Aug 20, 2013

Apply Proxy Settings System wide on Linux


This article is about the "Proxy Tunneling" in Linux and where it is necessary to use proxy tunneling.
First of all we talk about : What is Proxy and Proxy Tunneling?

In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Today, most proxies are web proxies, facilitating access to content on the World Wide Web.

A proxy server has a variety of potential purposes, including: 

1. To keep machines behind it anonymous, mainly for security.
2. To speed up access to resources (using caching). Web proxies are commonly used
     to cache web pages from a web server.
3. To prevent downloading the same content multiple times (and save bandwidth).
4. To log / audit usage, e.g. to provide company employee Internet usage reporting.
5. To scan transmitted content for malware before delivery.
6. To scan outbound content, e.g., for data loss prevention.
7. Access enhancement/restriction:
    * To apply access policy to network services or content, e.g. to block undesired sites.
    * To access sites prohibited or filtered by your ISP or institution.
    * To bypass security / parental controls.
    * To circumvent Internet filtering to access content otherwise blocked by governments.
    * To allow a web site to make web requests to externally hosted
        resources (e.g. images, music files, etc.) when cross-domain restrictions 
        prohibit the web site from linking directly to the outside domains.
    * To allow the browser to make web requests to externally hosted content on  
       behalf of a website when cross-domain restrictions (in place to protect 
       websites from the likes of data theft) prohibit the browser from directly   
       accessing the outside domains. 

Proxy Tunnel is a program that connects stdin and stdout to a server somewhere on the network, through a standard HTTPS proxy. We mostly use it to tunnel SSH sessions through HTTP(S) proxies, allowing us to do many things that wouldn't be possible without ProxyTunnel.

Proxy tunnel can currently do the following:
> Create tunnels using HTTP and HTTPS proxies (That understand the 
    HTTP CONNECT command).
> Work as a back-end driver for an OpenSSH client, and create SSH connections
    through HTTP(S) proxies.
> Work as a stand-alone application, listening on a port for connections, and then
    tunneling these connections to a specified destination.

If you want to make effective use of ProxyTunnel, the proxy server you are going to be tunneling through must adhere to some requirements.

1) Must support HTTP CONNECT command.
2) Must allow you to connect to destination machine and host, with or without
    HTTP proxy authentication.

Bypassing Proxy server in Linux client.

Now, as we understood what is proxy and Proxy tunnel, Let's see where it is needed and how to overcome in linux box.

In school, colleges, and Industries, most of the time internet connection are diverted through proxy server, so its critical task to bypass proxy for all those applications who does not have the facility to configure proxy setting.

So, the below technique force individual applications to use proxies, even if the applications themselves don't support proxies.

For that you need to locate and modify two files namely bash.bashrc and apt.conf . Both these files are located in the directory /root/etc

For bash.bashrc, enter the following command in your terminal

gedit /etc/bash.bashrc

This will open the file bash.bashrc in gedit. Scroll down straight to the bottom and add the following lines in the file:

export http_proxy="http://username:password@proxyIP:port"
export ftp_proxy="ftp://username:password@proxyIP:port"
export https_proxy="https://username:password@proxyIP:port"
export socks_proxy="https://username:password@proxyIP:port"

The final file should look something like this then

Replace proxyIP and port with your Proxy IP address and port number respectively, and replace the username and password with your authentication username and password respectively. In case there's no need of authentication, just write the part which follows the @ symbol and leave the rest.

Now you need to modify the apt.conf file similarly. You might need to create the file if it's not already there. But gedit will take care of that anyway and create the file for you if it doesn't exist already. So you can just enter the following command in your terminal.

gedit /etc/apt/apt.conf

Now this will be an empty file, so write the following inside it

Acquire::http::proxy "http://username:password@proxyIP:port/";
Acquire::ftp::proxy "ftp://username:password@proxyIP:port/";
Acquire::https::proxy "https://username:password@proxyIP:port/";
Acquire::socks::proxy "https://username:password@proxyIP:port/";

The final file should look something like this then

That's all. Save and close the file. Log out and Login to activate the new settings and all your applications shall connect to the internet perfectly now.

Note that we could do this from the network proxy tool too and use 'Apply System Wide' but that is a little buggy with authentication. Since we're working on Linux, this is something you should be knowing anyway!

I hope you all learned & enjoyed the article on Apply Proxy Settings System Wide in Linux.
espérons qu'il vous plaira.

Enjoy the article.