Date: Mon, 15 Mar 2004 09:33:57 -0500 (EST) From: Jerry McAllister <jerrymc@clunix.cl.msu.edu> To: y2kbug@ms25.hinet.net (Robert Storey) Cc: freebsd-questions@freebsd.org Subject: Re: bypassing a proxy server Message-ID: <200403151433.i2FEXvN29638@clunix.cl.msu.edu> In-Reply-To: <20040315201004.21d1a6f1.y2kbug@ms25.hinet.net> from "Robert Storey" at Mar 15, 2004 08:10:04 PM
next in thread | previous in thread | raw e-mail | index | archive | help
> > As some of you may recall, I'm engaged in an ongoing saga trying to set > up a FreeBSD machine on a school's network. The school is Windows only - > the administration knows nothing about FreeBSD (or Linux), and it's up > to me to prove to them that FBSD is worth teaching to the students. Due > to my lobbying, the school has given me one old computer to play with, > and I have installed FreeBSD on it. But there are problems. The biggest > is that the gateway machine is Windows 2000 and it's running a proxy > server (to keep the students from visiting naughty web sites). So the > FreeBSD machine cannot get through to the Internet with http, though the > Windows machines can. On the other hand, the FBSD box can get through > the gateway with ssh and ftp (though performance is sluggish, even with > a T1 line). Furthermore, I want the FreeBSD machine to run an anonymous > ftp server. Forgive the crappy drawing (I never claimed to be an > artist), but this is how the network looks at the moment (except that > there are 10 Windows clients, not 2): Someone else will hopefully respond about the ftp stuff - but, there should be no problem getting the http stuff to work through the proxy server. You just have to change your browser to use whatever port the proxy server requires and make sure the manager of the proxy sets the proxy server to allow your machine to talk to it the same as they allow the windows clients (browsers) and it should work. Of course, you will be blocked from the same porno sites as everyone else. I haven't taken any survey of all browser clients, but any that I have used allow the port to be set. They have things explicitly allowing you to configure them to run through a proxy. As for ftp, does the proxy server proxy ftp as well as http? Ours do not so I haven't had to look at that. There is also stuff in the list archive and maybe even FAQs about getting ftp through NATs and firewalls that may apply. Look for Passive FTP and such things. ////jerry > > |-------| > |windows| > |------------| |------| |client | > | Win2000 | | |----|-------| > T1--------|proxy server|----|switch| > | & gateway | | |----|-------| > |------------| |---|--| |windows| > | |client | > | |-------| > | > |-----|----| > | FBSD ftp | > | server | > |----------| > > The problem is that this doesn't work. People from outside the network > can't get through to the FBSD ftp server. Clearly, that Win2000 proxy > server is an evil machine. When I last discussed this problem (on this > list), Matthew wrote back and offered me a pretty thorough explanation > of the problem, which is posted here: > > http://freebsd.rambler.ru/bsdmail/freebsd-questions_2002/msg34253.html > > OK, I'm convinced, running a ftp server from a NAT gateway is a > disaster. So I'm looking for a way around it. I have an old unused hub, > and I've been thinking that this might be a possible solution (sort of > like a DMZ?)... > > |-------| > |windows| > |------------| |------| |client | > | Win2000 | | |----|-------| > T1--HUB---|proxy server|----|switch| > | | & gateway | | |----|-------| > | |------------| |------| |windows| > | |client | > | |-------| > | > |----|-----| > | FBSD ftp | > | server | > |----------| > > The only problem I see here is I don't know how I'm going to get an > address for the ftp server. The Win2000 gateway has a static address, it > dishes out addresses to the clients with dhcp. The NAT addresses are of > course internal addresses like 10.0.0.12, but the school does own a > block of 64 static addresses. If I simply stick a hub in front of the > gateway machine, all traffic to the gateway will also be sent to the ftp > server - I know that will cause packet collisions, but I can live with > the crappy performance because it's a very low traffic environment. My > main concern is simply how to assign an address to the ftp server > without disconnecting the gateway machine. > > I'm sorry if I'm asking a dumb question, but I'm a novice when it comes > to setting up networks. I haven't found anything on Google that deals > with this particular question, and there is nobody around here that I > can ask. Any advice is appreciated. > > Thanks in advance, > Robert > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403151433.i2FEXvN29638>