connecting osr5 to proxy

1 view
Skip to first unread message

Scott Taylor

unread,
Sep 7, 1999, 3:00:00 AM9/7/99
to
Anybody know how I can set SCO OSR5.0.5 to connect to the Internet
through a proxy server? can I set a route to a port?
xxx.xxx.xxx.xxx:xxxx I don't think so. any ideas?
I thought it would be simple, but can't find it anywhere. Or maybe so
simple I can't find it?

--
Scott Taylor gsta...@junction.net
IT Manager
MAAX Westco Inc. http://www.maax.com

Jean-Pierre Radley

unread,
Sep 8, 1999, 3:00:00 AM9/8/99
to
Scott Taylor opined (on Tue, Sep 07, 1999 at 04:58:26PM -0700):

| Anybody know how I can set SCO OSR5.0.5 to connect to the Internet
| through a proxy server? can I set a route to a port?
| xxx.xxx.xxx.xxx:xxxx I don't think so. any ideas?
| I thought it would be simple, but can't find it anywhere. Or maybe so
| simple I can't find it?

Every Netscape on my LAN, whether in WinDoze, UW7, or OSR 5, connects
through the Squid proxy server running on my main OSR 5 machine.

--
Jean-Pierre Radley <j...@jpr.com> XC/XT Custodian Sysop, CompuServe SCOForum

Scott Taylor

unread,
Sep 8, 1999, 3:00:00 AM9/8/99
to

Jean-Pierre Radley wrote:
>
> Scott Taylor opined (on Tue, Sep 07, 1999 at 04:58:26PM -0700):
> | Anybody know how I can set SCO OSR5.0.5 to connect to the Internet
> | through a proxy server? can I set a route to a port?
> | xxx.xxx.xxx.xxx:xxxx I don't think so. any ideas?
> | I thought it would be simple, but can't find it anywhere. Or maybe so
> | simple I can't find it?
>
> Every Netscape on my LAN, whether in WinDoze, UW7, or OSR 5, connects
> through the Squid proxy server running on my main OSR 5 machine.
>

I have no problem with Netscape either. How about connecting sendmail
to a proxy? Or using the command line FTP connected to a proxy?

Jean-Pierre Radley

unread,
Sep 8, 1999, 3:00:00 AM9/8/99
to
Scott Taylor opined (on Wed, Sep 08, 1999 at 02:05:17PM +0000):

|
| Jean-Pierre Radley wrote:
| >
| > Scott Taylor opined (on Tue, Sep 07, 1999 at 04:58:26PM -0700):
| > | Anybody know how I can set SCO OSR5.0.5 to connect to the Internet
| > | through a proxy server? can I set a route to a port?
| > | xxx.xxx.xxx.xxx:xxxx I don't think so. any ideas?
| > | I thought it would be simple, but can't find it anywhere. Or maybe so
| > | simple I can't find it?
| >
| > Every Netscape on my LAN, whether in WinDoze, UW7, or OSR 5, connects
| > through the Squid proxy server running on my main OSR 5 machine.
| >
|
| I have no problem with Netscape either. How about connecting sendmail
| to a proxy? Or using the command line FTP connected to a proxy?

I've no idea, sorry.

Scott Taylor

unread,
Sep 8, 1999, 3:00:00 AM9/8/99
to

Jean-Pierre Radley wrote:
>
> Scott Taylor opined (on Wed, Sep 08, 1999 at 02:05:17PM +0000):
> |
> | Jean-Pierre Radley wrote:
> | >
> | > Scott Taylor opined (on Tue, Sep 07, 1999 at 04:58:26PM -0700):
> | > | Anybody know how I can set SCO OSR5.0.5 to connect to the Internet
> | > | through a proxy server? can I set a route to a port?
> | > | xxx.xxx.xxx.xxx:xxxx I don't think so. any ideas?
> | > | I thought it would be simple, but can't find it anywhere. Or maybe so
> | > | simple I can't find it?
> | >
> | > Every Netscape on my LAN, whether in WinDoze, UW7, or OSR 5, connects
> | > through the Squid proxy server running on my main OSR 5 machine.
> | >
> |
> | I have no problem with Netscape either. How about connecting sendmail
> | to a proxy? Or using the command line FTP connected to a proxy?
>
> I've no idea, sorry.

Oh well. Thanks anyway.
How about hardware proxy servers? Anybody know a good one?

>
> --
> Jean-Pierre Radley <j...@jpr.com> XC/XT Custodian Sysop, CompuServe SCOForum

--

Jeff Liebermann

unread,
Sep 8, 1999, 3:00:00 AM9/8/99
to
On Wed, 08 Sep 1999 11:29:51 -0700, Scott Taylor
<gsta...@junction.net> wrote:

>Oh well. Thanks anyway.
>How about hardware proxy servers? Anybody know a good one?

Does it have to a proxy server or can it just be NAT/PAT (network
address translation or more correctly port address translation)? I
use SonicWall hardware by Sonic Systems:
http://www.sonicsys.com
The basic 10 user box is about $400. It does NAT but is not a proxy
server. If you plan to do remote admin, be sure to get the VPN
option.

If you wanna play proxy on your OSR5 box, see:
http://www.socks.nec.com/
Be careful here as SOCK45 has an additional level of login and
password entry to the proxy server which screws up many proxified
applications. SOCKS4 should be fine if you don't need the extra
security.

Another SCO based solution is the Squid cache and proxy server as
found on the Skunkware cdrom. See:
http://www.sco.com/skunkware/net/index.html#squid

The NAT home page (includes proxy servers).
http://www.uq.net.au/~zzdmacka/the-nat-page/

Sharing your Internet Connection:
http://www.timhiggins.com/ppd/sharing.htm

Cisco IOS Network Address Translation:
http://cco.cisco.com/warp/public/701/60.html
http://cco.cisco.com/warp/public/458/41.html

My favorite is the single floppy Linux router:
http://www.linuxrouter.org
http://www.toms.net/rb/

There are also a bunch of dedicated hardware web caches and proxy
server combinations based on Linux. I'm too lazy to dig these out.
These are mostly intended as performance enhancers for busy web
servers.

What works will depend upon what you are trying to accomplish. Since
this appears to be a secret, specific recommendations are difficult to
supply.

--
Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
(831)421-6491 pgr (831)426-1240 fax (831)336-2558 home
http://www.cruzio.com/~jeffl WB6SSY
je...@comix.santa-cruz.ca.us je...@cruzio.com

Jeff Liebermann

unread,
Sep 8, 1999, 3:00:00 AM9/8/99
to
On Thu, 09 Sep 1999 01:58:01 GMT, Scott Taylor <s.ta...@home.com>
wrote:

>So, I'm thinking go hardware proxy. One that can keep a dialup
>connection open and pass the email to the osr5.0.5 server. But can I
>route to a proxy, at command level, from OSR5?

No. I'll assume that you have some reason to do a proxy server
instead of just NAT/PAT. Usually, it's a security issue. The big
difference between a proxy server and an NAT/PAT box is that the proxy
server acts as the "end point" of a connection and opens a new
connection to the destination for both outgoing and incoming traffic.
The NAT/PAT box simply tweaks the IP addresses in the header and
passes everything through. This means that applications that talk to
a proxy server must know about how to deal with proxy servers. Rule
sets must be established for every service by IP socket number. This
is no fun, but very secure.

There is no way to have EVERYTHING just point to the proxy server and
declare that all socket numbers (services) will be re-connected by the
proxy server. You can do this but this defeats the purpose of the
proxy server. If this is what you want, you might as well go with the
NAT/PAT solution.

The way you do a specific service such as email (SMTP) is to bore
holes in the firewall and configure a proxy. The outside firewall
points to the proxy server on port 25, the proxy server points to the
OSR5 email host on port 25. You have to do this for every service in
/etc/services that you want to use. Most will work out of the box,
but some are difficult. For some hints, see:
http://www.tsmservices.com/masq/
which has the formulas for firewall and IP masquerading (PAT) to get
various programs and services to work.

You're probably familiar with the Netscape and IE Proxy configuration
page, where a proxy server is assigned for each service. It's like
that for every application you run and on each desktop. Each one
needs to be proxy server aware and individually configured for the
proxy server by IP service number. If the company has an internal
domain, it needs to be listed as an exeption so that its traffic
doesn't end up going via the internet. It's no fun but does work.

I tend to judge whether I need a proxy server, or can live with an NAT
box by the number of users or the traffic. If the user count is high
enough that security is a major issue, I usually go with the proxy
server. If the traffic includes a web server, where a web cache is
benificial, I use a Squid cache and proxy. However, if the traffic is
light and head count low, I prefer the NAT/PAT solution as it's much
cheaper and easier to impliment.

Scott Taylor

unread,
Sep 9, 1999, 3:00:00 AM9/9/99
to

Jeff Liebermann wrote:
>
> If you wanna play proxy on your OSR5 box, see:
> http://www.socks.nec.com/
> Be careful here as SOCK45 has an additional level of login and
> password entry to the proxy server which screws up many proxified
> applications. SOCKS4 should be fine if you don't need the extra
> security.
>
> Another SCO based solution is the Squid cache and proxy server as
> found on the Skunkware cdrom. See:
> http://www.sco.com/skunkware/net/index.html#squid
>
> The NAT home page (includes proxy servers).
> http://www.uq.net.au/~zzdmacka/the-nat-page/
>
> Sharing your Internet Connection:
> http://www.timhiggins.com/ppd/sharing.htm
>
> Cisco IOS Network Address Translation:
> http://cco.cisco.com/warp/public/701/60.html
> http://cco.cisco.com/warp/public/458/41.html
>
> My favorite is the single floppy Linux router:
> http://www.linuxrouter.org
> http://www.toms.net/rb/
>
> There are also a bunch of dedicated hardware web caches and proxy
> server combinations based on Linux. I'm too lazy to dig these out.
> These are mostly intended as performance enhancers for busy web
> servers.

To Lazy!?, you're just full of good info. Thanks. I can always use it.

> What works will depend upon what you are trying to accomplish. Since
> this appears to be a secret, specific recommendations are difficult to
> supply.

No secret, I'm trying to save my main db/user server from having to be
on the Internet as a proxy server. However, it already handles
intercompany mail so I want to forward mail from my ISP to it. (We even
have our own subdomain now *woohoo*.)

I can connect OSR5 to the Internet from Netscape via Gatekeeper on my
WinDoze workstation (and so does the whole wan), but that's annoying
because it takes up too many resources in WinDoze. Unfortunately I need
WinDoze junk to do my job or I would set up a Linux proxy server there.

So, I'm thinking go hardware proxy. One that can keep a dialup
connection open and pass the email to the osr5.0.5 server. But can I
route to a proxy, at command level, from OSR5?

Thanks for all the links, et al, I'll have to check them out.
ST

Kirk J. Farquhar

unread,
Sep 9, 1999, 3:00:00 AM9/9/99
to
Assuming your proxy is Squid, on an SCO Server then:

Add the following to each users .profile
setenv http_proxy http://proxy.sco.com:3128/
setenv gopher_proxy http://proxy.sco.com:3128/
setenv ftp_proxy http://proxy.sco.com:3128/

You will only be able to access services through these applications.

Kirkf

Scott Taylor wrote:

> Anybody know how I can set SCO OSR5.0.5 to connect to the Internet
> through a proxy server? can I set a route to a port?
> xxx.xxx.xxx.xxx:xxxx I don't think so. any ideas?
> I thought it would be simple, but can't find it anywhere. Or maybe so
> simple I can't find it?
>

kirkf.vcf

Scott Taylor

unread,
Sep 9, 1999, 3:00:00 AM9/9/99
to
Jeff,
Thank you. You are a wealth of information.

Kenneth McCormick

unread,
Sep 16, 1999, 3:00:00 AM9/16/99
to
Recentky, s.ta...@home.com said...

|
|
|Jean-Pierre Radley wrote:
|>
|> Scott Taylor opined (on Tue, Sep 07, 1999 at 04:58:26PM -0700):
|> | Anybody know how I can set SCO OSR5.0.5 to connect to the Internet
|> | through a proxy server? can I set a route to a port?
|> | xxx.xxx.xxx.xxx:xxxx I don't think so. any ideas?
|> | I thought it would be simple, but can't find it anywhere. Or maybe so
|> | simple I can't find it?
|>
|> Every Netscape on my LAN, whether in WinDoze, UW7, or OSR 5, connects
|> through the Squid proxy server running on my main OSR 5 machine.
|>
|
|I have no problem with Netscape either. How about connecting sendmail
|to a proxy? Or using the command line FTP connected to a proxy?

Squid is an "Internet Object Cache", and hardly a proxy server,
because it can only speak via http. This is described in the docs
and is why you can't proxy real audio, nntp (tcp), ping (icmp),
or other fun things like Quake (udp).

The docs say you can't use command line ftp unless you can do PASV
mode, but I haven't looked to closely at it.
Also there will be no sendmail proxy.

What you would do is get a static IP and a high speed link to your
ISP for one computer, the firewall/NAT router. Pay for a
domain name from Network Solutions. Then you will be able to
do almost anything you want except for mail.

If you want a user to get mail for us...@mydomain.com, then
tell your ISP to change your MX entry in their DNS that sends
any mail addressed to the mydomain.com network to go to
your smtp server (the firewall) instead of their smtp server.
You will need to set up a Master DNS server on your network
and two Slaves for safety - one on your lan, and one geographically
far away, like at your isp in some other state.

A real proxy server is Nec Socks5. http://www.socks.nec.com/
It compiles on most Unix flavors including OS5. It is very configurable,
yet in the end, it too may not do everything. That is why people
who run a private lan through a single ip address and dsl for instance
end up using some form of NAT. Luckily there are now several
excellent methods of this. Linux is popular, but in reality, all
you need, including an OS, will fit on a single 1.44 floppy!
Firewall/NAT on a single 1.44 floppy is available for free
using LRP, the Linux Router Project, http://www.linuxrouter.org/
or for a fee using a very highly rated single floppy os called
GNAT Box, http://www.gnatbox.com/ .

If you pay for a block of addresses, then your firewall will just
be also be your default route out for any comp on the same subnet,
and you will not have to do the NAT. But you would still run the
firewall, name servers, and mail servers.

Kenny

Jorge E. Dominguez

unread,
Sep 21, 1999, 3:00:00 AM9/21/99
to
Scott Taylor wrote:

> Anybody know how I can set SCO OSR5.0.5 to connect to the Internet
> through a proxy server? can I set a route to a port?
> xxx.xxx.xxx.xxx:xxxx I don't think so. any ideas?
> I thought it would be simple, but can't find it anywhere. Or maybe so
> simple I can't find it?
>

> --
> Scott Taylor gsta...@junction.net
> IT Manager
> MAAX Westco Inc. http://www.maax.com

In my home setup, I use a PC (named NEXUS) running windows98
and Winproxy as the Internet gateway through a ADSL modem; Winproxy
does the domain name translation. To access the Internet from another
machine running SCO OpenServer 5.0.4 Netscape Communicator, I had
to modify the file /etc/resolv.conf as follows:

nameserver 192.168.0.1
hostresorder local bind

where the IP address 192.168.0.1 is NEXUS.


Reply all
Reply to author
Forward
0 new messages