Packet Fence behind a proxy

No, because you are doing something new and uncharted. But the rules are in (doing from memory) /usr/local/pf/conf (somewhere) there is the iptables template that gets copied to the correct location in /etc/sysconf/iptables. 
I can dig around in my test system in the AM to locate the correct file. But that is the location they were in. 

You would not do this in packet fence directly, there is no facility for that.Think about what packet fence is acting like... a gated router. Since it is running inline mode it acts like a route with an entrance control. While I have never done this with pf, you might want to check into transparent proxying. This uses firewall rules to redirect internet bound traffic to/through a proxy server.To do this under linux you can craft specific iptable rules to create the redirect. http://www.tldp.org/HOWTO/TransparentProxy-6.htmlUnderstand that pf also manages the firewall rules so you will need to add your rules to the pf configuration files. The main linux iptables are rewritten every time pf starts. So you must put them in the proper place to retain the settings during a restart.While debugging I would update the pf rules directly,...

Similar Messages

  • Web service client behind a proxy server connecting to web service over SSL

    Hi Friends,
    A web service is exposed by an external system over SSL. We are behind a proxy server and are trying to get connected to web service over SSL. <p>
    We are getting the following error on the test browser of workshop<p><p>
    External Service Failure: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters.<p><p>
    the whole trace is <p>
    <p>JDIProxy attached
    <Sep 24, 2005 9:27:25 AM EDT> <Warning> <WLW> <000000> <Id=creditCheckCtrl:salesExpertServiceControl; Method=creditcheckcontr
    ol.SalesExpertServiceControl.doCreditVerification(); Failure=com.bea.control.ServiceControlException: SERVICE FAULT:
    Code:javax.net.ssl.SSLHandshakeException
    String:FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters
    Detail:
    END SERVICE FAULT>
    <Sep 24, 2005 9:27:26 AM EDT> <Warning> <WLW> <000000> <Id=creditCheckCtrl; Method=creditcheckcontrol.CreditCheck.testCreditC
    heck(); Failure=com.bea.control.ServiceControlException: SERVICE FAULT:
    Code:javax.net.ssl.SSLHandshakeException
    String:FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters
    Detail:
    END SERVICE FAULT [ServiceException]>
    <Sep 24, 2005 9:27:26 AM EDT> <Warning> <WLW> <000000> <Id=top-level; Method=processes.CreditCheck_wf.$__clientRequest(); Fai
    lure=com.bea.wli.bpm.runtime.UnhandledProcessException: Unhandled process exception [ServiceException]>
    <Sep 24, 2005 9:27:26 AM EDT> <Error> <WLW> <000000> <Failure=com.bea.wli.bpm.runtime.UnhandledProcessException: Unhandled pr
    ocess exception [ServiceException]><p>
    I am not able to make out what could be possibly wrong. Please let me know if you guys have any ideas about how to resolve it.
    Thanks
    Sridhar

    did you resolve this problem. I am looking at the same issue. If you did I would really appreciate your response.
    Thanks.

  • Running forms behind a proxy

    need help on how to run forms behind a proxy.
    i got this error when i try to run forms behind a proxy:
    FRM-92060:Failed to connect to the Server.
    Bad Machine specification:starlite.ph:9000
    Thanks.

    First I am not quite sure about this, but I think it may be because of the proxy does not support Oracle net8 connections (suppose you user version 8 or above).
    Can your sqlplus connect to the database through the proxy correctly?
    I know some proxy need some configuration in order to let Oracle work correctly.
    null

  • Creating a socket behind a proxy server

    How can I create a socket to a server if the client is behind a proxy server? I know java.net's HTTP-related classes have built-in proxy server support but this is not for a HTTP-based application.

    Hi,
    I also need to do this but not found any way yet. Somewhere I read that we can set the socket proxies (because mine was an application which tries to open socket connection over the network) through command line or by setting the system properties "socksProxyHost=<proxy_host_address>" and "socksPoxyPort=<proxy_port>". I tried to solve my proxy issue this way but all invain. While setting these system properties it is required that your proxy server is using the SOCKS service which I think is mostly the case but it still didn't work for me. You people try and c if it works for you. If anyhow you manage to get this issue resolved then please tell me also by posting a message.
    regards

  • Using Flash's xml.sendAndLoad behind a proxy

    We have a product that uses Directory and Flash to collect
    data and then we send that data to a web server via a soap call. We
    had been using an external perl script to do the soap call for many
    years and are wanting to move the code in to Flash or Directory so
    we can give the user better feed back about what is happening with
    the soap call.
    I created som flash scripts that use the XML object and the
    sendAndLoad function to do the calls. The problem I am finding is
    that if the client is behind a proxy the call fails. Is there a way
    to fix this and correctly authenticate with the proxy server so
    that the soap call goes through?

    I don't know how you'd do this using a Flash object, but
    Director's
    built-in NetLingo xtra can handle SOAP requests as of version
    10.1 and
    this, in conjunction with the proxyServer() command, should
    be all you
    need - assuming you have access to proxy details.
    <
    http://www.adobe.com/devnet/director/articles/webservices.html>

  • Configure FMS behind a proxy

    Hello,
    I've a problem to configure FMS Streaming 4.5 on an Ubuntu 10.04 Server.
    I've got a website and a FMS on the same server who is behind a proxy (not on the same server)
    Server IP : 192.168.0.2
    Proxy IP : 192.168.0.254
    FMS is configure to listen to port 1935 in fms.ini
    # This section contains configurable parameters in Adaptor.xml #
    # IP address and port(s) Flash Media Server should listen on
    # For example:
    #    ADAPTOR.HOSTPORT = :1935,80
    ADAPTOR.HOSTPORT = :1935
    Apache  listens on port 80
    Apache wasn't installed with FMS, it's pre-installed
    This is my Virtual conf
    NameVirtualHost 192.168.0.2:80
    <VirtualHost 192.168.0.2:80>
    ServerName mydomain.com
    DocumentRoot /var/www/html/
    </VirtualHost>
    Ports 80 1111 and 1935 are opened on my server
    # RTMP Streaming
    iptables -t filter -A INPUT -p tcp --dport 1935 -j ACCEPT
    iptables -t filter -A INPUT -p udp --dport 1935 -j ACCEPT
    iptables -t filter -A INPUT -p tcp --dport 1111 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp --dport 1935 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp --dport 1935 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp --dport 1111 -j ACCEPT
    On the proxy server (use Apache), ports 80, 11, 1935 are opened in the firewall (output, input and forward) and the proxy makes a NAT translation to my website.
    But I can't see the videos on my website
    If i test on a machine behind the proxy, the streaming is OK, i see my videos.
    I don't know how to solve this problem. I've got only one IP on my server.
    What is the best solution,
    Thanks for your help

    Here is the flash tutorial:http://kb2.adobe.com/cps/408/kb408205.html
    Without a proxy, it connect locally using the 1935 port.
    I'm also able to connect from the external network to my local network using the same port.  The firewall is configured to accept incoming rtmp connection
    But as soon i use a proxy, the connection fail.

  • No help in iWork apps on iPad behind a proxy

    My MacBook Pro is connected to internet by Ethernet behind an autoproxy.
    It shares its connection with my iPad through Airport.
    This autoproxy is set on my iPad as Auto HTTP proxy.
    In any iWork app on my iPad, when I ask Help, I got a message like: "The access to the Help needs an internet connection".
    This is obviously a serious bug in Numbers, Pages, or Keynote which do not properly recognize an internet access through a shared connection behind a proxy.
    Any help welcome.
    Message written on my iPas set as described above.

    After activating your iPad, go to the App Store and search for your free apps:
    1. Pages
    2. Numbers
    3. Keynote
    4. iPhoto
    5. iMovie
    6. GarageBand
    If apps are still showing the price: sign out>reboot>and sign in again
    Settings>iTunes and App Store>Apple ID

  • Lync Client Behind A Proxy

    Can anyone confirm if the Lync client can be configured to route traffic via a proxy, or to use the proxy settings defined in IE?
    I have the following scenario...
    The environment is heavily locked down, and PC's only have access to the Internet via a defined IE proxy.  Internal IM, presence and communication all work fine.  We have configured federation with some remote organizations.  IM and presence
    works fine to these orgs, but when any A/V or application sharing is attempted, the media fails.  I can see from traces this is when the client tries (and fails) to access the A/V edge of the remote federated parties edge server.
    I've looked at the Lync settings, reg settings, group policy ADM and documentation, and cant find anything to a) confirm if this behavior is correct or b) any way to work around it.
    There must be other Lync implementations in hardened environments like this.  Opening up outbound ports is out of the question, so what other options do i have?
    Dave

    Jay, you missed the key word in my last post "internally".  Functionally, everything about the edge server is working fine.  Clients can login internally and externally.  Media flows from internal to external clients is fine.  All SIP/AV/WEBCON
    DNS entries are fine in public DNS along with supporting SRV records.  These interfaces are Nat'd and the AV address is correctly assigned.
    My problem only occurs when an AV session is attempted with a federated partner...
    When any AV or sharing is attempted, from the internal network, to the federated partner, i can see the Lync client attempting to make connections out to the remote federated partners AV edge (something which it will never be able to do as it's behind a
    proxy with no direct Internet access).  This is what I'm trying to address.
    Should the SIP/AV/WEBCON address exist INTERNALLY
    on the corporate DNS servers for internal clients to resolve?  Is this what i have missed?
    Is there anyway to instruct the Lync client to route traffic bound for the Internet via a proxy?
    Surely there must be someone else with this scenario in a locked down environment?

  • Debug behind a proxy

    It's possible to get debug information behind a proxy?
    The client IP adress is not seen from Coldfusion because all request are from proxy.. but if i enable the proxy IP for debugging, i
    will share the debug information with all users.. there is a way to solve this?
    i already tried with the mode=debug option (http://kb2.adobe.com/cps/176/tn_17642.html) in the URL but it simply doesn't work.. i disabled "Enable Debugging " from the admin console and removed any IP from "Debugging IP Addresses" except for 127.0.0.1, and restarted Coldfusion, but also if i append "?mode=debug" to
    any URL, it doesn't display any debug information.
    is the mode=debug option available to Coldfusion 7.0.2 ?
    Thanks in advance

    Contact your ISP for instructions on how to obtain a direct connection.

  • Problems with Arrowpoint cookies for clients behind a Proxy

    I have in a WebSite clients being load balanced using Arrowpoint cookies to a virtual Server. The CSS load balance between three Apache real servers.
    I have some clients that are behind some kind of Proxy Cache and I have seen with a sniffer that the proxies causing the problem Re-use proxy to our server connections for different requests for multiple clients.
    Then, as I understand the CSS make the forwarding decission based on the cookie of the first request for the first client behind the proxy after establishing the HTTP connection, but when there is a request from other client using this same connection (that must be forwarded to other real server) the request is forwarded to the original web server and fails because we need sticky connections.
    I thought that this wasn't correct but I have read some documents that say that this is called a Proxy role as a "connection cache". Then my question is if there is any workaround for this problem.
    Thanks

    I believe your problem is that the proxy open a few persistent connections with the CSS and loadbalance your client's request over them.
    Once the CSS has associated a connection with a service, it does not look into the request anymore.
    The solution is to disable persistence on the CSS with the command 'no persistent' and 'persistence reset'.
    Find more info at :
    http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093e06.shtml#crp
    Gilles.

  • Wget and edelivery behind a proxy?

    Is it possible to use wget to download files on edelivery?  And if so does being behind a proxy server change that answer?
    I am behind a proxy and am able to download regular patches on MOS via a wget script.
    I have founds some posts discussing this topic (minus the proxy) and Steve S's response to this post summarizes the steps I took to export cookies.txt etc.
    Solaris 10 Update 10?
    I have substituted the link location to use \& instead of & in the link location as shown here (my real email is altered for the example).
    # This is not working - edelivery downloads
    $WGET --user-agent="Mozilla/5.0"  --load-cookies=$COOKIE_FILE --save-cookies=$COOKIE_FILE --keep-session-cookies "https://edelivery.oracle.com/EPD/Download/process_download/V35215-01_1of3.zip?file_id=64844077\&aru=15611521\&userid=849998\&egroup_aru_number=16809533\&email=[email protected]\&country_id=124\&patch_file=V35215-01_1of3.zip&email=[email protected]\&country_id=124\&patch_file=V35215-01_1of3.zip" -O $OUTPUT_DIR/V35215-01_1of3.zip  >> $LOGFILE 2>&1
    It does seem to go through the motions but my file seems to be finished after only downloading 44k.
    Tail end of log file:
    Proxy request sent, awaiting response... 200 OK
    Length: unspecified [text/html]
    Saving to: `./V35215-01_1of3.zip'
         0K .......... .......... .......... .......... ...        1.62M=0.03s
    2013-09-26 11:19:07 (1.62 MB/s) - `./V35215-01_1of3.zip' saved [44729]
    Anyone been through this?
    Message was edited by: user6445925
    I'm going to close this call and create an SR.

    Contact your ISP for instructions on how to obtain a direct connection.

  • Windows Messaging+ App behind a proxy

    What is the URL for the web service for the Windows Messaging+ app?  Im behind a proxy and it always fails to connect.  There is no option under settings for defining a proxy.

    Verizon Wireless Customer Support wrote:
    ... Since the error is only happening at work, it sounds like something on your work's network that is causing this error. ...
    Yes, Greg said
    Other applications such as Spotify, Dropbox,
    etc. work only when I configure them to use a specific proxy server.  The
    Message+ desktop application doesn't seem to allow the user to specify a
    proxy server anywhere in the settings.
    All he's asking is if the desktop app has an option to set for a proxy server or a way to workaround it....

  • Flash Upload from behind a proxy

    Hi,
    I am working behind a proxy and some of the flash uploaders
    out there require me to authenticate myself on the local proxy
    before allowing me to upload files. I have such an uploader which
    currently is outside my network. However after it tryes to execute
    file.upload(request); it dies silently without a trace of what is
    going on. I presume that it fails because it hasn't requested the
    proxy auth. How can I show the proxy auth login pop-up. Here's a
    sample of my code
    Thank you for your help,
    Cosmin

    Allow the box to bypass the proxy server, at least temporarily and for purposes of testing this.
    This bypass test will allow you to determine if this is the proxy connection, or something within the box or the SUS configuration.
    Or permanently, following the "if it hurts, don't do it" model.

  • Using Webstart behind a proxy firewall

    Hi,
    According to http://www.vamphq.com/jwsfaq.html#proxylogin if one uses Webstart behind a proxy firewall and one enters the wrong password, Webstart will not reprompt. Has this changed in Tiger or does this problem still occur? Does Webstart automatically import proxy settings from the browser in Webstart? To my understanding plain-application does not auto-import.
    Please let me know.
    Thanks,
    Gili

    If you have a Domina Name registered.Install IAS or OAS as your web server. Use NAT on your firewall to point to the illegal IP address. Make sure that there is a Domain Name Server somehwere on the Internet pointing to your Legal IP address for your domain name. If you don't have a domain name, you will still do everything the IAS/OAS setups, but you will have to type your Legal IP address into the browser to connect.

  • Sudo pacman behind a proxy...

    I've installed arch on a pc which is behind a proxy. No problem after using
    export http_proxy=...
    the point is that if I enter the system as root (or su) I can use pacman but, if I give a sudo pacman (as a user) I can not access the network.
    Sudo works fine, the problem is that I can not manage the proxy as a simple user...as a SU everuthing is fine
    I've also repated the export http(ftp)_proxy command as a user but without success

    plutus wrote:
    I've installed arch on a pc which is behind a proxy. No problem after using
    export http_proxy=...
    the point is that if I enter the system as root (or su) I can use pacman but, if I give a sudo pacman (as a user) I can not access the network.
    Sudo works fine, the problem is that I can not manage the proxy as a simple user...as a SU everuthing is fine
    I've also repated the export http(ftp)_proxy command as a user but without success
    Yay, Thank you, you gave me the right clue..
    I had configured a non existent proxy that  I used some time ago in my bashrc...
    Its always about the trivial things ^^"
    Last edited by vidar (2010-08-24 19:10:23)

Maybe you are looking for

  • How to make a computer invisible in  network?

    I was amazed that in the left-hand panel of FINDER, under the SHARED tab, there are about 6 other computers that I am seeing. I am concerned that others may be able to access my computer via my wireless connection. How can I make sure I am protected,

  • Can't get mobile device to auto configure the active sync server

    Hello I am trying to get my costumer mobile devices to auto configure the active sync server name so they don't have to type it in. I believe I have everything in place Certificates are fine. I populated the external url on the active sync object in

  • Send to Premiere Pro. Not loading anything into Premiere.

    Even after a reinstall of Prelude it just never works. I've created my Roughcut with markers. I just can't use it in Premiere. PLEASE HELP.

  • ColdFusion Splendor mail server verify error

    ColdFusion Splendor admin > Server Settings > Mail Connection Verification Failed!  When putting in a valid setting for "Mail Server" and tick "Verify mail server connection", Connection Verification Failed is reported.    Thanks in advance, Carl.

  • Nokia N9 changed to permanant landscape?

    I have my Nokia N9 for around 8 months and it's worked fine; but the other all my apps including the web, messaging, gallery and calender went to landscape and won't return to portrait.I've tryed a hard reset, leaving it off for 5 hours, everything.