6

My company uses an HTTP Proxy, so I had to configure several config-files of my tools to access the internet via the the Proxy.

When users are at home, they won't be able to use that proxy (except when they use the VPN connection). Is it possible to simulate that proxy (same address, same port) but using the direct home connection of users?

Are there any better ways to handle this kind of proxy / mobile user situation?

Wesley
  • 32,690
  • 9
  • 82
  • 117
Henrik P. Hessel
  • 400
  • 3
  • 18
  • 1
    You could just have your tools look for environment variables about which proxy to use or even whether to use a proxy at all. This should give you flexibility to work in proxied or proxy-less environments without the hassle of setting up a proxy server. – Kevin Kuphal Jul 08 '09 at 20:35
  • thanks for your input kevin. i.e. there some eclipse plugins, which uses their own config files for proxy settings, and cannot use env. vars. – Henrik P. Hessel Jul 08 '09 at 20:40
  • There was a great question asked here before about how to use different config files at different sites. One of the answers included a nifty script to download the necessary files from a local SVN repository. Might come in handy for you in this situation. Keep different configuration files at each location. – Kevin Kuphal Jul 08 '09 at 20:45
  • 1
    Oh, down voting as a punishment for negative comments. sad, drives me away :/ – Henrik P. Hessel Jul 08 '09 at 20:49
  • 1
    Agreed re: downvotes. I prefer a happy, positive Server Fault experience. – Evan Anderson Jul 08 '09 at 21:18

6 Answers6

4

Don't do this - just use WPAD like (almost) everyone else!

WPAD allows clients to auto-detect the proxy settings for their current network.

In the case of IE, it means you leave "Automatically detect settings" ticked for LAN connection properties.

After this:

  • any network that supports WPAD will allow clients to discover and use the proxy
  • any network that supports the use of the Default Gateway transparently will just work
  • any network that supports neither will be a pain in the butt, but then they already are, and it's these networks that require constant reconfiguration of proxy settings by client computers
    • Don't be one of these networks

WPAD is implemented through DHCP option 252, and/or a DNS entry that points the hostname WPAD.yourdomain.com at a web server or proxy that hosts a file /wpad.dat .

TristanK
  • 9,073
  • 2
  • 28
  • 39
  • 1
    And for the anonymous downvoter, if you have a better suggestion than WPAD, I'm interested. It's vastly preferable to trying to futz around with DNS and carry a proxy server on every client machine, and adjusts to different environments such as hotel networks. – TristanK Jan 19 '12 at 04:13
  • wpad is indeed the way this *should* be done. – Sirex Jan 19 '12 at 08:12
2

It seems like you should be able to setup a Linux box with a proxy between you and the Internet. Then add some iptables rules to redirect any requests to the IP address of your company proxy to the proxy running on the local system.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • This is the "correct" answer to the question but I would still question the original desire to set such a thing up. – Kevin Kuphal Jul 08 '09 at 20:37
2

I'm guessing that you're carrying a laptop home from work (and carrying home this proxy configuration with you).

If you control your own router and DNS server at home you can pull this off pretty easily. If not, then you might be better off just unconfiguring the proxy when you're home.

  • You'll need a proxy to use. If you've got a spare box to put Linux on at home, you can spin up something like IPCop Linux or any number of other small Linux distros that come with the Squid Cache proxy. Be sure that you've got Squid enabled and working before you proceed.

  • If you refer to the proxy by DNS name (i.e. "proxy.company.com") then you'll need to get that name to resolve on your home LAN. The easiest way to do that is to setup a DNS server on your home LAN and create a zone for "proxy.company.com" with an A record referring to the name "@" and the IP address of your proxy machine.

  • If you refer to the proxy by IP address you're going to have to do some network address translation games. At this point, you're probably best off using a Linux-based machine as your router / gateway to the Internet. You can do a NAT rule in the iptables firewall to translate requests to an example company proxy server at 123.4.5.6, port 8080 to the local Squid cache, port 3128, like so:

    iptables -t nat -A PREROUTING -d 123.4.5.6 --dport 8080 -j REDIRECT --to-ports 3128

This is going to be a learning experience for you if you're not familiar with how DNS, proxies, etc work.

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
  • Learning Experience - True 'dat – squillman Jul 08 '09 at 20:45
  • I still think running a local proxy that can forward connections to another proxy or directly may be the better choice. It will allow you the freedom to easily use your computer anywhere, not just work and home. If only I could remember the name of that tool... – Zoredache Jul 08 '09 at 20:55
  • yeah evan, totally forgot to mention that I'm using a laptop. Right xD – Henrik P. Hessel Jul 08 '09 at 20:57
  • @Zoredache: There's something vaguely sexy 'bout the DNS at home resolving the corporate proxy to a local host's IP. The local proxy is probably a bit more practical unless one really wants to put together a DNS server for home. I kinda like having DNS at home, though. I point a lot of common advertising domains to a local web server running a script to serve up random banner ads I downloaded from: http://www.chickenhead.com/bannertown/1.asp (I did this in the office at my "old job" and got some great laughs when people thought they were real ads... heh heh...) – Evan Anderson Jul 08 '09 at 21:22
  • solved it by installing a local squid proxy and a redirection for the hostname in the windows hosts file. saves the energy to setup another linux box ;) – Henrik P. Hessel Jul 08 '09 at 23:09
  • Yeah, but you don't have the sexiness of running your own DNS server at home and lying about being authoritative for real-world domain names! >smile< Glad to hear it's working for you, though. – Evan Anderson Jul 08 '09 at 23:37
0

Fiddler is a proxy. I'm not sure it will do what you want but it is a proxy for all requests.

Jim B
  • 24,081
  • 4
  • 36
  • 60
0

Another idea occurs to me.

Instead of setting up another proxy at home, perhaps it would be better to install a proxy onto your laptop. Configure all your clients that need to use the proxy at the proxy running on your local system. When you are at work, have your local proxy forward everything to the business proxy, and when you are at home allow your proxy to make connections directly.

The name escapes me, but I am certain I saw a program somewhere that was designed just for this purpose.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • The proxy polipo ( http://www.pps.jussieu.fr/~jch/software/polipo/ ) will do just this. – Mei Jul 08 '09 at 23:05
0

Not really, the requests are handled differently for proxied connections as opposed to direct to host connections.

You have a couple of options:

  1. Install a local proxy like Fiddler or WebScarab on your machine. You would have to reconfigure your apps to talk to this proxy instead, but then after that you would only need to either point that proxy to your corporate proxy or have it talk direct to your remote hosts when you're not at work or on the VPN.
  2. Set up a proxy server on your network at home. You then would need something like a hosts file entry for this machine using the name of your corporate proxy and the IP of your local proxy. SQUID is a free proxy for 'Nix and Windows, so is FreeProxy for Windows.
squillman
  • 37,883
  • 12
  • 92
  • 146
  • well, I could tweak the hostfile to point to 127.0.0.1. That would be the only thing to do when I'm at home: uncomment the this line in hosts. Great anwser! – Henrik P. Hessel Jul 08 '09 at 20:42