Help!

remote access to proxy server (tinyproxy) via PuTTy

  
  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Firewall RSS
Next:  Could sdic 2.1.3-12 be unblocked?  
Author Message
Carolyn Debian
External


Since: Mar 08, 2007
Posts: 4
PostPosted: Wed Mar 07, 2007 9:02 pm    Post subject: remote access to proxy server (tinyproxy) via PuTTy
Archived from groups: linux>debian>maint>firewall (more info?)
My gateway machine has 2 NIC with one connected to DSL modem and the other connected to a router. When I use PuTTy (set Tunnel to L8080 localhost:8888 where 8888 is the port for tinyproxy) to connect to it and set proxy in IE6 as localhost port 8080, I got the following errors:

Unable to connect
The request you made failed. Here are the error variables:
request
GET http://google.com/ HTTP/1.1
cause
Unable to connect
clientip
127.0.0.1
clienthost
localhost.localdomain
version
1.6.3
package
tinyproxy
date
Thu, 08 Mar 2007 00:58:40 GMT
detail
tinyproxy was unable to connect to the remote web server.
url
(unknown)

I got this error for any website except the web server on the gateway machine.

My firewall and tinyproxy.conf is attached.

I've tried for couple of days and can't figure it out. Any help would be appreciated.


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST.RemoveThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.RemoveThis@lists.debian.org
Back to top
pinniped
External


Since: Feb 16, 2007
Posts: 6
PostPosted: Wed Mar 07, 2007 10:01 pm    Post subject: Re: remote access to proxy [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Before I read the entire script posted -

1. Why are you setting proxy and tunnel to 'localhost'? Shouldn't the proxy be on your gateway machine?

2. What are you attempting to use the tunnel for? It is not clear why you are using the tunnel or how you wish to use it. My guess is that you are trying to make the local machines use a tunnel to access the internet via the proxy on your gateway. (Great if you have a Wireless router in there, but strange if you have a wired LAN - unless you want to prevent people on the LAN from sniffing others' packets).

3. In your configuration, this is a very strange setting:
Allow 192.168.1.0/25
Did you make a mistake in the post or is your net mask really /25?

4. Are you using PPPoE? I'm just asking because you mention 'ppp0' - you will not have this on DSL modems unless you are using PPPoE to connect.

5. Perhaps WinDos is not resolving 'localhost' and you have to explicitly put '127....' ?



--
To UNSUBSCRIBE, email to debian-firewall-REQUEST.TakeThisOut@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.TakeThisOut@lists.debian.org
Back to top
Carolyn Debian
External


Since: Mar 08, 2007
Posts: 4
PostPosted: Wed Mar 07, 2007 10:01 pm    Post subject: access proxy via PuTTy [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Apparently I didn't explain clearly.

1. The gateway machine is at home. I use PuTTy to connect to it from a remote site. I set the Tunnel in PuTTy as: source port 8080, destination: localhost:8888

2. The tunnel is not for my LAN at home. It's for access to the gateway machine remotely.

3. Allow 192.168.1.0/25 is copied from somewhere. Anyway, using 192.168.1.0/24 doesn't make a difference.

4. Yes, I'm using PPPoE.

5. No, 127.0.0.1 doesn't work either.

My whole purpose is trying to access internet via the gateway machine at home from a remote site.


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST DeleteThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster DeleteThis @lists.debian.org
Back to top
Carolyn Debian
External


Since: Mar 08, 2007
Posts: 4
PostPosted: Thu Mar 08, 2007 6:02 pm    Post subject: tinyproxy [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
I changed to 192.168.1.1 and no difference.

Now I know where in the source code of tinyproxy the error was thrown:

if (connect(sock_fd, (struct sockaddr *) &port_info, sizeof(port_info)) < 0) {
log_message(LOG_ERR, "opensock: connect() error \"%s\".",
strerror(errno));
}

The connect() function doesn't work. The connection is refused. So how can I check if port 8888 (tinyproxy listens on it) can send out http request?


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST RemoveThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster RemoveThis @lists.debian.org
Back to top
Paolo
External


Since: Nov 09, 2004
Posts: 168
PostPosted: Thu Mar 08, 2007 8:01 pm    Post subject: Re: tinyproxy [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Thu, Mar 08, 2007 at 10:43:53PM +0100, Carolyn Debian wrote:
>
> I changed to 192.168.1.1 and no difference.

but at least it's correct now Smile

dunno much about tinyproxy, though your proxy's log look weird:

> In tinyproxy.log, I could see:
>
> CONNECT ... Connect (file descriptor 7): [192.168.1.1]
> CONNECT ... Request (file descriptor 7): GET http://google.com/HTTP/1.1
> INFO ... No proxy for google.come
> ERROR ... opensock: connect() error "Connection refused".
> INFO ... Not sending client headers to remote machine
>
> This is what's in tinyproxy.log when I tried to browse the website hosted
> on 192.168.1.1:
>
> CONNECT ... Connect (file descriptor 7): [192.168.1.1]
> CONNECT ... Request (file descriptor 7): GET http://my.dyndns.org/HTTP/1.1
> INFO ... No proxy for my.dyndns.org
> CONNECT ... Established connection to host "my.dyndns.org" using file
> descriptor 8.
> INFO ... Closed connection between local client and remote client
>

seems misconfigured. pls post the config.

--
paolo


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST DeleteThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster DeleteThis @lists.debian.org
Back to top
Stephan Balmer
External


Since: Apr 26, 2005
Posts: 8
PostPosted: Thu Mar 08, 2007 8:01 pm    Post subject: Re: tinyproxy [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
> The connect() function doesn't work. The connection is refused. So how can
> I check if port 8888 (tinyproxy listens on it) can send out http request?

Test first whether you can reach any Internet hosts at all with commands
such as:
ping google.com
wget google.com
on the proxy host. Simply put: if they work, the problem lies with
tinyproxy, if they do not work, your firewall setup is too strict.

In case you have a 'Bind' directive in the tinyproxy.conf, try removing it
or replacing it with
Bind $EXTIP
where $EXTIP is the IP adress of eth0 (your external interface, I presume)


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST RemoveThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster RemoveThis @lists.debian.org
Back to top
Carolyn Debian
External


Since: Mar 08, 2007
Posts: 4
PostPosted: Thu Mar 08, 2007 10:01 pm    Post subject: "Bind" solves the issue [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
You just solved my problem, Stephan.

I removed Bind in tinyproxy.conf and it works. Also I tried to Bind to eth0 (external) and it works too. So apparently Bind to eth1 (internal), which was my old config, is not correct. I thought if I Bind to eth1, it'll automatically forward to eth0.

Thanks so much. The issue has been bothering me for a couple of days.


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST.DeleteThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.DeleteThis@lists.debian.org
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Firewall All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum