LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue48/tag/27.html

307 lines
12 KiB
HTML
Raw Permalink Blame History

<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.3A.e">
<TITLE>The Answer Guy 48: Linux Workstations Behind a Proxy/Firewall</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
border="0" align="middle">
<font color="#B03060">The Answer Guy</font>
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
border="0" align="middle">
</A></H1>
<BR>
<H4>By James T. Dennis,
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
LinuxCare,
<A HREF="http://www.linuxcare.com/">http://www.linuxcare.com/</A>
</H4>
</center>
<p><hr><p>
<!-- endcut ======================================================= -->
<!-- begin 27 -->
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
height="50" width="60" alt="(?) " border="0"
>Linux Workstations Behind a Proxy/Firewall</H3>
<p><strong>From anil kumar on Mon, 11 Oct 1999
</strong></p>
<!-- ::
Linux Workstations Behind a Proxy/Firewall
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG>
Hi Jim,
</STRONG></P>
<P><STRONG>
This is Anil from India.I saw your letter in the red hat site &amp;
wanted some details on how to access the internet from my Linux box.
I dual boot it with my NT.Now,I am behind a Proxy(MS Proxy &amp; firewall)&amp; my
Ip address has been given permission to access the internet.I access it in
the usual way from NT but when i boot thro' Linux, I dont get any option to
configure the Proxy server.Does the name resolution request go to the DNS
configured in our local network first &amp; from there upon not resolving to the
next higher level that is, the local ISP DNS ?But i have configured my Linux
box for the DNS.Now how do i configure my Linux to access the net?.I would
appreciate if you would throw some light on it.
</STRONG></P>
<P><STRONG>
Thanx in advance,
Anil.
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
You're probably expected to use SOCKS clients.
Most proxying firewalls conform to the NEC SOCKS proxy
traversal protocol (a standard way for client programs to
contact a proxy and request a service).
</BLOCKQUOTE>
<BLOCKQUOTE>
The normal Linux client software (telnet, ftp, etc)
are not "SOCKSified" (linked to library functions which
check for proxying). So you want to install the
socks-clients RPM package.
</BLOCKQUOTE>
<BLOCKQUOTE>
You can find a copy of that at:
</BLOCKQUOTE>
<BLOCKQUOTE><DL><DT>
socks5-clients-1.0r6-1.i386 RPM
<DD><A HREF="http://rufus.w3.org/linux/RPM/turbolinux/3.0/RPMS/socks5-clients-1.0r6-1.i386.html"
>http://rufus.w3.org/linux/RPM/turbolinux/3.0/RPMS/socks5-clients-1.0r6-1.i386.html</A>
</DL></BLOCKQUOTE>
<BLOCKQUOTE>
It will replace most of your network client software
utilities. You'll then have to edit the
<TT>/etc/libsocks5.conf.</TT> One of mine looks like:
</BLOCKQUOTE>
<blockquote><pre>socks5 - - - - 192.168.1.5
noproxy - 192.168.1. -
noproxy - 123.45.67.0/255.255.255.240 -
</pre></blockquote>
<BLOCKQUOTE>
Creating this file is the hardest part of using
the SOCKS client RPM. You have to put in your SOCKS proxy
server at the end that first line. That's an IP address.
Then you can put into IP address patterns on your noproxy
line(s). I have set a noproxy for one RFC1918 address
block, and one (sanitized) "real" address block with a
netmask. This would be a typical arrangement if there
where a block of servers on our DMZ (Internet
exposed network segment) that were directly accessible from
my station. In many other cases you wouldn't have that
3rd line, you'd go through the proxy to get to your DMZ,
too.
</BLOCKQUOTE>
<BLOCKQUOTE>
The programs provided by this RPM will all read the
<TT>/etc/lib5socks.conf</TT> file automatically. There is also
a shared library which can be used to "socksify" many
"normal" TCP programs. In particular, under Linux it's
possible to over-ride the normal shared library (DLL)
loading sequence, forcing a program to preload
(LD_PRELOAD_PATH) a custom dynamical library. Thus with
a short wrapper script (described in the documentation
of this package) it's possible to redefine how a program
implements some library calls without recompiling the
package.
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course these libraries can also be used explicitly
(by linking programs to them). This obviates the need
for LD_PRELOAD_PATH shenanigans. Personally I haven't
used this "socksify" technique.
</BLOCKQUOTE>
<BLOCKQUOTE>
Some programs (like ncftp) might have to be replaced
separately. In some cases you'll have to fetch the sources
and compile programs with non-default options. In other
cases, like Netscape Navigator, you'll want to just
configure them (under Navigator and Communicator look for
"Edit, Preferences, Advanced, Proxying" and fill in the
dialog box).
</BLOCKQUOTE>
<BLOCKQUOTE>
Some software and some protocols will not work through SOCKS
proxying or will have to be patched to do so. (Some of the
Pointcast, RealAudio, CU-See-Me, and other protocols don't
support SOCKS, or require proprietary proxying packages in
order to traverse your firewall).
</BLOCKQUOTE>
<BLOCKQUOTE>
The canonical site for information about SOCKS is:
</BLOCKQUOTE>
<BLOCKQUOTE><DL><DT>
SOCKS Proxy Protocol
<DD><A HREF="http://www.socks.nec.com"
>http://www.socks.nec.com</A>
</DL></BLOCKQUOTE>
<BLOCKQUOTE>
In particular you'll want to read the Socks FAQ
(<A HREF="http://www.socks.nec.com/socksfaq.html"
>http://www.socks.nec.com/socksfaq.html</A>)
</BLOCKQUOTE>
<BLOCKQUOTE>
You probably don't need a SOCKS server (you've already got
one) you just need the client software for there protocols
you plan to use through this firewall).
</BLOCKQUOTE>
<BLOCKQUOTE>
However, I provide pointers to some server software for
other readers. You can download NEC's SOCKS software
for Linux (in source form) from the web site listed above.
However, you'll want to read the license on that before
using or distributing it.
</BLOCKQUOTE>
<BLOCKQUOTE>
In addition to the NEC SOCKS implementation, Linux supports
a couple of alternative SOCKS servers (NEC's SOCKS is not
under GPL or BSD and it's not fully "free" software).
</BLOCKQUOTE>
<BLOCKQUOTE>
One that I've used is DeleGate (<A HREF="http://wall.etl.go.jp/delegate/"
>http://wall.etl.go.jp/delegate/</A>)
Another that I've read about but never used is Dante
(<A HREF="http://www.inet.no/dante/"
>http://www.inet.no/dante/</A>). DeleGate and Danta are free
under the BSD license.
</BLOCKQUOTE>
<BLOCKQUOTE>
One thing I like about DeleGate in particular is that it's
possible to manually traverse it. In other words, if you
have a favorite ftp or telnet client that doesn't know
how to talk the SOCKS protocol, you can manually connect
to DeleGate, type some magic commands at it, and it will
then open up the same sort of connection that the SOCKsified
client would have. (This is like the FWTK and other
manually traversed proxy systems).
</BLOCKQUOTE>
<BLOCKQUOTE>
There are a number of other firewall and proxying packages
available for Linux.
</BLOCKQUOTE>
<!-- sig -->
<!-- end 27 -->
<!--startcut ======================================================= -->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
>Copyright &copy;</a> 1999, James T. Dennis
<BR>Published in <I>The Linux Gazette</I> Issue 48 December 1999</H5>
<H6 ALIGN="center">HTML transformation by
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
Starshine Technical Services,
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
</H6>
<P> <hr> <P>
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<TABLE WIDTH="95%"><TR VALIGN="center" ALIGN="center">
<TD colspan="2" rowspan="2"><A
HREF="../lg_answer48.html"
><IMG SRC="../../gx/dennis/answernew.gif"
ALT="[ Answer Guy Current Index ]"></A>
<TD colspan="2" rowspan="2"><A
HREF="../../tag/kb.html"
><IMG SRC="../../gx/dennis/answertoc.gif"
ALT="[ Index of Past Answers ]"></A></td>
<TD WIDTH="11%"><A HREF="../lg_answer48.html#greeting"><img
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A></TD>
<TD WIDTH="11%"><A HREF="1.html">1</A></TD>
<TD WIDTH="11%"><A HREF="2.html">2</A></TD>
<TD WIDTH="11%"><A HREF="3.html">3</A></TD>
<TD WIDTH="11%"><A HREF="4.html">5</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD WIDTH="11%"><A HREF="5.html">5</A></TD>
<TD WIDTH="11%"><A HREF="6.html">6</A></TD>
<TD WIDTH="11%"><A HREF="7.html">7</A></TD>
<TD WIDTH="11%"><A HREF="8.html">8</A></TD>
<TD WIDTH="11%"><A HREF="9.html">9</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD WIDTH="10%"><A HREF="10.html">10</A></TD>
<TD WIDTH="10%"><A HREF="11.html">11</A></TD>
<TD WIDTH="10%"><A HREF="12.html">12</A></TD>
<TD WIDTH="10%"><A HREF="13.html">13</A></TD>
<TD WIDTH="11%"><A HREF="14.html">14</A></TD>
<TD WIDTH="11%"><A HREF="15.html">15</A></TD>
<TD WIDTH="11%"><A HREF="16.html">16</A></TD>
<TD WIDTH="11%"><A HREF="17.html">17</A></TD>
<TD WIDTH="11%"><A HREF="18.html">18</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD WIDTH="10%"><A HREF="19.html">19</A></TD>
<TD WIDTH="10%"><A HREF="20.html">20</A></TD>
<TD WIDTH="10%"><A HREF="21.html">21</A></TD>
<TD WIDTH="10%"><A HREF="22.html">22</A></TD>
<TD WIDTH="11%"><A HREF="23.html">23</A></TD>
<TD WIDTH="11%"><A HREF="24.html">24</A></TD>
<TD WIDTH="11%"><A HREF="25.html">25</A></TD>
<TD WIDTH="11%"><A HREF="26.html">26</A></TD>
<TD WIDTH="11%"><A HREF="27.html">27</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD WIDTH="10%"><A HREF="28.html">28</A></TD>
<TD WIDTH="10%"><A HREF="29.html">29</A></TD>
<TD WIDTH="10%"><A HREF="30.html">30</A></TD>
<TD WIDTH="10%"><A HREF="31.html">31</A></TD>
<TD WIDTH="11%"><A HREF="32.html">32</A></TD>
<TD WIDTH="11%"><A HREF="33.html">33</A></TD>
<TD WIDTH="11%"><A HREF="34.html">34</A></TD>
<TD WIDTH="11%"><A HREF="35.html">35</A></TD>
<TD WIDTH="11%"><A HREF="36.html">36</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD WIDTH="10%"><A HREF="37.html">37</A></TD>
<TD WIDTH="10%"><A HREF="38.html">38</A></TD>
<TD WIDTH="10%"><A HREF="39.html">39</A></TD>
<TD WIDTH="10%"><A HREF="40.html">40</A></TD>
<TD WIDTH="11%"><A HREF="41.html">41</A></TD>
<TD WIDTH="11%"><A HREF="42.html">42</A></TD>
<TD WIDTH="11%"><A HREF="43.html">43</A></TD>
<TD WIDTH="11%"><A HREF="44.html">44</A></TD>
<TD WIDTH="11%"><A HREF="45.html">45</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD WIDTH="10%"><A HREF="46.html">46</A></TD>
<TD WIDTH="10%"><A HREF="47.html">47</A></TD>
<TD WIDTH="10%"><A HREF="48.html">48</A></TD>
<TD WIDTH="10%"><A HREF="49.html">49</A></TD>
<TD WIDTH="11%"><A HREF="50.html">50</A></TD>
<TD WIDTH="11%"><A HREF="51.html">51</A></TD>
<TD WIDTH="11%"><A HREF="52.html">52</A></TD>
<TD WIDTH="11%"><A HREF="53.html">53</A></TD>
<TD WIDTH="11%"><A HREF="54.html">54</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD colspan="3"><A HREF="55.html">55</A></TD>
<TD colspan="3"><A HREF="56.html">56</A></TD>
<TD colspan="3"><A HREF="57.html">57</A></TD>
</TR></TABLE>
</TR><TR VALIGN="center" ALIGN="center">
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<P> <hr> <P>
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<A HREF="../index.html"
><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
<A HREF="../../index.html"
><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
<A HREF="../lg_bytes48.html"
><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
<A HREF="../../faq/index.html"
><IMG SRC="../../gx/dennis/faq.gif"
ALT="[ Linux Gazette FAQ ]"></A>
<A HREF="../lg_tips48.html"
><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
</BODY></HTML>
<!--endcut ========================================================= -->
Reference in New Issue View Git Blame Copy Permalink