proxy or NAT

10 More Discussions You Might Find Interesting

1. Solaris

OpenVPN and NAT

Hi. I am attempting to set up an OpenVPN server on my Solaris 11 box by following all the Linux guides. Thus far I have a working VPN that I can connect to and ssh onto my VPN server over which is great but not what I require long term. I would like to route all VPN client requests for addresses...

2. IP Networking

Connecting via proxy chain to Upstream proxy

I need to configure a proxy on my local machine to use an upstream proxy (installed on another machine). The upstream proxy requires Digest/NTLM authorization. I want the local proxy to deal with the upstream proxy's authorization details and provides authorization free access to users that connect...

3. Infrastructure Monitoring

Snmp and NAT

Hello, I am facing this scenario: three or more remote LAN (peripheral offices), with the same devices (printers, NAS) in each of them. Those LANs have the same network addresses, i.e.192.168.1.* (are connected to WAN via NAT). I need to collect snmp traps from a central server (public IP)....

4. Solaris

NAT IPFilter

Hi everybody, I'm running on Solaris 10 X86 (update 1009). I would like to make NAT's rule. I explain you. On Solaris, I configure the principal interface e1000g0 with IP : 192.168.0.33 I created the first logical interface like that : ifconfig e1000g0 addif 192.168.0.40 netmask...

5. Shell Programming and Scripting

NAT detection

hellou, can anybody help me with nat detection in real time ? i prefer some detection script because i try some nat detection program's for example p0f or i'm using tcpdump, but i would get contain of specific packet. Some ideas?

6. IP Networking

Software/tool to route an IP packet to proxy server and capture the Proxy reply as an

Hi, I am involved in a project on Debian. One of my requirement is to route an IP packet in my application to a proxy server and receive the reply from the proxy server as an IP packet. My application handles data at the IP frame level. My application creates an IP packet(with all the necessary...

7. IP Networking

L2 nat

Hi All, Is there any possibility to change the IP address of a package according to its MAC address. It would be a sort of L2 NAT. (i.e. If the MAC address is 00:1A:A0:1E:XX:XX so the dir IP will be 192.168.X.X) Thanks!.

8. IP Networking

NAT question

i have a firewall with two interfaces eth0 and eth1, eth0 is connected to an external network, and eth0 is connected to a private lan. im using this command for NAT iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 223.0.0.3 my questions are : 1) how can i...

9. IP Networking

NAT with proxy ARP question

Hello Gurus! I'm currently trying to configure NAT using proxy ARP on a SunOS 5.8 . This box is running Check Point FW1 that sits behind my internet router. I have a server that is connected to the firewall box. I want to translate this server using proxy ARP. Settings:...

10. IP Networking

FreeBSD - NAT

Hi All! I have a Pentium 100 (32 MBRAM) with FreeBSD 4.4 installed on it and I am using it as a gateway. When I am downloading (or uploading) stuff simultaneously I see that natd is using up to 100% of the cpu capacity, hence the internet connection becomes blocked. My guess is I will have...

LEARN ABOUT DEBIAN

ffproxy.quick

ffproxy.quick(7)				       BSD Miscellaneous Information Manual					  ffproxy.quick(7)

NAME

     ffproxy.quick -- filtering HTTP/HTTPS proxy server quick introduction

DESCRIPTION

     ffproxy is a filtering HTTP/HTTPS proxy server.  It is able to filter by host, URL, and header.  Custom header entries can be filtered and
     added.  It can even drop its privileges and optionally chroot(2) to some directory.  Logging to syslog(3) is supported, as is using another
     auxiliary proxy server.  An HTTP accelerator feature (acting as a front-end to an HTTP server) is included.  Contacting IPv6 servers as well
     as binding to IPv6 is supported and allows transparent IPv6 over IPv4 browsing (and vice versa).

     This manual describes how to set up a basic HTTP proxy installation.  It is assumed that you already have compiled the program or installed
     it via port or package.

COPYING FILES

     The program comes with default configuration files that contain both examples and suggested entries.  You can simply copy them to a directory
     of your choice.  This directory will become the program's working directory.

	   mkdir /var/ffproxy
	   tar cf - db/ html/ | ( cd /var/ffproxy ; tar xf - )
	   cp sample.config /var/ffproxy/ffproxy.conf

     Above example would install all needed files to /var/ffproxy, which is ffproxy's default working directory.

SECURING

     The proxy now has its own working directory.  By default, ffproxy does not change UID/GID after start.  For security reasons we want to
     enable it.  You have two choices know: Either use existing UID/GID or add custom UID/GID for ffproxy.  See adduser(8) or useradd(8), depend-
     ing on your system, on how to create new IDs.

     Edit ffproxy.conf and change the lines containing uid and gid

	   # change UID and GID
	   #
	   # to use, both uid and gid must be set
	   # (disabled by default)
	   #uid proxy
	   #gid proxy
	   uid _ffproxy
	   gid _ffproxy

     In addition to changing UID and GID, ffproxy should be executed change-rooted to its working directory.  So we change chroot_dir and
     db_files_path in the configuration file

	   # change root to (only in connection with uid and gid change)
	   # (disabled by default)
	   chroot_dir /var/ffproxy

	   # path to db/ and html/ directories
	   # (default: /var/ffproxy)
	   db_files_path .

     db_files_path must be changed, too, since that is relative to new root.  Finally, we copy /etc/resolv.conf to ffproxy's home to enable DNS in
     chroot and chown /var/ffproxy so the proxy's master process can write its PID file

	   mkdir /var/ffproxy/etc
	   cp /etc/resolv.conf /var/ffproxy/etc/
	   chmod 750 /var/ffproxy
	   chown _ffproxy._ffproxy /var/ffproxy

ACCESS TO THE PROXY

     By default, nobody is allowed to connect to ffproxy.  Let's say, we want to provide LAN users a filtering proxy to shut down malicous content
     coming from the Internet.	So the proxy has to be listening on the local network interface only.  We change bind_ipv4 and bind_ipv6 appropi-
     ately in ffproxy.conf

	   bind_ipv4 martyr.burden.eu.org
	   bind_ipv6 martyr.burden.eu.org

     Additionally, we have to change db/access.ip.  By, for example,

	   ^192.168.10.

     we allow 192.168.10.0/24 to use our proxy.

STARTING THE PROXY

     Last step is starting ffproxy.  Keep in mind that we run the program change-rooted to /var/ffproxy, so files are relative to new root.

	   cd /var/ffproxy ; /usr/local/bin/ffproxy -f ffproxy.conf

     starts ffproxy.  Now test if it works correctly.  If not, change ffproxy.conf and/or read ffproxy(8) ffproxy.conf(5)

     ffproxy is not running as daemon right know.  If everything seems to work, simply shut down the proxy by pressing CTRL-C, set `daemonize yes'
     in the configuration file and start ffproxy again.

TRANSPARENT OPERATION

     The proxy allows transparent operation, that is, HTTP traffic is redirect to the proxy which simulates a HTTP server so that the users don't
     have to specify a proxy server.  Consider forced usage of a proxy server as well.	To do that, you will have to configure your NAT accord-
     ingly.  On OpenBSD you'll want a line like

	   rdr on rl0 proto tcp from any to any port 80 -> 127.0.0.1 port 8080

     in /etc/pf.conf.  See your NAT's documentation for details on how to do this.

VERSION

     This manual documents ffproxy 1.6 (2005-01-05).

SEE ALSO

     ffproxy(8), ffproxy.conf(5), pf.conf(5)

								    Jan 5, 2005

BSD