Using FreeBSD inside a controlled network – A required HTTP Proxy and No FTP

April 13, 2012, 6:05 am by Rhyous

Inside a controlled network, it is a little harder to use FreeBSD. The simple things become hard, such as running “portsnap fetch extract” or running “make install” on a port.

In a certain network, I am experiencing certain security settings that I must make FreeBSD work around:

  1. An HTTP proxy is required to access external sites
  2. No FTP access.

Working with a required HTTP proxy on FreeBSD

You cannot bypass the proxy. Most ports are blocked with HTTP/HTTPS forced through the proxy. Even worse, DNS only responds for internal addresses  and the proxy handles the external sites, so your local box never actually resolves names to IP addresses and the browser only works because the proxy makes it work.

Setting a global proxy on FreeBSD

You can configure FreeBSD to use a proxy. You can set a global proxy, sort of. It looks like you can set a global proxy per shell. However, not all apps respect that proxy.

csh/tcsh

To add a global proxy to any csh or tcsh shell, add the following line to this file: /etc/csh.cshrc

setenv HTTP_PROXY http://ProxyNameOrIp:8080

sh

To add a global proxy to any sh shell, add the following lines to this file: /etc/profile

HTTP_PROXY=http://ProxyNameOrIp:8080
export HTTP_PROXY

Now that you have made these settings, your proxy should be working and any tool that uses HTTP/HTTPS, such as fetch, portsnap, make fetch, etc., should now properly use the proxy to access the internet.

fetch and tools that use it (ports, portsnap, etc…)

Any HTTP source should now work. Both ports and portsnap and other such FreeBSD tools use fetch so as soon as the environment variable is set, fetch and any tool that uses it will work.

Tools that don’t use fetch (Subversion, etc…)

Other tools, such as subversion, may not support the HTTP_PROXY environment variable and must be manually configured. For Subversion, I couldn’t find a global setting, instead it was a user setting. The file in your home directory. It usually exists by default but contains only comments. The following is the minimal lines you need.

[global]
http-proxy-host = ProxyNameOrIP
http-proxy-port = 8080

Working with no FTP access on FreeBSD

This problem is easy to get around. Always use HTTP or HTTPS. FreeBSD has usually made it that simple as all the common tools that use FTP seem to have HTTP options as well.

Ports

Most ports have an HTTP site as a backup download location. The best case, you run make install and it just finds an HTTP site and downloads the port for you. In the worst case, you may have to manually edit the Makefile and add an http source.

Portsnap uses http by default.

Category: FreeBSD  |  Comment (RSS)  |  Trackback

Leave a Reply

How to post code in comments?