Explicit Proxy on a Virtual Machine

Pēdējais mainījis Administrator 2011-06-06 17:16

Exercise: Explicit Proxy on a Virtual Machine

Goals: Demonstrate the basic behavior of Web proxies. Configure a proxy server and access Internet from the browser via that proxy.

The following assumptions are used in this and the next example:

  1. A workstation "myhomepc" (in "Java Summer School" case - the workstation has some animal name, e.g. "rhinoceros") is connected to the Internet directly, without IP masquerading (in "Java Summer School" case there is an invisible Accenture intercepting proxy between you and the Internet).
  2. A browser and VMWare Player are installed on that workstation.
  3. There is a prepared VMWare image "myserver" with Linux. As the VMWare image you can download, unzip and use ftp://www.ante.lv/Ubuntu.zip (692,886,927 bytes). ("Java Summer School uses "ubuntu-srv" image instead of "myserver", which is already set up)
#picture("ExplicitProxy.png", "200")
Figure: Explicit HTTP Proxy

Set up the Networking with the Virtual Machine

#picture("VMWareUbuntu.png","250")
Figure 2.1: VMWare Player

  1. Open VMWare Player and log as the root user. VMWare Player opens the file Ubuntu.vmx - the virtual machine is an Ubuntu-based distributive without the desktop environment. "root" user's password is "Student007".
  2. Make sure that the VMWare networking is configured as "NAT" as it may be problematic to use "Bridged" connection and to request an additional IP address from your Internet Service Provider (Figure 2.1). Get the VMWare machine's IP address and install Squid on this Debian-like Linux distribution with an apt-get commandline:
    dhclient
    ifconfig
    apt-get install squid
    VMWare provides the DHCP service, therefore dhclient should succeed. Assume that the IP address the VMWare machine got is 192.168.184.129. To the outside world, all outgoing packets from the VMWare instance will be translated to the workstation's "myhomepc" IP address; VMWare instance - "myserver" will become a NAT client and "myhomepc" - a NAT router (Figure 2.2).
  3. Return to the workstation "myhomepc" (press Ctrl+Alt to return keyboard focus from the VMWare Player to your main desktop). Run command-line ifconfig (on Linux) or ipconfig (on Windows). Find out your IP address for an outgoing network interface, e.g. eth0. Assume the IP address is 80.232.254.73. Visit http://www.myipaddress.com/ - if you see the same address as from "ifconfig", it means, that there is no explicit HTTP proxy in-between (or anything like NAT or SOCKS) that could hide your IP address to the outside world. Otherwise, you are likely behind your company firewall.
  4. Write down also the IP address for the interface with the VMWare image (it may be called "Ethernet adapter VMware Network Adapter VMnet8" or similar). Assume it is 192.168.184.1. (Figure 2.2).

#picture("network.png","400")
Figure 2.2: Network with VMWare

Configure Squid and User Agents

#picture("switchproxy.png","250")
Figure: Switchproxy plugin

  1. Configure access control in the Squid's configuration file /etc/squid/squid.conf:
    acl myhomepc src 192.168.184.129/255.255.255.255
    http_access allow myhomepc
    Save the configuration file and restart Squid: type /etc/init.d/squid restart.
  2. Install FoxyProxy or Switchproxy plugin on Firefox (see https://addons.mozilla.org/en-US/firefox/addon/125); restart Firefox browser. Now you have a tool to switch proxy settings with one mouse movement (see picture).
    You can also open Tools -> Options -> Advanced -> tab Network, press [Settings] and edit your settings manually.
  3. MS Internet Explorer users can edit their proxy settings from the menu: Tools -> Internet Options -> tab Connections, press [LAN Settings], check "Use a proxy server for your LAN" and fill in the hostname and port of your proxy.

Running HTTP Requests via Proxy

  1. In the Virtual Machine open the squid's logfile:
    tail -f /var/log/squid/access.log
  2. In the address window of your browser (on your workstation, NOT in the Virtual Machine) type some Web address, e.g. http://www.google.lv/search?q=Valmiera.
  3. Clean your browser's local cache (Tools -> Clear Private Data) and make the same request again.
  4. You should see that the first request creates several lines of TCP_MISS/200 log messages (i.e. proxy did not find the page in its cache, requested it from the server and got 200 status code). The second request creates several lines of TCP_MEM_HIT/200 log messages (i.e. cache hits). There may be also some TCP_MISS'es in case the cached Web objects have already expired.
  5. Go to the site http://www.myipaddress.com/what-is-my-ip-address/ again - do you see your own IP address or that of your proxy?
Proxies may do IP masquerading or not - it depends on your configuration. In your case NAT is doing address translation anyway, so you won't be able to tell the difference.

Tagi:
Izveidojis Kalvis Apsītis 2008-03-27 16:26
    
This wiki is licensed under a Creative Commons 2.0 license
XWiki Enterprise 6.4 - Documentation