Posts tagged Networking

VSAT Technology

0

Typically a VSAT station consist of 2 major equipment – ODU(Outdoor Unit) which is consist of an antenna – feed horn – rft (buc – lnb) and pedestal (antenna mounting) and IDU (modem).

When a remote VSAT transmits data, first the modem will convert digital signal become a radio frequency signal, then it will convert to designated RF Band then Amplify using BUC. At reverse, when receive data the RF Signal receive using feed horn n pre amplify using LNB then convert to low frekuensi RF (IF) and decode using modem.

in Point 2 Point Topology, 2 Earth VSAT Station will communicate each other trough a transponder in satellite, one channel (carrier) frequency used to transmit and one channel (carrier) frequency used to receive. this topology used to call SCPC (Single Channel Per Carrier), one channel for receive and one channel to transmit.

 

in advance configuration commonly used today is VSAT IP, itu consist of one sentral earth station called HUB VSAT and many remotes site. this kind of topology called VSAT Star Topology, one as central and many remotes connected to the central. usually, for central earth station (HUB VSAT) it’s consist of a big antenna, a high power RFT (BUC/HPA – LNB/LNA), modem and several devices to organize and controlling all remotes connected. in the remotes side, it’s just like common vsat remote, it’s consist of small antenna, feed horn, RFT (BUC – LNB) and a modem.

(more…)

First Post from My Revived Blog

0

After vacuum for about 2 years, now with a new look of my blog, i am ready to start new stories all about networking and security.

Now, with my job position as network & system engineer on my office, i will start all concept and implementation within my corporate.

With many networking equipments, network & communication media, and many different technology in this blog i will share about product features, technology, and how to implement from small network to high availability huge data center.

From this post, i will divide categories within this site as:
– Networking
– Technology
– Juniper
– Cisco
– Nortel
– Linux
– Open Platform
– Proof of Concept
– Media Access
– Tips n Tricks

dani_wafaul_falah
http://wafa.web.id

Vista, Routing and NAT. Is that Possible?

0

today, i found something interesting in Vista Networking. when i used Windows XP Professional i found networking tools called netsh with a lot of functional to configure WinXP as a router (you can make your winbox as tough as *nix). Vista come with its netsh tools but limited to firewall & security, it hasn’t routing facility, but with some trick you’ll get routing capability like on WinXP.

this is the info for the netsh command
Vista
C:\Users\User>netsh show helper
Helper GUID DLL Filename Command
————————————– ———— ——-
{02BC1F81-D927-4EC5-8CBC-8DD65E3E38E8} AUTHFWCFG.DLL advfirewall
{FB10CBCA-5430-46CE-B732-079B4E23BE24} AUTHFWCFG.DLL consec
{35342B49-83B4-4FCC-A90D-278533D5BEA2} AUTHFWCFG.DLL firewall
{4D0FEFCB-8C3E-4CDE-B39B-325933727297} AUTHFWCFG.DLL monitor
{00770721-44EA-11D5-93BA-00B0D022DD1F} HNETMON.DLL bridge
{6DC31EC5-3583-4901-9E28-37C28113656A} DHCPCMONITOR.DLL dhcpclient
{8B3A0D7F-1F30-4402-B753-C4B2C7607C97} FWCFG.DLL firewall
{44F3288B-DBFF-4B31-A86E-633F50D706B3} NSHHTTP.DLL http
{0705ECA1-7AAC-11D2-89DC-006008B0E5B9} IFMON.DLL interface
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL 6to4
{725588AC-7A11-4220-A121-C92C915E8B73} NETIOHLP.DLL ipv4
{500F32FD-7064-476B-8FD6-2171EA46428F} NETIOHLP.DLL ipv6
{90E1CBE1-01D9-4174-BB4D-EB97F3F6150D} NETIOHLP.DLL 6to4
{90E1CBE1-01D9-4174-BB4D-EB97F3F6150D} NETIOHLP.DLL isatap
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL isatap
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL portproxy
{78197B47-2BEF-49CA-ACEB-D8816371BAA8} NETIOHLP.DLL tcp
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL teredo
{F7E0BC27-BA6E-4145-A123-012F1922F3F1} NSHIPSEC.DLL ipsec
{F7E0BC29-BA6E-4145-A123-012F1922F3F1} NSHIPSEC.DLL dynamic
{F7E0BC28-BA6E-4145-A123-012F1922F3F1} NSHIPSEC.DLL static
{1D8240C7-48B9-47CC-9E40-4F7A0A390E71} DOT3CFG.DLL lan
{00B399EA-447F-4B19-8393-F9D71D7760F9} NAPMONTR.DLL nap
{3F8A1180-FF5D-4B5B-934C-D08DFFBC9CBC} NAPMONTR.DLL client
{B123BAAA-79E9-49FD-AB2C-E87C56CE4CFF} NAPMONTR.DLL hra
{931852E2-597D-40B9-B927-55FFC81A6104} NETIOHLP.DLL netio
{B7BE4347-E851-4EEC-BC65-B0C0E87B86E3} P2PNETSH.DLL p2p
{9E0D63D7-4644-476B-9DAC-D62F96E08376} P2PNETSH.DLL collab
{6ED05238-F6A3-F801-967A-5CAD6F6CAC56} P2PNETSH.DLL contact
{E35A9D1F-61E8-4CF5-A46C-0F715A9303B8} P2PNETSH.DLL group
{9AA625FC-7E31-4679-B5B5-DFC67A3510AB} P2PNETSH.DLL database
{FBFC037E-D455-4B8D-80A5-B379002DBCAD} P2PNETSH.DLL idmgr
{9E0D63D6-4644-476B-9DAC-D64F96E01376} P2PNETSH.DLL pnrp
{1DD4935A-E587-4D16-AE27-14E40385AB12} P2PNETSH.DLL cloud
{AD1D76C9-434B-48E0-9D2C-31FA93D9635A} P2PNETSH.DLL diagnostics
{6EC05238-F6A3-4801-967A-5C9D6F6CAC50} P2PNETSH.DLL peer
{0705ECA2-7AAC-11D2-89DC-006008B0E5B9} RASMONTR.DLL ras
{42E3CC21-098C-11D3-8C4D-00104BCA495B} RASMONTR.DLL aaaa
{90FE6CFC-B6A2-463B-AA12-25E615EC3C66} RASMONTR.DLL diagnostics
{13D12A78-D0FB-11D2-9B76-00104BCA495B} RASMONTR.DLL ip
{36B3EF76-94C1-460F-BD6F-DF0178D90EAC} RASMONTR.DLL ipv6
{592852F7-5F6F-470B-9097-C5D33B612975} RPCNSH.DLL rpc
{C07E293F-9531-4426-8E5C-D7EBBA50F693} RPCNSH.DLL filter
{0BFDC146-56A3-4311-A7D5-7D9953F8326E} WHHELPER.DLL winhttp
{B2C0EEF4-CCE5-4F55-934E-ABF60F3DCF56} WSHELPER.DLL winsock
{D424E730-1DB7-4287-8C9B-0774F5AD0576} WLANCFG.DLL wlan

2003
{65EC23C0-D1B9-11D2-89E4-006008B0E5B9} IPMONTR.DLL routing
{0705ECA0-7AAC-11D2-89DC-006008B0E5B9} IPMONTR.DLL ip
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL autodhcp
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL dnsproxy
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL igmp
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL nat
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL ospf
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL relay
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL rip
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL routerdiscovery

xp
{65EC23C0-D1B9-11D2-89E4-006008B0E5B9} IPMONTR.DLL routing
{0705ECA0-7AAC-11D2-89DC-006008B0E5B9} IPMONTR.DLL ip
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL autodhcp
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL dnsproxy
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL igmp
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL nat
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL ospf
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL relay
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL rip
{0705ECA3-7AAC-11D2-89DC-006008B0E5B9} IPPROMON.DLL routerdisco

from above, we found that routing capability has removed in vista, but we can take it back, here the tricks :

I got IPMONTR.DLL IPPROMON.DLL from 2003 , it is ok if you got these files from XP.
copy to Vista WINDOWS\SYSTEM32
and run

netsh add helper ipmontr.dll
netsh add helper ippromon.dll

now you can configure Vista routing and remote access.

netsh>routing ip nat
netsh routing ip nat>add interface “Nvidia” full
netsh routing ip nat>add interface “SMC” private

netsh>interf ipv4
netsh interface ipv4>set interface “8″ forwarding=enable
netsh interface ipv4>set interface “10″ forwarding=enable

8 and 10 are interface id of Nvidia and SMC.
You can get interface id by

netsh>interface ipv4 show interfa

now you can do everything with this routing capability, u can look at windows XP netsh help documentation..

best regards,
dani_wafaul_falah
http://wafa.web.id

10 Things you should know about NetSH

0

NETSH is one of the most powerful tools in the Windows networking toolkit. This list will introduce you to some good uses of NETSH in various scenarios and show you how you can streamline your networking configuration, administration, and documentation.

#1: What is NETSH?

NETSH is one of the most powerful yet least known networking tools included with Windows 2000 and Windows Server 2003. It’s installed by default and is located in the %systemroot%\system32 folder. NETSH is also available on Windows XP.

NETSH enables you to display, modify, import, and export many aspects of the network parameters of a system. It can also connect remotely to other systems with a remote machine parameter (-r).

#2: Contexts for NETSH

Contexts are specific dimensions of the network configuration that can be managed by NETSH. The commands and options within NETSH are context sensitive, and the same command may exist in multiple context areas but have different commands and results in each context. Here are the Windows Server 2003 NETSH context areas:

Context – Description
aaaa -Authentication, authorisation, accounting and auditing
dhcp – DHCP server administration
diag – OS and network service parametres
interface – NIC configuration; includes subcontexts
ipsec – Alternative to IP service parameters
netsh bridge – Network bridging configuration
ras – Remote access server configuration
routing – Routing administration (instead of RRAS)
rpc – subnet and interface settings
wins – Windows Internet Name Service administration

Now, to add to the confusion, a context can have a subcontext. For example, the interface context has three subcontexts, ip, ipv6, and portproxy. NETSH refers to these subcontexts as a context, such as the netsh interface ip context. Note that Windows XP has a different set of contexts. When using the import and export operations in noninteractive mode, you must specify context or subcontext configuration.

#3: Coordinating network change control with NETSH

You can use NETSH to export and import network configurations. A good example of using NETSH with networking change control would be when a system is going to be placed on a different network, but the communication channels need to be maintained to various other systems. A NETSH export will allow all parties to agree on various network settings. For example, here is a portion of a NETSH export of the interface context from a dump operation.

set address name = “Teamed NIC” source = static addr = 10.64.32.100 mask = 255.255.252.0
set address name = “Teamed NIC” gateway = 10.25.44.1 gwmetric = 1
set dns name = “Teamed NIC” source = static addr = 10.64.22.50
add dns name = “Teamed NIC” addr = 10.95.61.22
add dns name = “Teamed NIC” addr = 10.95.45.34
set wins name = “Teamed NIC” source = static addr = 10.95.45.70
add wins name = “Teamed NIC” addr = 10.95.45.25

Reviewing a NETSH export with all parties involved can ensure that the system will be routed correctly, using the correct DNS, WINS, and subnet mask. The best part is that you can then import the entire file into the Windows system after all appropriate entries have been made without any chance of entering the information incorrectly. And this is only for the interface context. The same applies for all other context scripts.

#4: Using NETSH to dynamically change TCP/IP addresses

You can use NETSH to make dynamic IP address changes from a static IP address to DHCP simply by importing a file. NETSH can also bring in the entire Layer-3 configuration (TCP/IP Address, DNS settings, WINS settings, IP aliases, etc.). This can be handy when you’re working on networks without DHCP and have a mobile computer that connects to multiple networks, some of which have DHCP. NETSH shortcuts will far exceed the capabilities of using Windows Automatic Public IP Addressing. Here is an example of running a dynamic update of an IP address:

C:\NETSH -f filename.netsh

In this example, filename.netsh is the NETSH file that contains an interface dump configuration. You can make shortcuts in Windows to a .BAT file that will run that command so you can easily add shortcuts to get a DHCP address and switch to a static IP address for a customer site, DMZ network, or any other static IP network.

#5: Best practice: Using a .NETSH extension

NETSH import and export operations are in a native plain text format and can be read and edited from any text tool. However, NETSH files should be handled as a special file type because they’re used to document network configurations, as well as for the import and export process. A best practice would be to make all export operations refer to a FILE.NETSH, where this file is what has been exported from NETSH. This is especially important because a NETSH export file doesn’t contain the word NETSH in it. This way, even a novice can figure out what the file contains.

The file extension from export (dump) and import (-f) operations are entirely user specified. For convenience, you can associate the .NETSH extension with your Windows installation to allow native double-click editing.

#6: NETSH in interactive mode

NETSH is one of the Windows tools that can be run in either an interactive or a noninteractive environment. Interactive tools (such as nslookup and dnscmd) have effectively different usage scenarios depending on the mode chosen.

Interactive mode also has two submodes, online and offline. Online mode is a direct interaction with the networking components while in interactive mode. Offline mode lets you interactively make changes and then roll them all online instantly by going to online mode.

#7: NETSH in noninteractive mode

In noninteractive mode, you can implement NETSH commands by importing a file. Using noninteractive mode is recommended for file import and export operations. With NETSH in noninteractive mode, you can export key settings from each context as a specific aspect of your system documentation. In addition, if an issue arises and you can trace it back to a specific networking topic for which you have a NETSH script exported from a known working time, you can re-import that NETSH script in noninteractive mode and restore your networking functionality to that point. Please note that NETSH does not back up data within the contexts, such as the WINS database.

#8: Clarifying the scripts

When exchanging NETSH scripts, you can insert comments to solicit feedback. This will allow you to explain an entry or use it as a training tool for others. Simply insert REM in a NETSH exported file to add a comment. Don’t put in too many comments, however; just what is necessary.

#9: NETSH precautions

NETSH is a powerful tool and should be used with caution. Using interactive online mode (the default) for changes on the fly can be more risky than implementing a change in interactive offline mode and going online to commit the changes. However, using noninteractive mode to perform changes is popular as well because the changes can be scripted. Try your hand at NETSH on a virtual machine or test system first.

#10: Navigating NETSH

The large array of features available in NETSH may seem overwhelming at first. It’s helpful to get into NETSH to see the options available and practice using the interface in interactive mode (a little different for those of us used to noninteractive tools). Getting into NETSH in interactive mode is easy: Simply type NETSH at the command prompt. Then, use these guidelines to investigate the command options:

|> To change to another context, type the name of the context. For example, typing interface ip will go immediately to the interface ip context from which ever context you are presently located.
|> To change your mode, type offline or online. Typing offline will send the interactive session offline, so any changes won’t be brought in immediately. Typing online will bring the interactive session online, so changes will immediately be brought into the networking elements of the system.
|> Typing show mode will display the current mode (offline or online). The default mode is online, so be sure to immediately jump offline if you are experimenting.
|> Typing ? or help will show the available commands for your current context location. If you’re in the root of the tool, there is no active context and your interface to the tool will be a netsh> prompt.
|> Global commands, such as online and quit, are those you can use everywhere. Context commands are available only in the current context. For example, from the netsh interface ip> context, you can view the network configuration by running show dns, but this command may not work other contexts or subcontexts.
|> In contexts, running set and show will provide the context-sensitive command options.

The Power of SSH Tunnel

0

_____________________________________________

with loves, with efforts, with knowledges
knowing the best for ur best
__illuminator__
http://wafa.web.id
_____________________________________________

SSH is known for its secure shellprotocol, from wikipedia.org its explain that :

Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols.

now, in this posting i’ll describe some usage from ssh client for tunnelling:

  • X11 Display forwarding
  • This type tunnel can be done with this additional command line:
    -X
    example:
    ssh -l wafa@myserver -X
  • This methode explain that, all my display will exported to my local X Server, with note that you have install your local XServer (for windows you can install XWin32 or eXceed or another XServer for win32, but for linux/unix this is preinstalled package when u install desktop environment)

 

  • Local Port forwarding
  • This type tunnel can be done with this additional command line :
    -L [bind ip address:]localport:remote ip address:remoteportexample:
    -L 127.0.0.1:8080:208.80.152.42:8080
     
  • This method can be explain like this, you can access remote address and port from your localhost port 8080, this method can be used to create a tunnel to your internal imap/pop3/smtp server when you at outside your internal office network.
    e.q :
    -L 127.0.0.1:143:192.168.0.5:143

    => 192.168.0.5    : your internal imap server
    => 127.0.0.1:143 : for your mail client setting

 

  • Remote Port forwarding
  • This type tunnel can be done with additional command line :
    -R bind remote ip address:remoteport:[local ip address:]localport
    example:
    -R 208.80.152.42:8080:
    127.0.0.1:8080
  • This type tunnel useful when you need a back access to your local server from your remote server, this type tunnel is the opposite of local port forwarding.

 

  • Local Dynamics Port Forwarding a.k.a Socks Tunnel
  • This type is commonly used if you need full access to your remote network, this tunnel work like a socks proxy, ssh support both socks 4 & 5, this type tunnel can be done with this additional command line :
    -D [bind ip address:]localportexample:
    -D 127.0.0.1:8080

for some security reason there is some additional tips and command to deal with tunneling, such as:

  • using pair keys, you will nedd this to by pass password prompting, u can use this when u already have pair key generated by ssh-keygen
  • do not execute remote command, just do the tunnel, this can be done with additional options : -N

_____________________________________________

with loves, with efforts, with knowledges
knowing the best for ur best
__illuminator__
http://wafa.web.id
_____________________________________________

Digital Certification, Signed by Known Certificate Authorities

0

_____________________________________________
with loves, with efforts, with knowledges
knowing the best for ur best
__illuminator__
http://wafa.web.id
_____________________________________________

this night, i’m successfully publish my web site @ www.illuminator.web.id to have SSL support,
in this server i plant a certification from StartCom Ltd. => https://www.startssl.com thanks to the support team that add my country to their registration form.

first, u need to register to their site through their registration form, please submit complete information to get your application form to be approved. after registration u will receive confirmation via your email, n need to confirm that confirmation code, if u successful with this step and their approved your application, u will prompt to create client certificate that can be use to login to their site to do much think..

before u can create your server certificates, u must validate your domain first, insert your domain, and they will send you a confirmation through the email on your domain (hostmaster@yourdomain or webmaster@yourdomain or postmaster@yourdomain) according your current administration email.

(more…)

Tortoise SVN, The Easy way to manage project with SVN

0

According to my tutorial before, SVN is a version control system. It allows users to keep track of changes made to any type of electronic data, typically source code, web pages or design documents. this is the alternative of CVS (another version control system).

there is a builtin client packaged with the binary of SVN, but if you need another client which has many feature on Windows OS Family, you might interested to install Tortoise SVN

from the website,

TortoiseSVN is an easy to use SCM / source control software for Microsoft Windows and maybe the best Subversion client there is. It is implemented as a Windows shell extension, which makes it integrate seamlessly into the Windows explorer. Since it’s not an integration for a specific IDE you can use it with whatever development tools you like.

in my side, i use this tools partially, when i need the simplier and more user friendly step to manage my code under versioning. with tortoise i can create local repository (with fsfs storage or bdb storage) and importing initial project to its. but not only that, when u do initial import, u can choose not only to local repos, but u can choose the remote repos too.  after the initial import u can just do checkout the project and working with it (commit and update).

in a versioned folder / source, u can do many operation to  versioned source/folder with easy rigth click, coz tortoise integrated with explorer shell.

with just right click, u can resolv, revert, view log, browse repos folder, cleanup lock, or another advance operation like create branch, merging, or even create a patch.

all svn command i describe before, can be done with single click without write down long command.

Windows Server 2003 Administration Tips

0

Want to build an enterprise network? which can accomodate multiple user? n offcourse we can’t forget the security factor.

I have some hints to build a network like that using windows server 2003 with several software installed to perform much reliable, secure network.

First i’ll explain about the feature of windows server 2003, Microsoft Windows Server 2003 Family have 3 version, Standar Edition, Enterprise Edition and Data Senter Edition. each version have same ability but have a few different on hardware support.for small use the standar edition may be the best choice, but if you have large type or enterprise server you can use the enterprise or Data center edition to support much more cpu, RAM and storage.

The Next, the main feature use often @ a network with multiple user :

  • Active Directory
  • DNS (Domain Name System)
  • DHCP (Dynamic Host Configuration Protocol)
  • File Sharing
  • Terminal Server
  • Windows Service Update Server

With 3rd party software from Symantec we can deliver an integrated anti-virus management system @ the network, @this hints i will use Symantec AntiVirus Corporate Edition for easier update n install.

(more…)

Automatically Configure Browsers for Proxy

0

Autoconfigure Scripts for Proxy Settings – Apr. 22, 2004

April 22, 2004: Added more complex examples to bypass proxy for multiple URL’s.

August 15, 2003: Updated with example of bypassing proxy for a particular URL, and also mention WPAD.DAT to automatically configure Internet Explorer.

PROXY.PAC Files

Several of my clients have asked for a way to have browsers automatically pick up proxy settings if the PC (usually a laptop) is on the local LAN, but not use a proxy server if the PC is not on the local LAN. For instance, moving a laptop from a home network with no proxy server to the office LAN, with a BorderManager server.

The browser can be configured with a simple PROXY.PAC file. The PROXY.PAC file can be quite complex, providing for load-balancing, fault tolerance, or other uses. I would be happy to produce a custom proxy.pac file for you (as a paid consulting project). The examples here are pretty basic.

I have tested this PROXY.PAC file on Netscape, Mozilla, Firefox, Opera and Internet Explorer on Windows XP Professional and Windows 2000 Professional.

Note: This is not a method for remotely or permanently setting the proxy settings, which can be done in a number of ways (ZENworks, login script, proxy configuration files from Netscape or Microsoft, etc.) I will assume that you will visit the workstations and enter the proxy settings as necessary to point to the PROXY.PAC file. If the PC is to be moved off the local LAN, you will also need to copy the file to the PC.

How it works:

The .PAC file checks the local IP subnet address of the PC, and branches with an IF / ELSE statement. If the PC is located in a subnet that matches, a proxy server is used. If the PC is on any other subnet, a direct connection is used instead of the proxy.

function FindProxyForURL(url, host)
{
if (isInNet(myIpAddress(), “192.168.1.0″, “255.255.255.0″))
return “PROXY 192.168.1.1:8080″;
else
return “DIRECT”;
}

In my example file #1, I check that the host is in the 192.168.1.0 (255.255.255.0) subnet. If it is, I tell the browser to use a proxy at IP address 192.168.1.1, using port 8080. Obviously, you may need to change the subnet, subnet mask and proxy address/port for your LAN configuration.

There are methods which can be used to check for multiple subnets in case you have more than one internal LAN subnet. Ask in the Novell Public Forums about more complex PROXY.PAC files. (Or hire me to develop one for your environment!)

Download my example PROXY.PAC file #1 HERE (simple version)

More Complex Version

I have had a number of occasions where I needed to bypass the http proxy for a particular web site. This is easily done with a PROXY.PAC file, by putting in an IF statement with the proper syntax. (You can have lots of IF statements if you want to do this for multiple web sites.)

Here is an example that bypasses proxy for a particular web site (principia.mo.techpaths.com) that was giving grief when going to it through the HTTP Proxy:

function FindProxyForURL(url, host)
{
if (shExpMatch(url, “http://principia.mo.techpaths.com*”)) {
return “DIRECT”;
}
if (isInNet(myIpAddress(), “192.168.1.0″, “255.255.255.0″))
return “PROXY 192.168.1.1:8080″;
else
return “DIRECT”;
}

You can download this version of PROXY.PAC here.

Slightly More Complex PROXY.PAC Example – Multiple Proxy Bypass URL’s (not for laptops)

In this example you can add multiple URL’s to NOT use a proxy, and then proxy everything else. In this example, you do not have a check for the local network, so it would not be a good example for a laptop that moves between networks.

function FindProxyForURL(url, host)
{
// variable strings to return
var proxy_yes = “PROXY 192.168.1.1:8080″;
var proxy_no = “DIRECT”;
if (shExpMatch(url, “http://www.mycompanywebsite.com*”)) { return proxy_no; }
if (shExpMatch(url, “http://www.myotherwebsite.com*”)) { return proxy_no; }
if (shExpMatch(url, “http://www.my3rdlocalsite.com*”)) { return proxy_no; }
// Proxy anything else
return proxy_yes;
}

Even More Complex PROXY.PAC Example – Multiple Proxy Bypass URL’s with Local Address Check

In this example you can add multiple URL’s to NOT use a proxy, and then proxy everything else. In this example, you have a check for the local network, so you can use this one on a laptop.

function FindProxyForURL(url, host)
{
// variable strings to return
var proxy_yes = “PROXY 192.168.1.1:8080″;
var proxy_no = “DIRECT”;
if (shExpMatch(url, “http://www.mycompanywebsite.com*”)) { return proxy_no; }
if (shExpMatch(url, “http://www.myotherwebsite.com*”)) { return proxy_no; }
if (shExpMatch(url, “http://www.my3rdlocalsite.com*”)) { return proxy_no; }
if (shExpMatch(url, “http://192.168.1.100*”)) { return proxy_no; }
// Proxy if PC is on local LAN
if (isInNet(myIpAddress(), “192.168.1.0″, “255.255.255.0″))
return “PROXY 192.168.1.1:8080″;
else
return “DIRECT”;
}

Autoconfigure the Proxy Settings from the BorderManager Server (for Internet Explorer)

In this method, you point to a file being made available via the BorderManager miniwebserver. For a simple PROXY.PAC file and a PC that says on the local LAN, this doesn’t make a lot of sense, as it is easier to just enter the proxy server address and port numbers. However, this technique is useful when you have complex PROXY.PAC files which do load balancing, etc.

1. Copy the PROXY.PAC file to the BorderManager SYS:ETC\PROXY\DATA directory.
2. In the browser proxy settings, configure the Automatic Proxy Configuration (Netscape) or Use Automatic Configuration Script (IE) URL to:

http://192.168.1.1:1959/data/proxy.pac

Where 192.168.1.1 must be changed to your BorderManager server’s private IP address. The port 1959 is the default miniwebserver address.

If Internet Explorer doesn’t see the file, it will default to using whatever proxy settings are configured under LAN settings.

Certain versions of Internet Explorer have a bug with .PAC files. This can be fixed with a patch. See the Microsoft article here.

Autoconfigure the Proxy Settings from a Local Copy of the PROXY.PAC File (IE or Netscape)

In this method, useful for laptops that travel on and off your LAN, you copy the file to some local directory, and point to it.

1. Copy the PROXY.PAC file to the C:\WINDOWS directory, or other directory of your choice.
2. In the browser proxy settings, configure the Automatic Proxy Configuration (Netscape) or Use Automatic Configuration Script (IE) URL to:

Netscape, use: file:///c|/windows/proxy.pac
Internet Explorer, use: file://c:/windows/proxy.pac

In Netscape, click on the Reload button.

Have Internet Explorer Automatically Configure Itself to Use a Proxy

There are ways to push the proxy settings (including PROXY.PAC) files to any browser, but Internet Explorere tends to be the easiest. In fact, you can have Internet Explorer automatically discover your PROXY.PAC file without you even having to touch the browser, if the browser is left at default settings. This is done by renaming PROXY.PAC to WPAD.DAT, and launching it from web server, using a local DNS entry. Please see this tip on methods for configuring browsers to pick up proxy settings.

 

from http://nscsysop.hypermart.net/proxypac.html

Go to Top