307 lines
12 KiB
HTML
307 lines
12 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<META NAME="generator" CONTENT="lgazmail v1.3A.e">
|
|
<TITLE>The Answer Guy 48: Linux Workstations Behind a Proxy/Firewall</TITLE>
|
|
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
|
|
LINK="#3366FF" VLINK="#A000A0">
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
|
|
border="0" align="middle">
|
|
<font color="#B03060">The Answer Guy</font>
|
|
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
|
|
border="0" align="middle">
|
|
</A></H1>
|
|
<BR>
|
|
<H4>By James T. Dennis,
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
|
|
LinuxCare,
|
|
<A HREF="http://www.linuxcare.com/">http://www.linuxcare.com/</A>
|
|
</H4>
|
|
</center>
|
|
|
|
<p><hr><p>
|
|
<!-- endcut ======================================================= -->
|
|
<!-- begin 27 -->
|
|
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
|
|
height="50" width="60" alt="(?) " border="0"
|
|
>Linux Workstations Behind a Proxy/Firewall</H3>
|
|
|
|
|
|
<p><strong>From anil kumar on Mon, 11 Oct 1999
|
|
</strong></p>
|
|
<!-- ::
|
|
Linux Workstations Behind a Proxy/Firewall
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
:: -->
|
|
<P><STRONG>
|
|
Hi Jim,
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
This is Anil from India.I saw your letter in the red hat site &
|
|
wanted some details on how to access the internet from my Linux box.
|
|
I dual boot it with my NT.Now,I am behind a Proxy(MS Proxy & firewall)& my
|
|
Ip address has been given permission to access the internet.I access it in
|
|
the usual way from NT but when i boot thro' Linux, I dont get any option to
|
|
configure the Proxy server.Does the name resolution request go to the DNS
|
|
configured in our local network first & from there upon not resolving to the
|
|
next higher level that is, the local ISP DNS ?But i have configured my Linux
|
|
box for the DNS.Now how do i configure my Linux to access the net?.I would
|
|
appreciate if you would throw some light on it.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Thanx in advance,
|
|
Anil.
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
You're probably expected to use SOCKS clients.
|
|
Most proxying firewalls conform to the NEC SOCKS proxy
|
|
traversal protocol (a standard way for client programs to
|
|
contact a proxy and request a service).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The normal Linux client software (telnet, ftp, etc)
|
|
are not "SOCKSified" (linked to library functions which
|
|
check for proxying). So you want to install the
|
|
socks-clients RPM package.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
You can find a copy of that at:
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><DL><DT>
|
|
socks5-clients-1.0r6-1.i386 RPM
|
|
<DD><A HREF="http://rufus.w3.org/linux/RPM/turbolinux/3.0/RPMS/socks5-clients-1.0r6-1.i386.html"
|
|
>http://rufus.w3.org/linux/RPM/turbolinux/3.0/RPMS/socks5-clients-1.0r6-1.i386.html</A>
|
|
</DL></BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
It will replace most of your network client software
|
|
utilities. You'll then have to edit the
|
|
<TT>/etc/libsocks5.conf.</TT> One of mine looks like:
|
|
</BLOCKQUOTE>
|
|
|
|
<blockquote><pre>socks5 - - - - 192.168.1.5
|
|
noproxy - 192.168.1. -
|
|
noproxy - 123.45.67.0/255.255.255.240 -
|
|
</pre></blockquote>
|
|
<BLOCKQUOTE>
|
|
Creating this file is the hardest part of using
|
|
the SOCKS client RPM. You have to put in your SOCKS proxy
|
|
server at the end that first line. That's an IP address.
|
|
Then you can put into IP address patterns on your noproxy
|
|
line(s). I have set a noproxy for one RFC1918 address
|
|
block, and one (sanitized) "real" address block with a
|
|
netmask. This would be a typical arrangement if there
|
|
where a block of servers on our DMZ (Internet
|
|
exposed network segment) that were directly accessible from
|
|
my station. In many other cases you wouldn't have that
|
|
3rd line, you'd go through the proxy to get to your DMZ,
|
|
too.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The programs provided by this RPM will all read the
|
|
<TT>/etc/lib5socks.conf</TT> file automatically. There is also
|
|
a shared library which can be used to "socksify" many
|
|
"normal" TCP programs. In particular, under Linux it's
|
|
possible to over-ride the normal shared library (DLL)
|
|
loading sequence, forcing a program to preload
|
|
(LD_PRELOAD_PATH) a custom dynamical library. Thus with
|
|
a short wrapper script (described in the documentation
|
|
of this package) it's possible to redefine how a program
|
|
implements some library calls without recompiling the
|
|
package.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Of course these libraries can also be used explicitly
|
|
(by linking programs to them). This obviates the need
|
|
for LD_PRELOAD_PATH shenanigans. Personally I haven't
|
|
used this "socksify" technique.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Some programs (like ncftp) might have to be replaced
|
|
separately. In some cases you'll have to fetch the sources
|
|
and compile programs with non-default options. In other
|
|
cases, like Netscape Navigator, you'll want to just
|
|
configure them (under Navigator and Communicator look for
|
|
"Edit, Preferences, Advanced, Proxying" and fill in the
|
|
dialog box).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Some software and some protocols will not work through SOCKS
|
|
proxying or will have to be patched to do so. (Some of the
|
|
Pointcast, RealAudio, CU-See-Me, and other protocols don't
|
|
support SOCKS, or require proprietary proxying packages in
|
|
order to traverse your firewall).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The canonical site for information about SOCKS is:
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><DL><DT>
|
|
SOCKS Proxy Protocol
|
|
<DD><A HREF="http://www.socks.nec.com"
|
|
>http://www.socks.nec.com</A>
|
|
</DL></BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
In particular you'll want to read the Socks FAQ
|
|
(<A HREF="http://www.socks.nec.com/socksfaq.html"
|
|
>http://www.socks.nec.com/socksfaq.html</A>)
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
You probably don't need a SOCKS server (you've already got
|
|
one) you just need the client software for there protocols
|
|
you plan to use through this firewall).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
However, I provide pointers to some server software for
|
|
other readers. You can download NEC's SOCKS software
|
|
for Linux (in source form) from the web site listed above.
|
|
However, you'll want to read the license on that before
|
|
using or distributing it.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
In addition to the NEC SOCKS implementation, Linux supports
|
|
a couple of alternative SOCKS servers (NEC's SOCKS is not
|
|
under GPL or BSD and it's not fully "free" software).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
One that I've used is DeleGate (<A HREF="http://wall.etl.go.jp/delegate/"
|
|
>http://wall.etl.go.jp/delegate/</A>)
|
|
Another that I've read about but never used is Dante
|
|
(<A HREF="http://www.inet.no/dante/"
|
|
>http://www.inet.no/dante/</A>). DeleGate and Danta are free
|
|
under the BSD license.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
One thing I like about DeleGate in particular is that it's
|
|
possible to manually traverse it. In other words, if you
|
|
have a favorite ftp or telnet client that doesn't know
|
|
how to talk the SOCKS protocol, you can manually connect
|
|
to DeleGate, type some magic commands at it, and it will
|
|
then open up the same sort of connection that the SOCKsified
|
|
client would have. (This is like the FWTK and other
|
|
manually traversed proxy systems).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
There are a number of other firewall and proxying packages
|
|
available for Linux.
|
|
</BLOCKQUOTE>
|
|
|
|
<!-- sig -->
|
|
|
|
|
|
<!-- end 27 -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr> <P>
|
|
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 1999, James T. Dennis
|
|
<BR>Published in <I>The Linux Gazette</I> Issue 48 December 1999</H5>
|
|
<H6 ALIGN="center">HTML transformation by
|
|
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
|
|
Starshine Technical Services,
|
|
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
|
|
</H6>
|
|
<P> <hr> <P>
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<TABLE WIDTH="95%"><TR VALIGN="center" ALIGN="center">
|
|
<TD colspan="2" rowspan="2"><A
|
|
HREF="../lg_answer48.html"
|
|
><IMG SRC="../../gx/dennis/answernew.gif"
|
|
ALT="[ Answer Guy Current Index ]"></A>
|
|
<TD colspan="2" rowspan="2"><A
|
|
HREF="../../tag/kb.html"
|
|
><IMG SRC="../../gx/dennis/answertoc.gif"
|
|
ALT="[ Index of Past Answers ]"></A></td>
|
|
<TD WIDTH="11%"><A HREF="../lg_answer48.html#greeting"><img
|
|
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A></TD>
|
|
<TD WIDTH="11%"><A HREF="1.html">1</A></TD>
|
|
<TD WIDTH="11%"><A HREF="2.html">2</A></TD>
|
|
<TD WIDTH="11%"><A HREF="3.html">3</A></TD>
|
|
<TD WIDTH="11%"><A HREF="4.html">5</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="11%"><A HREF="5.html">5</A></TD>
|
|
<TD WIDTH="11%"><A HREF="6.html">6</A></TD>
|
|
<TD WIDTH="11%"><A HREF="7.html">7</A></TD>
|
|
<TD WIDTH="11%"><A HREF="8.html">8</A></TD>
|
|
<TD WIDTH="11%"><A HREF="9.html">9</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="10%"><A HREF="10.html">10</A></TD>
|
|
<TD WIDTH="10%"><A HREF="11.html">11</A></TD>
|
|
<TD WIDTH="10%"><A HREF="12.html">12</A></TD>
|
|
<TD WIDTH="10%"><A HREF="13.html">13</A></TD>
|
|
<TD WIDTH="11%"><A HREF="14.html">14</A></TD>
|
|
<TD WIDTH="11%"><A HREF="15.html">15</A></TD>
|
|
<TD WIDTH="11%"><A HREF="16.html">16</A></TD>
|
|
<TD WIDTH="11%"><A HREF="17.html">17</A></TD>
|
|
<TD WIDTH="11%"><A HREF="18.html">18</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="10%"><A HREF="19.html">19</A></TD>
|
|
<TD WIDTH="10%"><A HREF="20.html">20</A></TD>
|
|
<TD WIDTH="10%"><A HREF="21.html">21</A></TD>
|
|
<TD WIDTH="10%"><A HREF="22.html">22</A></TD>
|
|
<TD WIDTH="11%"><A HREF="23.html">23</A></TD>
|
|
<TD WIDTH="11%"><A HREF="24.html">24</A></TD>
|
|
<TD WIDTH="11%"><A HREF="25.html">25</A></TD>
|
|
<TD WIDTH="11%"><A HREF="26.html">26</A></TD>
|
|
<TD WIDTH="11%"><A HREF="27.html">27</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="10%"><A HREF="28.html">28</A></TD>
|
|
<TD WIDTH="10%"><A HREF="29.html">29</A></TD>
|
|
<TD WIDTH="10%"><A HREF="30.html">30</A></TD>
|
|
<TD WIDTH="10%"><A HREF="31.html">31</A></TD>
|
|
<TD WIDTH="11%"><A HREF="32.html">32</A></TD>
|
|
<TD WIDTH="11%"><A HREF="33.html">33</A></TD>
|
|
<TD WIDTH="11%"><A HREF="34.html">34</A></TD>
|
|
<TD WIDTH="11%"><A HREF="35.html">35</A></TD>
|
|
<TD WIDTH="11%"><A HREF="36.html">36</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="10%"><A HREF="37.html">37</A></TD>
|
|
<TD WIDTH="10%"><A HREF="38.html">38</A></TD>
|
|
<TD WIDTH="10%"><A HREF="39.html">39</A></TD>
|
|
<TD WIDTH="10%"><A HREF="40.html">40</A></TD>
|
|
<TD WIDTH="11%"><A HREF="41.html">41</A></TD>
|
|
<TD WIDTH="11%"><A HREF="42.html">42</A></TD>
|
|
<TD WIDTH="11%"><A HREF="43.html">43</A></TD>
|
|
<TD WIDTH="11%"><A HREF="44.html">44</A></TD>
|
|
<TD WIDTH="11%"><A HREF="45.html">45</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="10%"><A HREF="46.html">46</A></TD>
|
|
<TD WIDTH="10%"><A HREF="47.html">47</A></TD>
|
|
<TD WIDTH="10%"><A HREF="48.html">48</A></TD>
|
|
<TD WIDTH="10%"><A HREF="49.html">49</A></TD>
|
|
<TD WIDTH="11%"><A HREF="50.html">50</A></TD>
|
|
<TD WIDTH="11%"><A HREF="51.html">51</A></TD>
|
|
<TD WIDTH="11%"><A HREF="52.html">52</A></TD>
|
|
<TD WIDTH="11%"><A HREF="53.html">53</A></TD>
|
|
<TD WIDTH="11%"><A HREF="54.html">54</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD colspan="3"><A HREF="55.html">55</A></TD>
|
|
<TD colspan="3"><A HREF="56.html">56</A></TD>
|
|
<TD colspan="3"><A HREF="57.html">57</A></TD>
|
|
</TR></TABLE>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<P> <hr> <P>
|
|
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<A HREF="../index.html"
|
|
><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
|
|
<A HREF="../../index.html"
|
|
><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
|
|
<A HREF="../lg_bytes48.html"
|
|
><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
|
|
<A HREF="../../faq/index.html"
|
|
><IMG SRC="../../gx/dennis/faq.gif"
|
|
ALT="[ Linux Gazette FAQ ]"></A>
|
|
<A HREF="../lg_tips48.html"
|
|
><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
|
|
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
</BODY></HTML>
|
|
<!--endcut ========================================================= -->
|