Tag Archives: proxy

How to Build a Computer Network

If you own or manage two or more computers you need to connect your computers in a wired network to share Internet Connection and other services.
Here is a complete How To Build a Network.

Whether you are doing it at home or at your workplace, creating a computer network is not very difficult if you are a handy person and you have basic knowledge of computer networks. We will cover here most of the concepts you need to make your own LAN.
Computer Network
The series of articles will show you how to create a physical network and how to configure it to provide various services to your network users. We will focus on TCP/IP networks as this is the most common networking protocol.

Why Do You Need a Network?

You need a network if you need to share services for two or more computers.
Services that can be shared include: File sharing, sharing a network printer, Internet sharing, email services, Intranet, media broadcasting, etc…
In a home network, it is very common to share a printer and the Internet Connection.
In Business environment, the network becomes more complex and many more services will be needed to accommodate the use of many computers in a single network. Such services are DHCP – for automatic IP configuration, DNS – for name to IP resolution, corporate email, Proxy Server – for increased security on Internet, Intranet server – this is a private web server, VOIP phone system, etc…

What are the Limitations of My Network

You Ethernet cables are limited to 100m between any two active devices. If you need more than 100m between any two active devices such as computer and switch or computer to computer, you need to add a repeater or a hub, a switch will work as well, at each additional 100 meters, (or 333 ft.).
Depending on your materials and equipment, your network can run at 10Mb/s, 100Mb/s or 1Gigabit/s.
The most usual is to use Cat 5 or Cat 5e cables and connectors. A Cat 5 network can provide a speed up to 1000Mb/s.
If you need to connect at longer distances the more suitable solution are
Coaxial cable – up to 500M, speed 10Mb. You need special repeaters or hubs or special network cards.
The fiber optic – 10Km or more, speed up to 100Gb, depending on the equipment. It is the most expensive solution; the price though can be affordable for slower connections. For slower connections, most of the cost will consist on running the cable between the two points.
DSL is the cheap way to connect two remote offices if you have an available copper pair between the two offices.

What Do I Need to Make My own Network?

To make your own Ethernet Network you need the following equipment:
UTP/STP networking cable, RJ-45 connectors, Crimping tool, Punch down tool, Keystone Jacks, Wire stripper / Knife, Network Tester, Patch Panel, Network Switching device. The list includes also a stud finder, drywall saw, measuring tape, mounting plate, fish tape, ladder, and the usual tools such as screwdriver, drilling machine, hammer, etc…
Ample descriptions on the tools and materials are provided by following the links.

Computer Network Planning

The typical Ethernet Network has a star topology. That means that you have a central device, (network switch), that connects all of your network participants. This is important for your planning since you will have to run all of your cables to a central point. Make your measurements and place your central point in such manner that all of your cables are 100m or less. This includes the patch-cord as well.
If you have computers farther than 100m you will need to install a repeater. Alternatively you can use other types of connection, (coax, fiber optic, etc…), see the limitation paragraph.
When you run a cable consider the maximum amount of devices that can be stuffed into that office. It is a lot cheaper to run an extra cable or two per each office location than to run a single cable after the initial installation.
Install the keystones as close as possible to the actual location of the computer. Plan this thoroughly and pick the best location so that the patch-cord is out of the way.
Buy extra cable and extra connectors.
Use common paths for your cables whenever possible. If you run ten cables at once saves a lot of work and time.
Plan your cable route. Use ceiling whenever possible, it is the easiest path. Avoid running the cables near big electromagnetic sources.

Buying Computer Network Tools and Supplies

Do not buy cheap tools and materials. If you do, you will be penalized in different ways:
At the installation time you will get all sorts of problems trying to connect poor materials, cheap cable will be damaged more easily when manipulated, connectors will break easier.
In time the quality of the network will decrease if poor supplies and tools are used.
Overall experience and quality will be very poor if you get too cheap. If buying expensive tools is not justified, (a one time job), try to borrow good tools and don’t buy cheap ones.
Follow the links to learn what to look for when you are buying specific materials.
Now that you planned and bought all the Networking tools and supplies you can proceed to the Running the Cables for a Computer Network.

How to – Debian Static IP Configuration

On a basic Debian machine without a graphical interface assigning the same IP address all the times can be achieved in two ways.

Static IP Address

To configure a static IP, (an IP that will never change), and not use DHCP you must edit the file /etc/networking/interfaces.
Insert the following code at the end of the file and don’t change anything else unless you know what you do:

# The first network card – this entry was created during the Debian installation
# (network, broadcast and gateway are optional)
#Private Interface
iface eth0 inet static
address 192.168.0.254
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
## only use gateway if your machine is not multi-homed, (two network cards). You can only have a default route.
# gateway 192.168.0.1

In our case the IP of the Debian machine is 192.168.0.254. The gateway, (the router), is 192.168.0.1 and it is a standard Class C network.

To refresh the network configuration without restarting the server execute:
/etc/init.d/networking restart

If that doesn’t work reboot the machine (reboot or init 6).

For a second network card you should add at the end of the file another entry for your second card:
#External interface
iface eth1 inet static
address 1.1.2.2
netmask 255.255.255.0
network 1.1.2.0
gateway 1.1.2.254

Check the new configuration by issuing the command:
ifconfig

DHCP Reserved address

If you want to set this via DHCP you have to make a reservation into your DHCP server for your network card’s MAC address.
You can find your MAC address by using the command ifconfig.
The server will spit some information on the screen that looks like this:
eth0 Link encap:Ethernet HWaddr 00:33:ff:c4:2f:2b
inet addr:192.168.0.254 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::230:f4ff:fdd4:bf33/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:93373 errors:0 dropped:0 overruns:0 frame:0
TX packets:38320 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:76539317 (72.9 MiB) TX bytes:5551726 (5.2 MiB)
Interrupt:17 Base address:0x6000

The first line is the one you are interested in:
HWaddr 00:33:ff:c4:2f:2b
In your DHCP server make a reservation using 0033ffc42f2b as your MAC address. Note the removal of the colons in between.
Reboot the server and when the machine will try to renegociate its IP address the DHCP server will assign it the newly reserver address.

If you want to add a static route on your Debian machine edit your /etc/networking/interfaces file and add the following two lines at the end of your eth1, (eth0), configuration.
up route add -net 192.168.22.0 netmask 255.255.255.0 gw 192.168.100.254
down route del -net 192.168.22.0 netmask 255.255.255.0 gw 192.168.100.254
The two lines tell Debian to add a static route when the computer boots, and to remove the static route when it shuts down.

The parameters mean: 192.168.22.0 is the network you want to make your Debian machine aware of; 255.255.255.0 is the netmask of your added network, 192.168.100.254 is the gateway to that network.

Why would you need a static network? In our configuration example your default route is through your public network interface.
Any additional internal networks or VPN’s will not be available. The configuration above tells your Debian machine how to reach any VPN or networks not reachable via the default Network.

There is another change needed if you plan to configure this machine as a simple router. You need to enable IP forwarding, in other words allow the machine to forward traffic for its clients.
# nano /etc/sysctl.conf
Change the following line : net.ipv4.ip_forward = 0
to net.ipv4.ip_forward = 1

Reboot the machine to make the setting active, or issue the following command to make the kernel aware of the change:
# echo 1 > /proc/sys/net/ipv4/ip_forward

Why do you want your Debian machine to connect to other networks or VPN’s? If your machine is a proxy, or a gateway it needs to know where to route packets for its clients. Even if your remote networks or VPN’s have their own proxy, if you have a shared server in one of these networks you need to make it available for your users. It is easier to maintain a static route on one server than add it to all of the clients.

Browser Auto-config and Wpad deployment

Using a Proxy Server in your Company’s Network is one of the best decisions you have made.
But this decision can bring you some administration overhead if you don’t have an automatic way to provision the browser settings.
Fortunately, for Microsoft Operating Systems there is a way to accomplish this.
The procedure involves a configuration file that tells browsers how to connect to Internet.
This file is published via the existing Infrastructure using DNS, DHCP and a WEB Server.

Create the configuration file

Create the wpad.dat file inserting the following text:
function FindProxyForURL(url, host) {
return "PROXY 192.168.100.10:3128; DIRECT";
}

IIS

Create a new website and link it to a folder of your choice, (for instance c:\wpad). Place the wpad.dat file inside the folder.
Create a mime type for the .dat  file type with the mime type  “application/x-ns-proxy-autoconfig”.
Restart IIS. If you already have an IIS just place the file in the root directory.

Apache:

Create the wpad.dat file on the www directory depending on your distribution (on a Debian is /var/www/).
For instance:
#nano /var/www/wpad.dat
would open the nano editor. If nano is not install use vi or mcedit or any other text editor.
Edit httpd.conf:
#nano /etc/apache/httpd.conf
and insert the following line:  
AddType application/x-ns-proxy-autoconfig .dat

Make sure apache daemon is starting at boot time, (update-rc.d  apache2 defaults)
Restart apache #/etc/init.d/apache2 restart.

DHCP – Configuration for Proxy Auto discovery

(on a Microsoft DHCP server)

  1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.
  2. In the console tree, right-click the applicable DHCP server, click Set Predefined Options, and then click Add.
  3. In Name, type WPAD.
  4. In Code, type 252.
  5. In Data type, select String, and then click OK.
  6. In String, type http://internalserver/wpad.dat where:
    • internalserver is the domain name of the Server that hosts the wpad.dat file. (Alternatively you can use fully qualified domain name, (eg. http://internalserver.domain.local:3129/wpad.dat)
    • Port is the port number on which automatic discovery information is published. You can specify any port number. I put 3129.
  7. Right-click Server options, and then click Configure options.
  8. Confirm that Option 252 is selected.

If you configure this on a Unix DHCP server you might need to add an extra blank character at the end of the DNS Configuration
Create an alias (CNAME) with the name wpad pointing at the webserver that hosts your wpad.dat file. For instance the alias is wpad and the fully qualified domain name is internalserver.domain.local

Troubleshooting

WPAD alias DNS entry not responding
After creating your alias when you ping wpad you get host not found this could be related to a security improvement on Microsoft’s DNS servers.
To fix this you need to edit the following registry value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList
Edit this on all of your Microsoft DNS servers and remove wpad from the list of values. See the image below:

Registry Fix for Implementation of WPAD

Note that this configuration requires you or your user to configure your browser to “Automatically Detect Settings”.
For Internet Explorer this can be automatically configured for all the users in an Active Directory domain via a Group Policy.
The same policy will be used by Google Chrome, which uses the Windows Internet Connection configuration.
Other browsers such as Opera, and Mozilla will have to be manually configured. Alternatively, for an automatic configuration they can be tweaked via registry hacks or configured via third party software.
The disadvantage with manual configuration is of course the cost of deployment and the fact that this can be changed by the user. If you want to enforce the use of the proxy you have to restrict the gateway access and allow only the proxy machine to access it. Another way would be to configure your proxy to be your router and set up a transparent proxy.