LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 06-23-2011, 01:59 PM   #1
hgriggs
LQ Newbie
 
Registered: Mar 2010
Location: Virginia USA
Distribution: Slackware
Posts: 18

Rep: Reputation: 1
How do I ... achieve system-wide proxy settings


I want to set the HTTP_PROXY and HTTPS_PROXY and http_proxy and FTP_PROXY environment variables "somewhere", so all programs that recognise these can find them. I need root to find them for slackpkg and sbopkg, I need users to find them for Dropbox, I need them for cronjobs and scripts and wget.

So I want to set these environment variables up somewhere, preferably something in /etc and have them set and accessible for everyone and everything. I am not using KDE or XFCE or any desktop. I need a command line solution.

Where is the best place to put this? I see that some other distros have a /etc/environment and these variables go in there. In Slackware, should I add them as a new file in /etc/profile.d and have them added every time /etc/profile is accessed? Is there a Slackware approved method that I don't know about?
 
Old 06-23-2011, 02:42 PM   #2
hgriggs
LQ Newbie
 
Registered: Mar 2010
Location: Virginia USA
Distribution: Slackware
Posts: 18

Original Poster
Rep: Reputation: 1
So I did some experimentation. I created two files /etc/profile.d/proxy.sh and /etc/profile.d/proxy.csh. I made them executable like the others in /etc/profile.d. I added these contents (specific to my work proxy):

NO_PROXY="localhost,127.0.0.1"
no_proxy="localhost,127.0.0.1"
HTTP_PROXY="allagash.internal:3128"
http_proxy="allagash.internal:3128"
HTTPS_PROXY="allagash.internal:3128"
https_proxy="allagash.internal:3128"
FTP_PROXY="allagash.internal:3128"
ftp_proxy="allagash.internal:3128"
ALL_PROXY="allagash.internal:3128"
all_proxy="allagash.internal:3128"

Now anything that starts a shell will hit /etc/profile and that works through all the executable files in /etc/profile.d. My root user gets the proxy, my other users get the proxy, and so far it looks like shell scripts and cronjobs and anything that works through a shell gets the proxy. Only the programs that have been designed to use any of these environment variables will be affected, and so far that means slackpkg and sbopkg and wget. Probably all the standard tools will use it. Firefox won't use it, and I tried all the proxy settings. That's a bummer, but not as important.

Last edited by hgriggs; 06-23-2011 at 02:46 PM.
 
Old 06-23-2011, 03:06 PM   #3
mrclisdue
Senior Member
 
Registered: Dec 2005
Distribution: Slackware -current, 14.1
Posts: 1,019

Rep: Reputation: 157Reputation: 157
You can alias the firefox command, in /etc/bashrc, so that it always starts with the proxy environment that you wish....

cheers,
 
Old 06-23-2011, 03:26 PM   #4
hgriggs
LQ Newbie
 
Registered: Mar 2010
Location: Virginia USA
Distribution: Slackware
Posts: 18

Original Poster
Rep: Reputation: 1
Good point. I'll try that. Thanks.

Do I tell Firefox to use the system proxy, or no proxy, or auto-detect proxy?

Last edited by hgriggs; 06-23-2011 at 03:27 PM.
 
Old 06-23-2011, 05:35 PM   #5
gezley
Member
 
Registered: Sep 2009
Location: Ireland
Distribution: Slackware64, NetBSD
Posts: 474

Rep: Reputation: 200Reputation: 200Reputation: 200
How about using iptables to redirect outgoing traffic bound for ports 80, 443, and 21 to port 3128 on the proxy? I use NetBSD for firewalling because iptables confuses the hell out of me but this is how I would go about it. Googling gives me this example for port 80:

Code:
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.168.0/24 -d 0/0 –dport 80 –to-ports 3128

Last edited by gezley; 06-23-2011 at 06:03 PM.
 
Old 06-23-2011, 05:45 PM   #6
mrclisdue
Senior Member
 
Registered: Dec 2005
Distribution: Slackware -current, 14.1
Posts: 1,019

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by hgriggs View Post
Good point. I'll try that. Thanks.

Do I tell Firefox to use the system proxy, or no proxy, or auto-detect proxy?
Actually, I misled you for firefox; it's more *difficult* than simply creating an alias to enforce proxies, since you can't specify one on the cli. You can specify a particular profile with the -P switch, but that may limit the users' ability to create their own profiles.

You can change the network settings in preferences, or in about:config, or by using add-ons.

However, if you wish to enforce the proxies, you can lock the preferences you choose to lock.

See this:

https://support.mozilla.com/en-US/questions/826921

which ultimately leads to this:

http://kb.mozillazine.org/Locking_preferences

cheers,
 
Old 06-23-2011, 06:44 PM   #7
mRgOBLIN
Slackware Contributor
 
Registered: Jun 2002
Location: New Zealand
Distribution: Slackware
Posts: 999

Rep: Reputation: 226Reputation: 226Reputation: 226
Quote:
Originally Posted by gezley View Post
How about using iptables to redirect outgoing traffic bound for ports 80, 443, and 21 to port 3128 on the proxy? I use NetBSD for firewalling because iptables confuses the hell out of me but this is how I would go about it. Googling gives me this example for port 80:

Code:
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.168.0/24 -d 0/0 –dport 80 –to-ports 3128
You can't transparently proxy https, the browser has to know it's going through a proxy.

If you have a webserver (and optionally a DHCP server) on your network you can have browsers "Auto configure" their proxy settings with WPAD.

Have a google about for WPAD and proxy.pac

http://findproxyforurl.com/
 
Old 09-12-2012, 07:39 PM   #8
zialingua
LQ Newbie
 
Registered: Sep 2010
Distribution: Ubuntu
Posts: 4

Rep: Reputation: 0
dconf-tools

I tried the "dconf-tools" Gnome package in Xfce and it works.
 
Old 09-13-2012, 02:24 PM   #9
Martinus2u
Member
 
Registered: Apr 2010
Distribution: Slackware
Posts: 339

Rep: Reputation: 42
Quote:
Originally Posted by gezley View Post
Code:
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.168.0/24 -d 0/0 –dport 80 –to-ports 3128
This may often work in practice (I think I've done it in the past), but according to the HTTP specification a request to a proxy requires an absolute URI whereas a non-proxy request does not. For reasons I could explain a HTTP 1.0 compliant request must fail, whereas a HTTP 1.1 compliant request can be recovered, if the proxy is coded to deal with this situation.
 
Old 09-13-2012, 05:41 PM   #10
nass
Member
 
Registered: Apr 2006
Location: Athens, Greece
Distribution: slack(64|32)_v(13.37|14.0), debian6, ubuntu
Posts: 629

Rep: Reputation: 36
Quote:
Originally Posted by Martinus2u View Post
This may often work in practice (I think I've done it in the past), but according to the HTTP specification a request to a proxy requires an absolute URI whereas a non-proxy request does not. For reasons I could explain a HTTP 1.0 compliant request must fail, whereas a HTTP 1.1 compliant request can be recovered, if the proxy is coded to deal with this situation.
I am sorry for hijacking this thread, but i'd like to subscribe it and ask a relevant question.

i'm not entirely sure what you're saying , but it sounds relevant to my case.
i do have a transparent proxy in my intranet but can't redirect https traffic - as the sites won't load.
You are telling me this is because of HTTP 1.0 ? (whatever that is)
Could you point me in some google search term about HTTP 1.0 and 1.1 and what it all means and how they all bind together?
Thank you.
 
Old 09-13-2012, 05:59 PM   #11
Martinus2u
Member
 
Registered: Apr 2010
Distribution: Slackware
Posts: 339

Rep: Reputation: 42
Quote:
Originally Posted by nass View Post
I am sorry for hijacking this thread, but i'd like to subscribe it and ask a relevant question.

i'm not entirely sure what you're saying , but it sounds relevant to my case.
i do have a transparent proxy in my intranet but can't redirect https traffic - as the sites won't load.
You are telling me this is because of HTTP 1.0 ? (whatever that is)
Could you point me in some google search term about HTTP 1.0 and 1.1 and what it all means and how they all bind together?
Thank you.
as mRgOBLIN pointed out earlier, HTTPS is yet another issue. Since it offers point-to-point encryption you cannot transparently proxy it.

The specifications of the HTTP protocol are found in RFC 1945 and RFC 2616, for HTTP 1.0 and HTTP 1.1 respectively. Those would be the search terms. Amongst the hits (pointing to the IETF itself):

http://www.ietf.org/rfc/rfc1945.txt
http://www.ietf.org/rfc/rfc2616.txt
 
Old 09-13-2012, 07:05 PM   #12
rouvas
Member
 
Registered: Aug 2006
Location: Greece
Distribution: Slackware.12.2
Posts: 72
Blog Entries: 2

Rep: Reputation: 4
Quote:
Originally Posted by nass View Post
I am sorry for hijacking this thread, but i'd like to subscribe it and ask a relevant question.

i'm not entirely sure what you're saying , but it sounds relevant to my case.
i do have a transparent proxy in my intranet but can't redirect https traffic - as the sites won't load.
You are telling me this is because of HTTP 1.0 ? (whatever that is)
Could you point me in some google search term about HTTP 1.0 and 1.1 and what it all means and how they all bind together?
Thank you.
I think you will find the following useful:

Transparent Proxy with contentfilter
http://alien.slackbook.org/dokuwiki/...lackware:proxy

and

Tinyproxy : https://banu.com/tinyproxy/
 
  


Reply

Tags
proxy


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to connect to proxy server though wi fi connection active proxy settings ok ncpanicker Linux - Wireless Networking 3 04-11-2011 03:27 AM
[SOLVED] Thunar system-wide settings Linux.tar.gz Linux - Software 2 03-29-2010 04:05 AM
How do I set a system wide proxy setting? iAlta Linux - Wireless Networking 3 11-28-2007 05:58 AM
Set System Wide Proxy Address TomGibbons Linux - Security 9 08-24-2006 12:48 AM
Restoring system-wide settings to post-install condition Ac. K. Linux - Software 2 01-15-2004 01:31 AM


All times are GMT -5. The time now is 03:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration