECTED]
Onderwerp: bypassing a proxy server


As some of you may recall, I'm engaged in an ongoing saga trying to set
up a FreeBSD machine on a school's network. The school is Windows only -
the administration knows nothing about FreeBSD (or Linux), and it's up
to me to prove to them that FBSD is worth teaching to the students. Due
to my lobbying, the school has given me one old computer to play with,
and I have installed FreeBSD on it. But there are problems. The biggest
is that the gateway machine is Windows 2000 and it's running a proxy
server (to keep the students from visiting naughty web sites). So the
FreeBSD machine cannot get through to the Internet with http, though the
Windows machines can. On the other hand, the FBSD box can get through
the gateway with ssh and ftp (though performance is sluggish, even with
a T1 line). Furthermore, I want the FreeBSD machine to run an anonymous
ftp server. Forgive the crappy drawing (I never claimed to be an
artist), but this is how the network looks at the moment (except that
there are 10 Windows clients, not 2):


 |---|
 |windows|
   |||--||client |
   |  Win2000   ||      |----|---|
 T1|proxy server||switch|
   | & gateway  ||  ||---|
   |||---|--||windows|
 |   |client |
 |   |---|
 |
   |-||
   | FBSD ftp |
   |  server  |
   |--|

The problem is that this doesn't work. People from outside the network
can't get through to the FBSD ftp server. Clearly, that Win2000 proxy
server is an evil machine. When I last discussed this problem (on this
list), Matthew wrote back and offered me a pretty thorough explanation
of the problem, which is posted here:

http://freebsd.rambler.ru/bsdmail/freebsd-questions_2002/msg34253.html

OK, I'm convinced, running a ftp server from a NAT gateway is a
disaster. So I'm looking for a way around it. I have an old unused hub,
and I've been thinking that this might be a possible solution (sort of
like a DMZ?)...

 |---|
 |windows|
   |||--||client |
   |  Win2000   ||  ||---|
 T1--HUB---|proxy server||switch|
  || & gateway  ||  ||---|
  ||||--||windows|
  |  |client |
  |  |---|
  |
 ||-|
 | FBSD ftp |
 |  server  |
 |--|

The only problem I see here is I don't know how I'm going to get an
address for the ftp server. The Win2000 gateway has a static address, it
dishes out addresses to the clients with dhcp. The NAT addresses are of
course internal addresses like 10.0.0.12, but the school does own a
block of 64 static addresses. If I simply stick a hub in front of the
gateway machine, all traffic to the gateway will also be sent to the ftp
server - I know that will cause packet collisions, but I can live with
the crappy performance because it's a very low traffic environment. My
main concern is simply how to assign an address to the ftp server
without disconnecting the gateway machine.

I'm sorry if I'm asking a dumb question, but I'm a novice when it comes
to setting up networks. I haven't found anything on Google that deals
with this particular question, and

bypassing a proxy server

[Robert Storey]

As some of you may recall, I'm engaged in an ongoing saga trying to set
up a FreeBSD machine on a school's network. The school is Windows only -
the administration knows nothing about FreeBSD (or Linux), and it's up
to me to prove to them that FBSD is worth teaching to the students. Due
to my lobbying, the school has given me one old computer to play with,
and I have installed FreeBSD on it. But there are problems. The biggest
is that the gateway machine is Windows 2000 and it's running a proxy
server (to keep the students from visiting naughty web sites). So the
FreeBSD machine cannot get through to the Internet with http, though the
Windows machines can. On the other hand, the FBSD box can get through
the gateway with ssh and ftp (though performance is sluggish, even with
a T1 line). Furthermore, I want the FreeBSD machine to run an anonymous
ftp server. Forgive the crappy drawing (I never claimed to be an
artist), but this is how the network looks at the moment (except that
there are 10 Windows clients, not 2):


 |---|
 |windows|
   |||--||client |
   |  Win2000   ||  ||---|
 T1----|proxy server||switch|
   | & gateway  ||  ||---|
   |||---|--||windows|
 |   |client |
 |   |---|
 |
   |-||
   | FBSD ftp |
   |  server  |
   |--|

The problem is that this doesn't work. People from outside the network
can't get through to the FBSD ftp server. Clearly, that Win2000 proxy
server is an evil machine. When I last discussed this problem (on this
list), Matthew wrote back and offered me a pretty thorough explanation
of the problem, which is posted here:

http://freebsd.rambler.ru/bsdmail/freebsd-questions_2002/msg34253.html

OK, I'm convinced, running a ftp server from a NAT gateway is a
disaster. So I'm looking for a way around it. I have an old unused hub,
and I've been thinking that this might be a possible solution (sort of
like a DMZ?)...

 |---|
 |windows|
   |||--||client |
   |  Win2000   |    |  ||---|
 T1--HUB---|proxy server||switch|
  || & gateway  ||  ||---|
  ||||--||windows|
  |  |client |
  |  |---|
  |
 ||-|
 | FBSD ftp |
 |  server  |
 |--|

The only problem I see here is I don't know how I'm going to get an
address for the ftp server. The Win2000 gateway has a static address, it
dishes out addresses to the clients with dhcp. The NAT addresses are of
course internal addresses like 10.0.0.12, but the school does own a
block of 64 static addresses. If I simply stick a hub in front of the
gateway machine, all traffic to the gateway will also be sent to the ftp
server - I know that will cause packet collisions, but I can live with
the crappy performance because it's a very low traffic environment. My
main concern is simply how to assign an address to the ftp server
without disconnecting the gateway machine.

I'm sorry if I'm asking a dumb question, but I'm a novice when it comes
to setting up networks. I haven't found anything on Google that deals
with this particular question, and there is nobody around here that I
can ask. Any advice is appreciated.

Thanks in advance,
Robert


 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Is inetd a proxy server?

[Marty Landman]

At 05:41 PM 2/22/2004, Chris Pressey wrote:

Have you tried pressing the 'i' key when top is running?  It toggles the 
display of idle processes.  (getty is generally
idle.)  This can save a lot of screen real estate.
Thanks Chris, that's perfect. I gotta learn not to post before rereading 
the help page.

Marty Landman   Face 2 Interface Inc 845-679-9387
This Month's New Quiz --- Past Superbowl Winners
Make a Website: http://face2interface.com/Home/Demo.shtml
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Is inetd a proxy server?

[Chris Pressey]

On Sun, 22 Feb 2004 17:19:05 -0500
Marty Landman <[EMAIL PROTECTED]> wrote:

> My issue is one of UI, especially for "top". It would be nicer imo if
> those 1/2 doz getty processes were to display on one line somehow...
> maybe indicating the number running and a way for me to expand them if
> needed [which is essentially never which is my point]. So something
> like getty, necessary and there for the appropriate reason, i.e. it
> displays on "top" because it should, nonetheless is a light weight, in
> my case rarely used process that ends up consuming 1/3 or so of the
> screen real estate.

It shouldn't be too hard to modify top to collapse processes with the
same name into a single line.  Possibly more effort than it's worth for
what you want, though.  Have you tried pressing the 'i' key when top is
running?  It toggles the display of idle processes.  (getty is generally
idle.)  This can save a lot of screen real estate.

-Chris
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Is inetd a proxy server?

[Marty Landman]

At 01:26 PM 2/22/2004, Matthew Seaman wrote:

getty(8) is pretty light weight, and it doesn't take much extra memory to 
run multiple copies of it.  It's also the case that while you may not need 
to log in via the console during normal usage, when you do need console 
access then you generally need it very badly.
Fine if fbsd wants a dozen copies running. In fact since I don't have X 
installed would just as soon have all 12 pf keys mapped to cli consoles for 
if/when am sitting at the console.

My issue is one of UI, especially for "top". It would be nicer imo if those 
1/2 doz getty processes were to display on one line somehow... maybe 
indicating the number running and a way for me to expand them if needed 
[which is essentially never which is my point]. So something like getty, 
necessary and there for the appropriate reason, i.e. it displays on "top" 
because it should, nonetheless is a light weight, in my case rarely used 
process that ends up consuming 1/3 or so of the screen real estate.

You can run apache 1.3.x through inetd -- see the 'ServerType' directive 
in httpd.conf:

http://httpd.apache.org/docs/mod/core.html#servertype

As it says in bright red letters: "Inetd mode is no longer recommended and 
does not always work properly. Avoid it if at all possible."
In that case...

ServerType no longer exists in apache 2.0.x.
Doesn't bother me, I migrated backwards to apache 1.3.x on 3/4 servers 
because it seems the more common version, at least for Unix. My windows 
gateway runs apache 2.0 because it's pretty much restricted to being a 
documentation repository for faqs, manuals, and the like.

I guess it's something I might try if I found out it was still in common 
and accepted commercial use, which from what you've said does not sound 
likely or at least wise.

Marty Landman   Face 2 Interface Inc 845-679-9387
This Month's New Quiz --- Past Superbowl Winners
Make a Website: http://face2interface.com/Home/Demo.shtml
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Is inetd a proxy server?

[Matthew Seaman]

On Sun, Feb 22, 2004 at 11:58:10AM -0500, Marty Landman wrote:
> At 11:12 AM 2/22/2004, Matthew Seaman wrote:
> 
> >A proxy listens to all of your request, and then opens up a second 
> >connection to the real server (or another
> >proxy) for you and replays your request to it -- so all of the traffic is 
> >relayed through the proxy.
> 
> Newbie here Matthew. Could you please explain how a proxy differs from a 
> router? Or are they in many ways intersecting in their functionality? e.g. 
> I've got a class c network in my office and recently learned how to use 
> apache to reverse proxy a request so that http://my-ip-adr/fbsd becomes the 
> same as http://fbsd, where the latter is mapped to the ip addr for my fbsd 
> box on the lan by apache. (which btw is kind of cool)

Sure.  A router deals with network traffic at the IP level --
sometimes described as Layer 3 on the OSI 7 layer model.  In plain
English, the router doesn't care what's inside the packets: it just
looks at the IP numbers in the headers and relays the packets
appropriately.  A router will work for all sorts of traffic -- HTTP,
FTP, SSH, SMTP, whatever (unless you've deliberately added a packet
filter) -- unlike a proxy, which works at the protocol level: thus
you'll get an HTTP proxy or a FTP proxy or a SMTP relay or a DNS
recursive server -- the names vary, but they all do proxy service.
It's also common for proxies to cache previous traffic and reply out
of cache instead of going all the way back to the originating server,
but that's not a requirement.  Sometimes the software used to
implement a proxy is actually identical to the software you'ld use to
implement the originating server -- as commonly seen with most MTAs
and BIND and occasionally Apache HTTPD as you've done -- although
specialised proxying software is more generally used for HTTP and FTP
and the like.
 
> >The point of having inetd(8) is that it provides is a mechanism so that 
> >you don't have to have umpty-dozen different small servers running all of 
> >the time and taking up your process space.
> 
> I notice that mingetty runs ~ half a dozen instances on my box, waiting for 
> console users that will never come since as a rule I do everything thru ssh 
> on my windows workstation. And httpd, though I've cut the child process 
> spec down on the apache conf since it's not needed. Of course the saved 
> cycles aren't needed either in my current environment. :)

getty(8) is pretty light weight, and it doesn't take much extra memory
to run multiple copies of it.  It's also the case that while you may
not need to log in via the console during normal usage, when you do
need console access then you generally need it very badly.  
 
> Could httpd be set up to run via inetd instead of on its own? If so, is it 
> not typically done this way because it is usually the biggie app on 
> servers? Following that reasoning, if a server were primarily used for ftp 
> would it make sense to remove ftpd from inetd's conf file and instead start 
> it as a service, assuming that were possible?

You can run apache 1.3.x through inetd -- see the 'ServerType'
directive in httpd.conf:

http://httpd.apache.org/docs/mod/core.html#servertype

As it says in bright red letters: "Inetd mode is no longer recommended
and does not always work properly. Avoid it if at all possible."
ServerType no longer exists in apache 2.0.x.

If you are running a busy FTP site, then yes, running a standalone FTP
daemon would be a good idea.  However, the server side configuration
for most FTP daemons is a lot simpler than for Apache, so it's
feasible to run ftpd out of inetd for much higher traffic than it
would be for apache.  Another common server where there's an option of
running under inetd is Samba -- however I think the trend nowadays is
to assume that the Samba daemons will run standalone.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgp0.pgp
Description: PGP signature

Re: Is inetd a proxy server?

[Marty Landman]

At 11:12 AM 2/22/2004, Matthew Seaman wrote:

A proxy listens to all of your request, and then opens up a second 
connection to the real server (or another
proxy) for you and replays your request to it -- so all of the traffic is 
relayed through the proxy.
Newbie here Matthew. Could you please explain how a proxy differs from a 
router? Or are they in many ways intersecting in their functionality? e.g. 
I've got a class c network in my office and recently learned how to use 
apache to reverse proxy a request so that http://my-ip-adr/fbsd becomes the 
same as http://fbsd, where the latter is mapped to the ip addr for my fbsd 
box on the lan by apache. (which btw is kind of cool)

The point of having inetd(8) is that it provides is a mechanism so that 
you don't have to have umpty-dozen different small servers running all of 
the time and taking up your process space.
I notice that mingetty runs ~ half a dozen instances on my box, waiting for 
console users that will never come since as a rule I do everything thru ssh 
on my windows workstation. And httpd, though I've cut the child process 
spec down on the apache conf since it's not needed. Of course the saved 
cycles aren't needed either in my current environment. :)

Could httpd be set up to run via inetd instead of on its own? If so, is it 
not typically done this way because it is usually the biggie app on 
servers? Following that reasoning, if a server were primarily used for ftp 
would it make sense to remove ftpd from inetd's conf file and instead start 
it as a service, assuming that were possible?

Marty Landman   Face 2 Interface Inc 845-679-9387
This Month's New Quiz --- Past Superbowl Winners
Make a Website: http://face2interface.com/Home/Demo.shtml
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Is inetd a proxy server?

[Matthew Seaman]

On Mon, Feb 23, 2004 at 12:05:45AM +0900, Rob wrote:

> I don't know much about proxy servers, so I read the handbook on this issue.
> When reading the proxy server paragraph in the firewalls section, I 
> concluded
> that my inetd superserver is a kind of proxy server. Is that right?

Not really.  Inetd is a program for marshalling other servers.  It
accepts an incoming connection, works out what service it's for, fires
up the appropriate server to deal with it, and substitutes that server
for itself on the end of the connection in order to receive the
request.  So with inetd, you end up dealing with the real server that
can handle your request.  A proxy listens to all of your request, and
then opens up a second connection to the real server (or another
proxy) for you and replays your request to it -- so all of the traffic
is relayed through the proxy.

The point of having inetd(8) is that it provides is a mechanism so that
you don't have to have umpty-dozen different small servers running all
of the time and taking up your process space.  It's less important
nowadays than it used to be, considering how the price of memory and
CPU has fallen, so running loads of different things isn't so
problematic anymore, and how the emphasis now is on security -- which
means not running those services you don't have an immediate use for
-- and speed -- where it's better not to have a process do all of it's
initialization stuff on each connection.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgp0.pgp
Description: PGP signature

Is inetd a proxy server?

[Rob]

Hi,

I don't know much about proxy servers, so I read the handbook on this issue.
When reading the proxy server paragraph in the firewalls section, I concluded
that my inetd superserver is a kind of proxy server. Is that right?
Thanks,
Rob.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Recommendation for proxy server that does Nat function

[Peter Ulrich Kruppa]

On Mon, 2 Feb 2004, JJB wrote:

> I just read an post that said some proxy server do Nat function.
> Searched the ports collection and did not see an proxy servers that
> said they did nat function. Does anyone on this list know of an
> proxy or squid server that also does NAT function?
I am no big network expert - beat me if I got anything wrong -
but a proxy or cache proxy doesn't need a built-in nat .
If your proxy dials in directly via ppp, you can use
ppp's -nat option or you set up natd options in rc.conf .

Regards,

Uli.


+---+
|Peter Ulrich Kruppa|
| Wuppertal |
|  Germany  |
+---+
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Recommendation for proxy server that does Nat function

[JJB]

I just read an post that said some proxy server do Nat function.
Searched the ports collection and did not see an proxy servers that
said they did nat function. Does anyone on this list know of an
proxy or squid server that also does NAT function?

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Large File (Chunking?) http uploads via proxy server?

[freebsd]

Pardon the off topic question, but one of the things I like about this 
list is the varied skill set everyone has!

I need to upload large files via HTTP throught a proxy server.   These 
files can be multiple GB in size.   I realize FTP or SCP would be 
superior - but the proxy server does not permit those protocols, and I 
don't control the proxy server.   It is possible (in fact gotomypc does 
it somehow in their product).Most upload scripts load the entire 
upload into memory - clearly this is not suitable.

Thoughts?

Paul
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: How can I get cvs working with a proxy server?

[anubis]

On Tue, 30 Sep 2003 04:00 am, Dariush wrote:
> Its been over a few weeks now after installing freebsd
> 5.0 and still can not run cvsupdate and portupgrade on
> one my servers.
>
> We are behind a firewall and proxy server.
>
> All traffic to the internet uses a proxy server for
> connection.
>
> I have been searching for ways to try to get the cvs
> working from behind the firewall and no one seems to
> know how to do it. Or at least I can not find the
> solution.
>
> The box has full internet access, but I simply can not
> have a ping to outside.
> i.e ping www.yahoo.com and or any server on the net
> would not work.
>
> but netscape and browsers can get out.
>
> Can any one suggest a solution?
>
> I cann't think that there are so many people out there
> asking for this and there is simply no way to do it.
>
> BSD51# cvsup -P m /root/ports-supfile
> Unknown host "cvsup6.FreeBSD.org"
>
> Tried on a windows machine
>
> cvs -d
>
> :pserver;proxy=121.15.222.232;proxyport=8080:[EMAIL PROTECTED]:/
>
> login
>
> cvs [login aborted]: Proxy server 121.15.222.232 does
> not support HTTP tunnelling
>
> Do I have the defaultrouter in rc.conf?
>
> yes and again I can get to the internet via browsers
> fine.
>
>
>
> __
> Post your free ad now! http://personals.yahoo.ca
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"


looking at the man page for cvsupd says that it uses ports 5999 and 5998.  
This means that you will have to have NAT on the firewall  machine or port 
forwarding.  Proxys typically only proxy some services such as ftp and http 
and wont help with cvsup.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: How can I get cvs working with a proxy server?

[Adam McLaurin]

On Mon, 29 Sep 2003 14:00:54 -0400 (EDT)
Dariush <[EMAIL PROTECTED]> wrote:

> Its been over a few weeks now after installing freebsd
> 5.0 and still can not run cvsupdate and portupgrade on
> one my servers.
> 
> We are behind a firewall and proxy server.

Try using '-P -' for passive mode. That should help.

--
Adam


pgp0.pgp
Description: PGP signature

How can I get cvs working with a proxy server?

[Dariush]

Its been over a few weeks now after installing freebsd
5.0 and still can not run cvsupdate and portupgrade on
one my servers.

We are behind a firewall and proxy server.

All traffic to the internet uses a proxy server for
connection.

I have been searching for ways to try to get the cvs
working from behind the firewall and no one seems to
know how to do it. Or at least I can not find the
solution.

The box has full internet access, but I simply can not
have a ping to outside.
i.e ping www.yahoo.com and or any server on the net
would not work.

but netscape and browsers can get out.

Can any one suggest a solution?

I cann't think that there are so many people out there
asking for this and there is simply no way to do it.

BSD51# cvsup -P m /root/ports-supfile 
Unknown host "cvsup6.FreeBSD.org"

Tried on a windows machine

cvs -d
:pserver;proxy=121.15.222.232;proxyport=8080:[EMAIL PROTECTED]:/
login

cvs [login aborted]: Proxy server 121.15.222.232 does
not support HTTP tunnelling

Do I have the defaultrouter in rc.conf?

yes and again I can get to the internet via browsers
fine.



__ 
Post your free ad now! http://personals.yahoo.ca
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Unable to access the internet through Windows 2000 proxy Server

[Rommel B. Ikeda]

Dear Mr. Aaron Siegel,

I am sorry for bothering you again...and Thank you for your response...
Yes, 192.168.1.5 is our gateway's IP address.  I was able to "route add default  
192.168.1.5" as root.  When I "netstat -r" the default 192.168.1.5 showed up.  Just to 
be sure below is the result of my "netstat -r"

Logistics# route add default 192.168.1.5
add net default: gateway 192.168.1.5
Logistics# netstat -r
Routing tables
 
Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
default192.168.1.5UGSc00   aue0
localhost  localhost  UH  1   35lo0
192.168.1  link#1 UC  10   aue0
192.168.1.500:a0:c9:5a:47:ff  UHLW1  857   aue0666
Logistics  localhost  UGHS00lo0
 
Internet6:
DestinationGatewayFlags  Netif Expire
localhost  localhost  UH  lo0
fe80::%aue0link#1 UC aue0
fe80::20a:79ff:fe0 00:0a:79:03:5d:1b  UHL lo0
fe80::%lo0 fe80::1%lo0Uc  lo0
fe80::1%lo0link#3 UHL lo0
ff01:: localhost  U   lo0
ff02::%aue0link#1 UC aue0
ff02::%lo0 localhost  UC  lo0

These are the 2 results of my ping test:
$ ping www.philstar.com
ping: cannot resolve www.philstar.com: Host name lookup failure
$ ping 210.171.225.106
PING 210.171.225.106 (210.171.225.106): 56 data bytes
^C
--- 210.171.225.106 ping statistics ---
377 packets transmitted, 0 packets received, 100% packet loss
$ ping www.oisca.org
ping: cannot resolve www.oisca.org: Host name lookup failure

I have a very strong idea that this problem is caused by the remapping of our 
Ports...as I have informed you, our FTP Port is set to 10021, HTTP Port is set 10080, 
and so on...How can I set "cvsup-without-gui" to use 10021 for my FTP and 10080 for my 
HTTP?

I did created the directory /etc/resolv.conf as root, yesterday I had a little talk 
with the person in-charge of our Computer Room and asked him about our DNS.  He told 
me that our DNS is dynamically provided by our ISP...So, as in our case with sometimes 
encoumter problems in our Internet Connection and most of the time we have to REBOOT 
the machine that runs our Proxy Server...Everytime we reboot or turn that machine off, 
once we turn in on a new DNS will be used from our ISP, dynamically provided...I was 
told.

He said that the best thing for me to do is use "www.oisca.org", as my DNS...IS THIS 
APPLICABLE...for my "etc/resolv.conf"?
 
So at present this is what is inside my /etc/resolv.conf
nameserver www.oisca.org
#nameserver  12.105.171.186 (I added a # to disable it for the moment)
#nameserver  204.127.202.68 (I added a # to disable it for the moment)

I am really sorry that this has been dragging for a long time now...but, I really need 
your advice on this one...
I have cc this Email to the freeBSD Community that anyone with ideas can also help 
us...
Thank you...
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Running cvsup with proxy server

[Irwan Hadi]

I'm just curious, is it possible to use cvsup for a box that behind a
proxy server? This proxy server just serve ftp and www, and from cvsup
man page it seems that I need a SOCKS proxy server?

If it is possible then how can I do that?

Thanks
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"