Find the answer to your Linux question:
Results 1 to 7 of 7
I am trying to run a Virtualbox VM running Lubuntu 12.10 behind a company firewall. In the native web browser, access is obtained by running a script, call it h_t_t_p://company.name.corp/cgi-bin/script.pl. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2012
    Posts
    5

    Networking through a firewall - please help a newbie


    I am trying to run a Virtualbox VM running Lubuntu 12.10 behind a company firewall.

    In the native web browser, access is obtained by running a script, call it h_t_t_p://company.name.corp/cgi-bin/script.pl.

    If I copy this script to the web browsers such as Mozilla settings in the VM, I can access the internet no problems. But in Xterminal, I cannot get through to the internet for commands such as apt-get update, etc.

    The VM setup is a stock install, nothing changed.

    Any help would be very much appreciated.

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    917
    paste the output from terminal of
    wget Google

  3. #3
    Just Joined!
    Join Date
    Jun 2012
    Posts
    5
    (This reply is being sent through the Lubuntu VM Firefox app with the proxy script above enabled.)

    For some reason the Xterminal will not allow me to copy/paste:

    The forum rules won't allow the output as it is all URl's and IP addresses.

    wget w_w_w.google.c_o_m

    For each IP address lookup, ... failed: connection timed out,

    for the final line, it gave some hex code

    2607:f8b0:400c:c01::67|:80 ... failed: Network is unreachable.


    Is this what you wanted?

    Thanks for your help.

  4. $spacer_open
    $spacer_close
  5. #4
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,445
    That hex code is a ipv6 address of google.
    Code:
    # whois 2607:f8b0:400c:c01::67
    ..
    NetRange:       2607:F8B0:: - 2607:F8B0:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
    CIDR:           2607:F8B0::/32
    OriginAS:       AS15169, AS22577
    NetName:        GOOGLE-IPV6
    Which means, that your VM tries to resolve and connect v6 hosts before v4.
    Resolving works, but connecting not.


    But this is a different problem.
    If I understand your post correctly, then calling this url in a browser provides proxy settings suitable for your company.
    Therefore enabling internet access.

    Now, I would have expected a .pac file.
    Instead you call a perl script.
    What does that script.pl do?

    If it just provides http proxy settings, then you can take this info and add it to /etc/apt.conf, similar to this
    Code:
    Acquire::http::Proxy "http://proxy.example.com:8080";
    Should you need authentication to access the proxy, then this needs some additional lines.


    For general proxy support on the console -or to be precise: for tools, that use proxyenv variables-,
    you can write a small script like this:
    Code:
    #!/usr/bin/env bash
    export HTTP_PROXY="http://user:password@hostname:port"
    export HTTPS_PROXY="http://user:password@hostname:port"
    export FTP_PROXY="http://user:password@hostname:port"
    export http_proxy=$HTTP_PROXY
    export https_proxy=$HTTPS_PROXY
    export ftp_proxy=$FTP_PROXY
    You would need to parse it to set the variables.
    Last edited by Irithori; 10-23-2012 at 08:54 PM.
    You must always face the curtain with a bow.

  6. #5
    Just Joined!
    Join Date
    Jun 2012
    Posts
    5
    Actually, the script is named:

    h_t_t_p://pac.lb.xxxxx.corp/cgi-bin/pac.pl

    Not a PERL expert, but if my programming skills stand by me, the script is a giant whitelist/blacklist functions that determines if it lets you get through the firewall or not.

    So should I still edit the /etc/apt.conf file?

    Thanks for all your help.

  7. #6
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,445
    A PAC can define rules.
    Which internet hosts can be reached directly, and which need proxy A or proxy B, etc.

    My advice would be to read this pac.pl and see, which proxy would be needed for the ubuntu repositories defined in /etc/apt/sources.
    Then copy&paste this proxy to the mentioned line in /etc/apt.conf
    Code:
    Acquire::http::Proxy "http://proxy.example.com:8080";
    You must always face the curtain with a bow.

  8. #7
    Just Joined!
    Join Date
    Jun 2012
    Posts
    5
    I had to leave before I could clarify, but the pac.pl function was lousy with IF..THEN Proxy definition loops. I picked the most likely one and adapted it to your syntax above.

    That worked, although there was no apt.conf file, only a folder called apt.conf.d.

    So I browsed the net a bit and the consensus was just to create the apt.conf file in the /etc/apt folder.
    I did, got a few errors until I discovered the lack of the trailing semicolon and now we are good.

    Thanks again for everything.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •