Appendix 7

Appendix 7
2.2.5 Proxy Server

     As you can see we are running a local network using a single IP address so it is necessary to give our clients access for a lot of reason, say ftp, www access, telnet - just to name a few. But it is not possible directly from the client hosts to access outside networks thus comes the necessity of setting a proxy server on 'maple' which will serve our clients with necessary services. There are a lot of Proxy servers available but we decided to use delegate for the following features available on the tool:

  • Ftp Proxy
  • Telnet Proxy
  • Http Proxy(forwarding)
  • Pop Proxy

It is available at http://wall.etl.go.jp/delegate/ or from the ftp site:
ftp://ftp.etl.go.jp/pub/DeleGate/delegate5.8.5.tar.gz . Just download it and you will get the file in delegate???.tar.gz format, say, delegate5.8.5.tar.gz. And follow as below:

maple@junan:/home/junan{1013}% cat delegat5.8.5.tar.gz | gunzip | tar xfv -
..................
maple@junan:/home/junan{1014}% ls -l | grep ^d
drwxr-xr-x 15 junan wheel 512 Dec 29 17:49 delegate5.8.5
maple@junan:/home/junan{1014}% cd delegate5.8.5
maple@junan:/home/junan{1015}% make

(If you don't have your current working directory include in path then there will be message telling you so, set the current directory to your path:

maple@junan:/home/junan{1016}% set path=($path .)
maple@junan:/home/junan{1017}% echo $path
/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/bin /usr/X11R6/bin /home/jun
an/bin .)

Now try again make:

maple@junan:/home/junan{1018}% make

You should get a binary version of delegated in the src directory. But if you can't find one try:

maple@junan:/home/junan{1019}% find . -name delegated -print
./src/delegated

Copy it anywhere you want it, it will run without any need for configuration files:

Now Try some nice commands:

maple@junan:/home/junan{1020}% delegated -P8080 PROXY="202.251.33.1:80"

It will forward any httpd request received at port 8080 to the server 202.251.33.1 port 80, which is our school proxy server. So, all our clients hosts have to do is set up their browsers pointing to maple(192.168.0.3) port 8080.

maple@junan:/home/junan{1020}% delegated -P8023 SERVER=telnet

This will run a telnet server on maple at the port 8023. So let's try to use it from a localhost:

mapletown@junan:/home/junan{498}% telnet maple 8023 # don't forget the port number
Trying 192.168.0.3...
Connected to maple.ant.yatsushiro-nct.ac.jp.
Escape character is '^]'.
-- @ @ maple.ant.yatsushiro-nct.ac.jp PROXY-telnet server DeleGate/5.7.2
-- ( - ) { Hit '?' or enter `help' for help. }
DeleGate/5.7.2 (October 30, 1998)
AIST Research Product No. 1994-ETL-8715-1
Copyright (c) 1994-1998 Yutaka Sato
Copyright (c) 1994-1998 Electrotechnical Laboratry (ETL), AIST, MITI
WWW: http://wall.etl.go.jp/delegate/
-- -- -- This (proxy) service is maintained by 'root@localhost'
>> Host name: mercury # put a valid name here(I got the name mercury in
                                          # /etc/hosts)
-- Trying mercury [202.251.34.161:23] ...
-- Connected to mercury.
SunOS UNIX (mercury-gw)
login:

So, you will be login in to mercury from a local host using this telnet server. Let's try a proxy ftp server:

maple@junan:/home/junan{1020}% delegated -P8021 SERVER=ftp

It will run a ftp proxy server(I mean a forwarding server) on maple at the port 8021.

So, let's try from a localhost:

mapletown@junan:/home/junan{499}% ftp maple 8021
Connected to maple.ant.yatsushiro-nct.ac.jp.
220- maple.ant.yatsushiro-nct.ac.jp PROXY-FTP server (DeleGate/5.7.2) ready.
220- @ @
220- ( - ) { DeleGate/5.7.2 (October 30, 1998) }
220- AIST Research Product No. 1994-ETL-8715-1
220- Copyright (c) 1994-1998 Yutaka Sato
220- Copyright (c) 1994-1998 Electrotechnical Laboratry (ETL), AIST, MITI
220- WWW: http://wall.etl.go.jp/delegate/
220- --
220- You can connect to a SERVER by `user' command:
220- ftp> user username@SERVER
220- or by `cd' command (after logged in as an anonymous user):
220- ftp> cd //SERVER
220- ** Toggle CACHE by `cd .' (CACHE is enabled by default)
220- This (proxy) service is maintained by 'root@localhost'
220-extended FTP [MODE XDC]
Name (maple:junan): s96281 # put the login name here of the target host
331 Password required for s96281.
Password: # password for the target host
230- User s96281 logged in.
230 Now you can select a FTP SERVER by cd //SERVER
ftp> cd //mercury # the host that has a user specified above
250-- CWD for s96281@mercury.
220- mercury-gw FTP server (SunOS 4.1) ready.
331- Password required for s96281.
230- User s96281 logged in.
250-- @ @
250 \( - )/ -- { connected to `mercury' }
ftp>

So, you are logged in now to an outside host.
So, that's all. Now your clients can access outside networks via your maple host. For more information please refer to the manual pages available with the package. It should be something named Manual.txt(under doc directory). You can install it with make install, though. Now let's put a script at /usr/local/etc/rc.d directory of delegate so that it gets start up at the boot time:

#!/bin/sh
# file creatd by Junan on
# Fri Feb 5 18:17:31 JST 1999
DELEGATED=/usr/local/sbin/delegated
If [ -x $DELEGATED ]
then
echo "starting a httpd forward server...."
$DELEGATED --P8080 PROXY="202.251.33.1:80"
echo "starting a telnet forward server...."
$DELEGATED --P8023 SERVER=telnet
echo "starting a ftp forward server...."
$DELEGATED --P8021 SERVER=ftp

Don't forget to:

maple# chmod 700 delegated.sh
maple# ls -l delegated.sh
-rwx------ 1 root wheel 169 Feb 1 14:38 delegated.sh
| Home | Introduction | An Overview of Our Network | System Administration | Security | Conclusion | Acknowledgements | References | Appendix 1 | Appendix 2 | Appendix 3 | Appendix 4 | Appendix 5 | Appendix 6 | Appendix 7 | Appendix 8 | Appendix 9 | Appendix 10

This page is maintained by:
jchakma@yahoo.com