Configuring FreeBSD for the Internet through a Proxy server

    Introduction


    I decided to start studying a not unknown OS - FreeBSD. Because free time during non-working hours is catastrophically small, a test server was raised at work! But the main problem was that in all normal offices the Internet is distributed through proxy or NAT, in my case through a proxy. The main proxy server is also raised on Freebsd with NTLM authentication. I will also consider setting up freebsd with basic authentication on a proxy server.

    The FreeBSD test does not have any additional software, so I have at my disposal a terminal and a csh shell.

    So, basic authentication.

    Everything is simple here, we edit 2 files.
    1) /.cshrc or / home / % username% /.cshrc (your user’s folder) 2) /etc/make.conf We log in and now all programs will know about the presence of a proxy server, if there is no authentication on the proxy server, then login and you don’t need to write a password: There are some subtleties with the .cshrc file, in general it is best to edit the file from the user directory under which you work, for example, for root it will be /root/.cshrc
    setenv HTTP_PROXY login:pass@server:port
    setenv FTP_PROXY login:pass@server:port
    setenv http_proxy login:pass@server:port
    setenv ftp_proxy login:pass@server:port



    FETCH_ENV=HTTP_PROXY=http://login:pass@server:port
    FETCH_ENV=FTP_PROXY=http://login:pass@server:port
    FETCH_ENV=http_proxy=http://login:pass@server:port
    FETCH_ENV=ftp_proxy=http://login:pass@server:port



    setenv HTTP_PROXY server:port



    NTLM authentication.

    Personally, in my example, the above settings somehow made it possible to work through an office proxy server that uses NTLM authentication, I just registered the domain username with the user's password, but it did not work fully! It was possible to download only from ftp servers, I don’t know if this is a jamb of a specifically configured server or this is normal, but the bottom line is that I could download the necessary packages without any problems, if ftp is covered, then it will be a little more problematic to download and install the necessary additional packages ...

    By standard means of FreeBSD, ntlm authentication will fail, additional software will be required. I personally used the cntlm program to configure it and will consider it.

    Install the program in any way possible, my method is simple ... 1)
    # whereis cntlm
    # cd /usr/ports/www/cntlm
    # make install

    Edit the file /usr/local/etc/cntlm.conf 2) Add the lines to /etc/rc.conf 3) Run the daemon : cntlm starts the local proxy server (relay) with the port that you specify in the config, in the future all the system settings must be will configure on this local server (daemon) as we did in the first version: /.cshrc /etc/make.conf And in theory everything will work!
    Username<------>MyUserName(Ваше имя пользователя в домене Windows)
    Domain<><------>MyDomain(Ваше адрес домена Windows)
    Password<------>MyPassword(Пароль вашего пользователя в домене Windows)
    Proxy<-><------>ServerProxy:port(Адрес прокси в домене)
    Listen<><------>3128(порт для локальной прокси)
    Auth<--><------>NTLM(Тип аутентификации на proxy)
    Flags<-><------>0x07820000(Соотвествующие флаги для аутентификации в домене)


    cntlm_enable="YES"
    cntlm_config="/usr/local/etc/cntlm.conf"


    /usr/local/etc/rc.d/cntlm start



    setenv HTTP_PROXY 127.0.0.1:3128

    setenv ftp_proxy 127.0.0.1:3128


    FETCH_ENV=HTTP_PROXY=http://127.0.0.1:3128

    FETCH_ENV=ftp_proxy=http://127.0.0.1:3128




    Error handling

    But it didn’t work for me ... that’s why I will describe some additional settings that I had to make for cntlm.
    First we ’ll clarify the authentication parameters on the proxy server, for this we execute the command: The program will produce something like this: It turned out that I have NTLMv2 authentication, edit cntlm .conf : Your authentication can be NT or LM, if so, then change the Auth and Flags lines, respectively: I also had a problem when starting the daemon: And in response we get: This is written in the log: googl I plainly I didn’t find this topic, so I decided about isat his solution to this problem. Need to edit the cntlm executable in the folder
    # cntlm -M google.ru

    Config profile 1/11... OK (HTTP code: 301)
    ----------------------------[ Profile 0 ]------
    Auth NTLMv2
    PassNTLMv2 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



    Auth<-><------>NTLMv2
    PassNTLMv2<-><------>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



    Auth--------Flags
    NT<-><------>0x05820000
    LM<-><------>0x06820000
    NTLM<-><------>0x07820000



    # /usr/local/etc/rc.d/cntlm start

    Starting cntlm.
    Exitting with error. Check daemon logs or run with -v.
    /usr/local/etc/rc.d/cntlm: WARNING: failed to start cntlm



    cntlm: Cannot access specified config file: %%{PREFIX
    root: /usr/local/etc/rc.d/cntlm: WARNING: failed to start cntlm


    /usr/local/etc/rc.d/
    Change:
    : $ {cntlm_config = "%% {PREFIX} /cntlm.conf"}
    at
    : $ {cntlm_config = "/ usr / local / etc / cntlm.conf"}

    After of these additions, everything began to work as it should.

    Also popular now: