Date: Thu, 1 Feb 2018 13:17:10 +0100 From: Tim1Kopplow@bundeswehr.org To: freebsd-questions@freebsd.org Subject: FreeBSD Proxy Madness Message-ID: <OF0A46FBAF.E1582018-ONC1258227.004120DE-C1258227.004393FD@bundeswehr.org>
next in thread | raw e-mail | index | archive | help
Hello there, I'm super new to FreeBSD and i really enjoy using it so far! Our environment is behind a proxy which makes things "interesting" all the time. I'm coming from Linux and expected issues with proxy usage but at first everything went smoothly (using pkg, git, npm) with just giving Environment Variables like: HTTP_PROXY=http://username:password@proxyurl:port Today i encountered that freebsd-update, which is using phttpget, doesn't like it like this Instead it requires: HTTP_PROXY=http://proxyurl:port HTTP_PROXY_AUTH=basic:*:username:password to be set. Which atleast makes git and npm not work again. Probably because git and npm and mainstream applications like this are coming not necessarily from bsd work where i first encountered HTTP_PROXY_AUTH usage. So it is atleast understandable to some degree. So far my experience with FreeBSD and proxy usage. Now, since this is the Question Mailinglist here comes my Question: "What is wrong with fetch??" This little piece of software says that it respects all the stuff (according to the man page). It says it respects, http_proxy, HTTP_PROXY, HTTP_AUTH, HTTP_PROXY_AUTH basically everything. But it's just not working. I looked already at the source of "Fetch" an the only thing regarding proxy i can find is a little code about "noproxy". TBF i don't know if i looked at the right place since the webinterface of the svn isn't the most userfriendly place in existance but i tried. So What's the deal with Fetch? Am i missing obvious Points or did i just gone mad already? Oh and is there a IRC i can join to discuss stuff like this? Thanks in advance. From owner-freebsd-questions@freebsd.org Thu Feb 1 15:23:18 2018 Return-Path: <owner-freebsd-questions@freebsd.org> Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9FA49ED77FF for <freebsd-questions@mailman.ysv.freebsd.org>; Thu, 1 Feb 2018 15:23:18 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4A711711B1 for <freebsd-questions@freebsd.org>; Thu, 1 Feb 2018 15:23:17 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 6D7E7624E4 for <freebsd-questions@freebsd.org>; Thu, 1 Feb 2018 10:23:11 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P-1bNjen3z_G for <freebsd-questions@freebsd.org>; Thu, 1 Feb 2018 10:23:09 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 16AA0624DA for <freebsd-questions@freebsd.org>; Thu, 1 Feb 2018 10:23:09 -0500 (EST) Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Thu, 1 Feb 2018 10:23:09 -0500 Message-ID: <05940d076ac711b2c9b740451706c5d4.squirrel@webmail.harte-lyne.ca> Date: Thu, 1 Feb 2018 10:23:09 -0500 Subject: EZJAIL and ping on FreeBSD-11. From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>; List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Thu, 01 Feb 2018 15:23:18 -0000 I have read the various 'howtos' respecting this issue and I cannot see where I have failed to properly follow the instructions. But clearly I have not done it right. I have setup a jail named hll124. it is configured and running. It can connect to the network and the Internet without issue. DNS resolution works fine using local_unbound. In /etc/sysctl.conf on the host I have this: # $FreeBSD: releng/11.1/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $ # # This file is read when going to multi-user and its contents piped thru # ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. # # Uncomment this to prevent users from seeing information about processes that # are being run under another UID. #security.bsd.see_other_uids=0 security.bsd.see_other_uids=0 security.bsd.see_other_gids=0 security.bsd.unprivileged_read_msgbuf=0 security.bsd.unprivileged_proc_debug=0 security.bsd.stack_guard_page=1 # Required for Chrome/Chromium kern.ipc.shm_allow_removed=1 # Add to allow jails to create sockets - 2018-01-31 JBB security.jail.allow_raw_sockets=1 The host system shows this: $ sudo sysctl security.jail.allow_raw_sockets security.jail.allow_raw_sockets: 1 In the ezjail configuration file I have this: # Allow ping, traceroute and other things 2018-01-31 JBB export jail_hll124_allow_raw_sockets="YES" When I connect to the ezjail instance with ezjail-admin console and run ping then I see this: # ping 192.168.71.44 ping: ssend socket: Operation not permitted What else am I missing? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF0A46FBAF.E1582018-ONC1258227.004120DE-C1258227.004393FD>