Installing proxy server or vpn

Hi,

I have a serious problem with my ISP. It caches the files and when i change a file in server it doesn't update when i refresh. Its very frustrating for development work.

The solution i could figure out is to use a VPN or a Proxy.

I would want someone to please help me install a proxy or vpn on a remote dedicated server that i have purchase.

I tried to install squid but i could not configure it properly to be able to use it.

Cheers
Pankaj
LVL 5
liveaspankajAsked:
Who is Participating?
 
arnoldConnect With a Mentor Commented:
KeremE dealt with the likelihood that your browser is the one that caches otherwise when you go to http://whatismyip.com or any similar site, you would see the IP of the ISP's Proxy and not your own external IP.

note the irony, you are replacing your ISP's proxy with your own.
Presumably you will not set cache_dir to avoid your proxy from caching.

What OS is running on your dedicated server?
Presumably you do not want to setup an open proxy where by anyone can use it to access anything.
The short answer is that you need to define the acl our_networks with your External Public IP. x.y.z.w/32 this will only let requests coming from x.y.z.w to be addressed by the proxy.
The other possibility is that you establish a VPN between your LAN and your Dedicated server at which point the our_networks will need to reflect the LAN IPs on each side.
/var/log/squid/access.log is the log that you should use to troubleshoot the access issues you are having.  Make sure if you have iptables running, to alter them to allow access to squid.  This is another option/setting where you can limit access to squid to a specific set of IPs (external).
0
 
Kerem ERSOYPresidentCommented:
Hi,

Will you please explain what you mean in this sentence of yours:


"I have a serious problem with my ISP. It caches the files and when i change a file in server it doesn't update when i refresh. Its very frustrating for development work."

How do they catch a file? How do you update it ?? How do they override it while being changed?

IF they stop you to change a file how do you think having a proxy or VPN would help ??

You say you'd either need a proxy or VPN. How would it help ?? VPN will allow you to connect a server located in intranet. Buut it is clear that your server has an internet connection. In this case a shell access to your server would be as good as having a VPN connection. Practically what would it do for you is to provide a shell access to your server since you have only a single system.

What is the use of a proxy for you in this setup ??

Cheers,
K.
0
 
liveaspankajAuthor Commented:
i am able to access the server change a file lets say xyz.js

but when i view it my ISP stores it.

Then i got again and change something in that file xyz.js.

And open the file in browser. This time my ISP will check it and see that it has the file and will give the old file to the browser.

I can see the new file via ssh or ftp but old via browser. vpn will connect me to another server that is connected to another ISP which i guess might not be caching files.

0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Kerem ERSOYPresidentCommented:
So you think that your ISP is caching the files you access via HTTP and will only serve you using the cache? If this is the case did you ever contact your ISP? Are you sure that your ISP is cacheing the files and not your browser? Can you try to install another browser and check if it is serving the replaced file but not the old one ?

Did you try to contact your ISP may be they can prevent your pages from being cached.


You have other options though. You can try to add no cache meta tag to your pages and prevent them being cached such as:

<META HTTP-EQUIV="Pragma" CONTENT="no-cache">

Another option is to run your web-server at a nonstandard port such as say 90 10r 1080 so that your ISP's proxy will not be able to understand that it is being cached.

Yet another option is to redirect the port 80 of your remote server to your client over the SSH and tunnel the traffic over SSH and then you2ll be able to access your server through the SSH link and you wont need a VPN which should be more flexible since it wont need another subscription to another ISP.

Cheers,
0
 
liveaspankajAuthor Commented:
i have a dynamic IP at my end. and a fixed ip on the server(centos)

i dont see anything in the access log. probably because its not configured to allow my ip. i tried removing the acl our_nerworks and puting allow all, but that doesnt work either.

i have done the iptables settings and opened the port from setup
0
 
Kerem ERSOYPresidentCommented:
So why don't use SSH tunneling.. so that you'll tunnel your remote host 80 port over SSH to your workstation and you'll access it over the tunnel.

In your use it will just act ass VPN.

> i dont see anything in the access log. probably because its not configured to allow my ip. i tried
> removing the acl our_nerworks and puting allow all, but that doesnt work either.

It is odd if you don't see anything over the logs. Every access should be logged. Even if there's a proxy between your client and server you should see the proxy to access your serer and check if its cache is current.

Cheers,
k.

0
 
Kerem ERSOYConnect With a Mentor PresidentCommented:
Here's an atricle about creating an SSH tunnel for HTTP access:

http://oldsite.precedence.co.uk/nc/putty.html

Still I am not sure that this is an issue of a proxy.

Cheers,
K.
0
 
arnoldCommented:
Can you telnet <your_dedicated_server_ip> 3128?
"service squid staus" on your centos box?

/sbin/iptables -L INPUT
IF you have the default centos, install you will have a chain
/sbin/iptables -L RH-Firewall-1-INPUT
do you have there a port 3128 allowed?
Or are you running your squid proxy on a different port?
0
 
liveaspankajAuthor Commented:
not able to telnet at 3128

your comand gives names instead of port for me so not able to understand any thing but i did this if it makes sense:


[root@sp4064 pankaj]# netstat -tulpn | grep 3128
tcp        0      0 0.0.0.0:3128                0.0.0.0:*                   LISTEN      4372/(squid)
0
 
Kerem ERSOYPresidentCommented:
Hi,

If you use a proxy and change your browser settings to use a proxy then you'll be using the proxy for all your web-requests. This will be an overkill. Let alone it will be a security risk once people use port scanners and detect you're running an ope proxy they will consume all your bandwidth.

Why do you insist on using an unproductive, inefective and non secure method while you can easily use SSH tunnel without any additional program and effort?

Cheers,
K.
0
 
liveaspankajAuthor Commented:
that program link that you sent NetManger . tht is not free.
0
 
Kerem ERSOYPresidentCommented:
You don't need to install net manager. I've sent it to you so thow how can you redirect port 80 to your localPC using SSH. You already have a Web Server listenin to port 80 so you don't need the server part. All you need is PuTTY and and establish a tunnel to redirect port 80 to your local PC.....
0
 
Kerem ERSOYConnect With a Mentor PresidentCommented:
All you need to follow is the

"Configuring an SSH tunnel using PuTTY for Windows"

and then use port "80" since the article indicates port 80 is for the HTTP....

This is it.

Cheers,
K.
0
 
liveaspankajAuthor Commented:
what is the setting required at the server for that...SSH will listen to 22 so something should make it listen on 80, plus it should not loose the ssh functionality

and then it will be limited to that server alone...
0
 
Kerem ERSOYConnect With a Mentor PresidentCommented:
There's none. SSH is built in tunnelling support. BTW do't you read what the article I've sent tells ? It just addresses this under the title "What is SSH tunnelling?"

Will you please check the Figure 1? Please think of NetManager = HTTP Server.
0
 
liveaspankajAuthor Commented:
cool. i dont know how it does but some how i feel i was able to connect. no i need to test it
if it really work. its just amazing. thought it will have limited use. as i cannot access a site that i dont have ssh access to.

but its still great.

do you also know how to configure squid so that i can use it when i need to access another site
0
 
liveaspankajAuthor Commented:
ok great i did this
i put the tunnel to look at localhost:3128

and it is able to tunnel through the ssh :) and this is just great :)

i feel its more secure and the proxy is exposed only to the localnet of the server so people outside may not be able to use it as well.

thanks, i hope i wont have any problem now.

by default cache_dir is not set..so i assume my squid server wont cache on its own :)
0
 
Kerem ERSOYPresidentCommented:
> do you also know how to configure squid so that i can use it when i need to access another site

When you use the proxy by changing your web-browser to use it for web-access your web browser automatically directs every http request to your proxy. So yo don't need any special configuration with this. But don2t forget that the squid is only for HTTP and HTTPS traffic must still be using direct access. This is being said you don't need to worry. Because there are not so many ISP's that caches SSL traffic since it requires them to terminate SSL traffic at their server and they recreate SSL to your browser which causes you lots of SSL certificate errors.
0
 
liveaspankajAuthor Commented:
without routing to 3128 for squid and using only port 80 every url goes to the site hosted on that server.
even google.com goes to that..
its something like and domain redirected to localhost

but it works well to browser any site when i configure localhost:3128
0
 
Kerem ERSOYPresidentCommented:
Is it possible that you are using dns masquarading ?
0
 
liveaspankajAuthor Commented:
i dont know what does that mean...and what is it for

but i dont think it must be there
0
 
liveaspankajAuthor Commented:
this guy seems to have same errors

but i dont even have the '/usr/lib64/php/modules/ directory and its files

http://forum.parallels.com/pda/index.php/t-78485.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.