bypassing a proxy server
Robert Storey
y2kbug at ms25.hinet.net
Mon Mar 15 04:07:05 PST 2004
As some of you may recall, I'm engaged in an ongoing saga trying to set
up a FreeBSD machine on a school's network. The school is Windows only -
the administration knows nothing about FreeBSD (or Linux), and it's up
to me to prove to them that FBSD is worth teaching to the students. Due
to my lobbying, the school has given me one old computer to play with,
and I have installed FreeBSD on it. But there are problems. The biggest
is that the gateway machine is Windows 2000 and it's running a proxy
server (to keep the students from visiting naughty web sites). So the
FreeBSD machine cannot get through to the Internet with http, though the
Windows machines can. On the other hand, the FBSD box can get through
the gateway with ssh and ftp (though performance is sluggish, even with
a T1 line). Furthermore, I want the FreeBSD machine to run an anonymous
ftp server. Forgive the crappy drawing (I never claimed to be an
artist), but this is how the network looks at the moment (except that
there are 10 Windows clients, not 2):
|-------|
|windows|
|------------| |------| |client |
| Win2000 | | |----|-------|
T1--------|proxy server|----|switch|
| & gateway | | |----|-------|
|------------| |---|--| |windows|
| |client |
| |-------|
|
|-----|----|
| FBSD ftp |
| server |
|----------|
The problem is that this doesn't work. People from outside the network
can't get through to the FBSD ftp server. Clearly, that Win2000 proxy
server is an evil machine. When I last discussed this problem (on this
list), Matthew wrote back and offered me a pretty thorough explanation
of the problem, which is posted here:
http://freebsd.rambler.ru/bsdmail/freebsd-questions_2002/msg34253.html
OK, I'm convinced, running a ftp server from a NAT gateway is a
disaster. So I'm looking for a way around it. I have an old unused hub,
and I've been thinking that this might be a possible solution (sort of
like a DMZ?)...
|-------|
|windows|
|------------| |------| |client |
| Win2000 | | |----|-------|
T1--HUB---|proxy server|----|switch|
| | & gateway | | |----|-------|
| |------------| |------| |windows|
| |client |
| |-------|
|
|----|-----|
| FBSD ftp |
| server |
|----------|
The only problem I see here is I don't know how I'm going to get an
address for the ftp server. The Win2000 gateway has a static address, it
dishes out addresses to the clients with dhcp. The NAT addresses are of
course internal addresses like 10.0.0.12, but the school does own a
block of 64 static addresses. If I simply stick a hub in front of the
gateway machine, all traffic to the gateway will also be sent to the ftp
server - I know that will cause packet collisions, but I can live with
the crappy performance because it's a very low traffic environment. My
main concern is simply how to assign an address to the ftp server
without disconnecting the gateway machine.
I'm sorry if I'm asking a dumb question, but I'm a novice when it comes
to setting up networks. I haven't found anything on Google that deals
with this particular question, and there is nobody around here that I
can ask. Any advice is appreciated.
Thanks in advance,
Robert
More information about the freebsd-questions
mailing list