Topic: Access to the Internet from SME Box

[ceebster]

Hi Guys

Not been here for a while - hope you are well.

Just re-introducing SME into my ebviroment, and I have asked the question before but got it working.

My school uses a proxy server to get to the internet - i have to put edu***.***.** using port 80 to get internet.

I need to enter this address into my SME box somewhere.  I always thougth it was squid i had to configure, but i don't think it is.

Do you guys know anywhere else that i could enter a proxy address into SME so it can get to the internet

Thanks in advance

Cheers


Chris

[mmccarn]

You can configure a global "upstream" proxy for your SME's built-in squid proxy as described here: http://wiki.contribs.org/SME_Server:Documentation:FAQ#Upstream_proxy_server_configuration

(There's a note at this link mentioning how to disable an upstream proxy: http://wiki.contribs.org/DB_Variables_Configuration#Squid_Proxy_.28squid.29)

Yum and freshclam may require tweaking if your only internet access is via upstream proxy:
http://bugs.contribs.org/show_bug.cgi?id=2407
http://bugs.contribs.org/show_bug.cgi?id=542

[ceebster]

You can configure a global "upstream" proxy for your SME's built-in squid proxy as described here: http://wiki.contribs.org/SME_Server:Documentation:FAQ#Upstream_proxy_server_configuration

done this before and never works.

I';ll try the other links.

Theres not a global config file, like in IE where set a proxy for all external access?

Thanks

C

[mmccarn]

I've tested the "upstream proxy" config in the past and seen it work -- but the functionality is admittedly limited.  It's aimed at allowing programs that use the SME squid proxy to browse the internet on port 80.  In the default config, this would include LAN workstations using the SME "transparent proxy", and not much else.

Without further configuration changes, I would not expect the "upstream proxy" to be any help with curl, wget, telnet, ftp, ssh, or any of the other programs on your SME that communicate directly with the network by themselves. 

I suspect you'll need to search (google or elsewhere) for instructions on how to get each specific program you want working to work through a mandatory proxy server.

[CharlieBrady]

Without further configuration changes, I would not expect the "upstream proxy" to be any help with curl, wget, telnet, ftp, ssh, or any of the other programs on your SME that communicate directly with the network by themselves. 

I suspect you'll need to search (google or elsewhere) for instructions on how to get each specific program you want working to work through a mandatory proxy server.

curl and wget will work correctly on the SME server if executed after running:

export HTTP_PROXY=localhost:3128

None of ssh, ftp and telnet work via an http proxy, so any mention of 'upstream proxy' is not relevant to them.

[ceebster]

Hi Guys

Thanks for the advice, but still can't get out to the internet.   Could it be a global .conf file i may have to edit?

If I do a wget url - if finds the IP So i know DNS is working, but can't download the index page of the file.

Also if i use yum to install a contribs, it fails to find the source files.

Running at a loss at the moment.

Thanks

Chris

[CharlieBrady]

Thanks for the advice, but still can't get out to the internet.

Which bits of the advice have you followed? Tell us exactly what you have done.

[mmccarn]

To be clear that we're all on the same page...

In order to use "wget" from a SME server with a mandatory upstream proxy, first you must configure squid to use the upstream proxy

Code: [Select]

config set SquidParent a.b.c.d
config set SquidParentPort nnn
signal-event post-upgrade
signal-event reboot
Then you must set a value for the "HTTP_PROXY" environment variable and use "wget":

Code: [Select]

export http_proxy=localhost:3128
wget <desired download URL>Note that the "export" command is ephemeral, and is only valid for the currently active shell session - new shells will not inherit this value.  Also, when I was testing I found that "http_proxy" worked in lower case but not in upper case.  If "http_proxy" is set correctly, wget will report Connecting to localhost|127.0.0.1|:3128... connected. before downloading your file.  More info can be found at http://www.editcorp.com/Personal/Lars_Appel/wget/wget_8.html

You should also be able to get wget to work by pointing it directly to the upstream proxy, but the above is the end result of the advice you've received so far.

In order to get YUM to work through a mandatory proxy, you will need to add a line to /etc/yum.conf in the [main] section pointing to the upstream proxy (or, possibly, pointing to "localhost:3128" if you have configured squid to use the upstream proxy).

As with all modifications requiring templating, you *can* *test* this by editing the config file directly -- once you find the configuration that works you will need to incorporate that into one or more custom template fragment(s) for the config files you have edited.

A quick google search for "yum upstream proxy" turned up this post giving an example of how to configure yum.conf to use an upstream proxy: http://www.linuxquestions.org/questions/fedora-35/yum-behind-proxy-server-496726/

As in that example, you need to add "http_proxy=..." (and possibly "proxy_username=..." and "proxy_password=...", depending on your upstream proxy requirements) to /etc/yum.conf just after [main] and just before cachedir=...

You can edit the yum config manually using pico -w /etc/yum.conf (the "-w" is important, and prevents pico from wrapping the text in your config files).

If yum gives you an error after you make your edits (indicating a possible typo in your modifications), you can return to the current config using expand-template /etc/yum.conf

If you are uncomfortable creating custom template fragments, edit the file manually as described above, post your working config back here, and we'll tell you how to get that into a custom template fragment so that your changes will survive reboots and updates.