vrek
08-07-2003, 05:19 PM
Im thinking of setting up a transparent proxy. My question is if I set it up on this machine and have it routed to my other machine will I still have net access on this machine?
Click to See Complete Forum and Search --> : does transparant proxy require its own machine??
Oaki
08-07-2003, 10:08 PM
Vrek, may i ask why it is you would like to point a proxy from one machine to another on your own network? You should have net access where ever you go, the proxy will not automatically rediret traffic unless you send traffic to that proxy.
Here's basically how it goes under normal circumstances
Web client -> routers -> web server -> routers -> web client
------Proxy on machine a----->------proxy on machine b--------
The proxy will just sit on your first box idle. Say you have the proxy listening on port 123456, it will just sit as an idle process, not doing anything until you redirect your browser (if you are doing web browsing this way) to the proxy server of localhost, the port of 123456. when you do that, it goes something like this:
web client -> proxy on machine a -> routers -> proxy on machine b -> routers -> web server -> routers -> proxy on machine b -> routers -> proxy on machine a -> web client.
I am only saying it like this because from your post it sounds like you want to have a proxy on one machine to go to a proxy to another machine, then to the web.
If you are just doing a single proxy connection, then it would just be the client, to the proxy, then back to the client.
Tell me if this clears things up more.
Here's basically how it goes under normal circumstances
Web client -> routers -> web server -> routers -> web client
------Proxy on machine a----->------proxy on machine b--------
The proxy will just sit on your first box idle. Say you have the proxy listening on port 123456, it will just sit as an idle process, not doing anything until you redirect your browser (if you are doing web browsing this way) to the proxy server of localhost, the port of 123456. when you do that, it goes something like this:
web client -> proxy on machine a -> routers -> proxy on machine b -> routers -> web server -> routers -> proxy on machine b -> routers -> proxy on machine a -> web client.
I am only saying it like this because from your post it sounds like you want to have a proxy on one machine to go to a proxy to another machine, then to the web.
If you are just doing a single proxy connection, then it would just be the client, to the proxy, then back to the client.
Tell me if this clears things up more.
vrek
08-08-2003, 02:10 AM
This is my network
wincomp--->linux comp---->internet
wincomp is just a client running windows 98, AIM, IE, and Kazza. Only has a ethernet card.
Linux comp is a webserver, ftpserver, client, ssh client, ICS, Firewall, and now proxy running Debian Sid Linux with gaim, opera. It has a modem and a ethernet card.
The proxy is setup to have port 80 redirected to port 3152(port proxy uses) so its transparent. No configuration of programs needed. Is there any problem with this setup?
wincomp--->linux comp---->internet
wincomp is just a client running windows 98, AIM, IE, and Kazza. Only has a ethernet card.
Linux comp is a webserver, ftpserver, client, ssh client, ICS, Firewall, and now proxy running Debian Sid Linux with gaim, opera. It has a modem and a ethernet card.
The proxy is setup to have port 80 redirected to port 3152(port proxy uses) so its transparent. No configuration of programs needed. Is there any problem with this setup?
freakmn
08-08-2003, 03:00 AM
I can see no problems with that setup, as long as you configure everything correctly. First off, if you are only doing connection sharing, with nothing fancy, all you need is port forwarding set up on your firewall. The benefits a proxy server gives are: A caching proxy will speed up pages and/or downloads that you frequently access. For instance, all Windows computers on my home network have counter-strike on them and needed the latest update. Instead of setting up a fileserver, I downloaded it to one computer, and downloaded it again from the SAME SITE (important), and it went at multiple Mb/s. This is because the file was cached on the local machine, and instead of redownloading it from the internet, the proxy sent it over LAN to the Windows computers.
I also have Dansguardian (http://dansguardian.org/), a content filter, that connects to squid (http://www.squid-cache.org/), to provide both caching and content filtering. This is useful in our family so my 5 year old sister doesn't get to any "naughty" sites. It filters based on content, not a black or white list, so it is not overly restrictive, yet is dynamic enough to detect new web pages.
But a proxy won't quite do all you have mentioned that you need done. My family also uses services that connect through a non-http port (Counter-Strike being one of those), so I use ShoreWall (http://www.shorewall.net/) to forward non-standard ports. This can also forward http, but then it would bypass the content filtering and cache parts of my setup. It also secures my connection, so you can't detect my computer over the net. It appears to anyone that my internet connection does not exist, and times out if you try to connect to it. However, if I initiate a connection, all goes well. If you wish people on the internet to access your webserver, you will have to configure your firewall to allow them to do so.
Finally, I assume that you correctly have your hardware set up, but just in case you don't, here's the way to do it. If you have a hub, use a standard (CAT5 or higher) network cable to connect the computers to the hub. If you are connecting the ethernet cards directly, you must use a crossover cable.
That should be more than enough information for you, so good luck!
Once you get the firewall set up, I would recommend that you check its security with "Shields Up!" (https://grc.com/x/ne.dll?bh0bkyd2).
I also have Dansguardian (http://dansguardian.org/), a content filter, that connects to squid (http://www.squid-cache.org/), to provide both caching and content filtering. This is useful in our family so my 5 year old sister doesn't get to any "naughty" sites. It filters based on content, not a black or white list, so it is not overly restrictive, yet is dynamic enough to detect new web pages.
But a proxy won't quite do all you have mentioned that you need done. My family also uses services that connect through a non-http port (Counter-Strike being one of those), so I use ShoreWall (http://www.shorewall.net/) to forward non-standard ports. This can also forward http, but then it would bypass the content filtering and cache parts of my setup. It also secures my connection, so you can't detect my computer over the net. It appears to anyone that my internet connection does not exist, and times out if you try to connect to it. However, if I initiate a connection, all goes well. If you wish people on the internet to access your webserver, you will have to configure your firewall to allow them to do so.
Finally, I assume that you correctly have your hardware set up, but just in case you don't, here's the way to do it. If you have a hub, use a standard (CAT5 or higher) network cable to connect the computers to the hub. If you are connecting the ethernet cards directly, you must use a crossover cable.
That should be more than enough information for you, so good luck!
Once you get the firewall set up, I would recommend that you check its security with "Shields Up!" (https://grc.com/x/ne.dll?bh0bkyd2).
vrek
08-09-2003, 12:02 AM
I already have everything else up and running. The only thing I needed was a proxy. But from some of the documentation I read it sounded like I needed a dedicated machine for it. I was only asking if this is true or not. I already have all the servers up and running(I would show you my webpage but do to a recent problem causing reinstalation of my entire computer it got lost). And about the content filter since Im the only one under 18 and one of only 2 men(and he's 25) most of the "naughty" sites are visited by me .:D
Oaki
08-09-2003, 12:38 AM
Vrek, i'm not trying to flame or anything, but seriously, how much research have you done on these situations? I understand that yes, new people do need a lot of help, but the biggest thing to understand is that unless you have an old 486 with a 2 gig hd (could that even be supported?) running this *** huge SQL database, nothing requires a dedicated machine.
Now as far as this is going, everything freakmn is correct. All you would need is a small proxy server running on the linux box. Wouldn't take much to setup. have your proxy listen on port-x, configure what ever firewall you have to allow that port to be open/forwarded. and just forward that port to where ever it has to go. Really, with a proxy it'll automatically forward what ever port you need (from what i understand at least.) I'm really not seeing the advantage in your situation of having the proxy in place, unless you are constantly going to the same pages. The only problem with that is as those pages get updated, your proxy has to refresh, then propogate those changes down to your client. I think if this is running in your house/apartment it's much easier to have your computers going straight to the web, not having to worry about any proxy.
just my $.02
Now as far as this is going, everything freakmn is correct. All you would need is a small proxy server running on the linux box. Wouldn't take much to setup. have your proxy listen on port-x, configure what ever firewall you have to allow that port to be open/forwarded. and just forward that port to where ever it has to go. Really, with a proxy it'll automatically forward what ever port you need (from what i understand at least.) I'm really not seeing the advantage in your situation of having the proxy in place, unless you are constantly going to the same pages. The only problem with that is as those pages get updated, your proxy has to refresh, then propogate those changes down to your client. I think if this is running in your house/apartment it's much easier to have your computers going straight to the web, not having to worry about any proxy.
just my $.02
vrek
08-09-2003, 01:18 AM
I haven't done much research on it. I mainly have 2 reasons for setting up the proxy. The first is common to most of the useless stuff I do on linux, to learn. After setting it it I know how to set it up, what it entails how to configure it etc etc. The other reason is I found instructions on tunneling AIM through SSH into my computer where its redirected to the AIM servers. The purpose of this is to run AIM through my school's firewall(we keep finding ways and then the sysop finds the hole and closes it, this should be hard to discover though since its secure tunneling). The only problem is it requires a proxy server so...I set one up.
Basically what I did was read the transparent proxy how-to on TLDP and set up squid. So far its working pretty good, not seeing much of a speed increase but I think thats because of the newness of it(last 2 days) and the lack or repition in web viewing, acturally alot of repition but with sites that can't be cached(news sites, email sites, etc)
Basically what I did was read the transparent proxy how-to on TLDP and set up squid. So far its working pretty good, not seeing much of a speed increase but I think thats because of the newness of it(last 2 days) and the lack or repition in web viewing, acturally alot of repition but with sites that can't be cached(news sites, email sites, etc)
Oaki
08-09-2003, 11:29 AM
Yeah, I hope my instructions for setting up the AIM through SSH was helpful, that port forwarding can also be useful for getting around blocked web sites. I never tried the proxy you are using, I just used Tiny Proxy. all i had to do was install, configure, and go. You might not see much of an increase, but it helps when going through your school's system.
vrek
08-09-2003, 01:50 PM
Im hoping he didn't block port 23(SSH).
justlinux.com
Copyright 2007 Jupitermedia Corporation All Rights Reserved.
Copyright 2007 Jupitermedia Corporation All Rights Reserved.