[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Installing proxy server or vpn

Posted on 2011-04-24
22
Medium Priority
?
440 Views
Last Modified: 2012-05-11
Hi,

I have a serious problem with my ISP. It caches the files and when i change a file in server it doesn't update when i refresh. Its very frustrating for development work.

The solution i could figure out is to use a VPN or a Proxy.

I would want someone to please help me install a proxy or vpn on a remote dedicated server that i have purchase.

I tried to install squid but i could not configure it properly to be able to use it.

Cheers
Pankaj
0
Comment
Question by:liveaspankaj
  • 10
  • 10
  • 2
22 Comments
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 35457382
Hi,

Will you please explain what you mean in this sentence of yours:


"I have a serious problem with my ISP. It caches the files and when i change a file in server it doesn't update when i refresh. Its very frustrating for development work."

How do they catch a file? How do you update it ?? How do they override it while being changed?

IF they stop you to change a file how do you think having a proxy or VPN would help ??

You say you'd either need a proxy or VPN. How would it help ?? VPN will allow you to connect a server located in intranet. Buut it is clear that your server has an internet connection. In this case a shell access to your server would be as good as having a VPN connection. Practically what would it do for you is to provide a shell access to your server since you have only a single system.

What is the use of a proxy for you in this setup ??

Cheers,
K.
0
 
LVL 5

Author Comment

by:liveaspankaj
ID: 35457388
i am able to access the server change a file lets say xyz.js

but when i view it my ISP stores it.

Then i got again and change something in that file xyz.js.

And open the file in browser. This time my ISP will check it and see that it has the file and will give the old file to the browser.

I can see the new file via ssh or ftp but old via browser. vpn will connect me to another server that is connected to another ISP which i guess might not be caching files.

0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 35457416
So you think that your ISP is caching the files you access via HTTP and will only serve you using the cache? If this is the case did you ever contact your ISP? Are you sure that your ISP is cacheing the files and not your browser? Can you try to install another browser and check if it is serving the replaced file but not the old one ?

Did you try to contact your ISP may be they can prevent your pages from being cached.


You have other options though. You can try to add no cache meta tag to your pages and prevent them being cached such as:

<META HTTP-EQUIV="Pragma" CONTENT="no-cache">

Another option is to run your web-server at a nonstandard port such as say 90 10r 1080 so that your ISP's proxy will not be able to understand that it is being cached.

Yet another option is to redirect the port 80 of your remote server to your client over the SSH and tunnel the traffic over SSH and then you2ll be able to access your server through the SSH link and you wont need a VPN which should be more flexible since it wont need another subscription to another ISP.

Cheers,
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 81

Accepted Solution

by:
arnold earned 500 total points
ID: 35457440
KeremE dealt with the likelihood that your browser is the one that caches otherwise when you go to http://whatismyip.com or any similar site, you would see the IP of the ISP's Proxy and not your own external IP.

note the irony, you are replacing your ISP's proxy with your own.
Presumably you will not set cache_dir to avoid your proxy from caching.

What OS is running on your dedicated server?
Presumably you do not want to setup an open proxy where by anyone can use it to access anything.
The short answer is that you need to define the acl our_networks with your External Public IP. x.y.z.w/32 this will only let requests coming from x.y.z.w to be addressed by the proxy.
The other possibility is that you establish a VPN between your LAN and your Dedicated server at which point the our_networks will need to reflect the LAN IPs on each side.
/var/log/squid/access.log is the log that you should use to troubleshoot the access issues you are having.  Make sure if you have iptables running, to alter them to allow access to squid.  This is another option/setting where you can limit access to squid to a specific set of IPs (external).
0
 
LVL 5

Author Comment

by:liveaspankaj
ID: 35457449
i have a dynamic IP at my end. and a fixed ip on the server(centos)

i dont see anything in the access log. probably because its not configured to allow my ip. i tried removing the acl our_nerworks and puting allow all, but that doesnt work either.

i have done the iptables settings and opened the port from setup
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 35457465
So why don't use SSH tunneling.. so that you'll tunnel your remote host 80 port over SSH to your workstation and you'll access it over the tunnel.

In your use it will just act ass VPN.

> i dont see anything in the access log. probably because its not configured to allow my ip. i tried
> removing the acl our_nerworks and puting allow all, but that doesnt work either.

It is odd if you don't see anything over the logs. Every access should be logged. Even if there's a proxy between your client and server you should see the proxy to access your serer and check if its cache is current.

Cheers,
k.

0
 
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 1500 total points
ID: 35457469
Here's an atricle about creating an SSH tunnel for HTTP access:

http://oldsite.precedence.co.uk/nc/putty.html

Still I am not sure that this is an issue of a proxy.

Cheers,
K.
0
 
LVL 81

Expert Comment

by:arnold
ID: 35457473
Can you telnet <your_dedicated_server_ip> 3128?
"service squid staus" on your centos box?

/sbin/iptables -L INPUT
IF you have the default centos, install you will have a chain
/sbin/iptables -L RH-Firewall-1-INPUT
do you have there a port 3128 allowed?
Or are you running your squid proxy on a different port?
0
 
LVL 5

Author Comment

by:liveaspankaj
ID: 35457515
not able to telnet at 3128

your comand gives names instead of port for me so not able to understand any thing but i did this if it makes sense:


[root@sp4064 pankaj]# netstat -tulpn | grep 3128
tcp        0      0 0.0.0.0:3128                0.0.0.0:*                   LISTEN      4372/(squid)
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 35457538
Hi,

If you use a proxy and change your browser settings to use a proxy then you'll be using the proxy for all your web-requests. This will be an overkill. Let alone it will be a security risk once people use port scanners and detect you're running an ope proxy they will consume all your bandwidth.

Why do you insist on using an unproductive, inefective and non secure method while you can easily use SSH tunnel without any additional program and effort?

Cheers,
K.
0
 
LVL 5

Author Comment

by:liveaspankaj
ID: 35458033
that program link that you sent NetManger . tht is not free.
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 35458143
You don't need to install net manager. I've sent it to you so thow how can you redirect port 80 to your localPC using SSH. You already have a Web Server listenin to port 80 so you don't need the server part. All you need is PuTTY and and establish a tunnel to redirect port 80 to your local PC.....
0
 
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 1500 total points
ID: 35458146
All you need to follow is the

"Configuring an SSH tunnel using PuTTY for Windows"

and then use port "80" since the article indicates port 80 is for the HTTP....

This is it.

Cheers,
K.
0
 
LVL 5

Author Comment

by:liveaspankaj
ID: 35458148
what is the setting required at the server for that...SSH will listen to 22 so something should make it listen on 80, plus it should not loose the ssh functionality

and then it will be limited to that server alone...
0
 
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 1500 total points
ID: 35458214
There's none. SSH is built in tunnelling support. BTW do't you read what the article I've sent tells ? It just addresses this under the title "What is SSH tunnelling?"

Will you please check the Figure 1? Please think of NetManager = HTTP Server.
0
 
LVL 5

Author Comment

by:liveaspankaj
ID: 35458855
cool. i dont know how it does but some how i feel i was able to connect. no i need to test it
if it really work. its just amazing. thought it will have limited use. as i cannot access a site that i dont have ssh access to.

but its still great.

do you also know how to configure squid so that i can use it when i need to access another site
0
 
LVL 5

Author Comment

by:liveaspankaj
ID: 35459032
ok great i did this
i put the tunnel to look at localhost:3128

and it is able to tunnel through the ssh :) and this is just great :)

i feel its more secure and the proxy is exposed only to the localnet of the server so people outside may not be able to use it as well.

thanks, i hope i wont have any problem now.

by default cache_dir is not set..so i assume my squid server wont cache on its own :)
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 35459178
> do you also know how to configure squid so that i can use it when i need to access another site

When you use the proxy by changing your web-browser to use it for web-access your web browser automatically directs every http request to your proxy. So yo don't need any special configuration with this. But don2t forget that the squid is only for HTTP and HTTPS traffic must still be using direct access. This is being said you don't need to worry. Because there are not so many ISP's that caches SSL traffic since it requires them to terminate SSL traffic at their server and they recreate SSL to your browser which causes you lots of SSL certificate errors.
0
 
LVL 5

Author Comment

by:liveaspankaj
ID: 35459290
without routing to 3128 for squid and using only port 80 every url goes to the site hosted on that server.
even google.com goes to that..
its something like and domain redirected to localhost

but it works well to browser any site when i configure localhost:3128
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 35459330
Is it possible that you are using dns masquarading ?
0
 
LVL 5

Author Comment

by:liveaspankaj
ID: 35459371
i dont know what does that mean...and what is it for

but i dont think it must be there
0
 
LVL 5

Author Comment

by:liveaspankaj
ID: 35459388
this guy seems to have same errors

but i dont even have the '/usr/lib64/php/modules/ directory and its files

http://forum.parallels.com/pda/index.php/t-78485.html
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month18 days, 2 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question