pkg_add proxy issues

fukawi2 · Jan 5, 2010

Hi all,

So I'm finally biting the bullet and experimenting with FreeBSD

I'm using it as a DNS server for my home network. I have installed FreeBSD 8.0 in a Virtual Box VM on my dedicated VM server. Everything works OK except using my proxy.

I have a firewall blocking all outbound connections from my home network to the internet, so the proxy has to be used for anyone to get out. The proxy is running squid, and has been working fine for 12 months. It works fine from my Linux Desktop, and my other Linux Servers (both physical and virtual).

I have read this thread and tried both forms of exporting ftp_proxy and FTP_PROXY (ie, with and without the a leading ftp://)
http://forums.freebsd.org/showthread.php?t=1801

I am 'root' with the bash shell (yes, that's the Linux in me

)

When I try and use the proxy:

Code:

root@dns0 /etc/mail # export ftp_proxy='ftp://proxy.fukawi2.local:3128/'
root@dns0 /etc/mail # export FTP_PROXY='ftp://proxy.fukawi2.local:3128/'
root@dns0 /etc/mail # pkg_add -r -v postfix
scheme:   [ftp]
user:     []
password: []
host:     [ftp.freebsd.org]
port:     [0]
document: [/pub/FreeBSD/ports/amd64/packages-8.0-release/Latest/postfix.tbz]
scheme:   [ftp]
user:     []
password: []
host:     [proxy.fukawi2.local]
port:     [3128]
document: [/]
---> proxy.fukawi2.local:3128
looking up proxy.fukawi2.local
connecting to proxy.fukawi2.local:3128

It sits here forever and never does anything else.

Traffic dumps in the proxy machine show the connection is made, but then stops:

Code:

[~]# tcpdump -lnn -s0 -A -i eth2 host 192.168.235.194 and not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes

09:54:37.329998 IP 192.168.235.194.19389 > 192.168.235.200.3128: S 854344751:854344751(0) win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 4584039 0>
E..<aK@.@...........K..82.D/........-j.............
.E.g....
09:54:37.330059 IP 192.168.235.200.3128 > 192.168.235.194.19389: S 502519285:502519285(0) ack 854344752 win 5792 <mss 1460,sackOK,timestamp 257116699 4584039,nop,wscale 2>
E..<..@.@............8K.....2.D0.....b.........
.SJ..E.g....
09:54:37.330283 IP 192.168.235.194.19389 > 192.168.235.200.3128: . ack 1 win 8326 <nop,nop,timestamp 4584039 257116699>
E..4aM@.@...........K..82.D0...... ..C.....
.E.g.SJ.
09:54:38.514049 IP 192.168.235.194.19389 > 192.168.235.200.3128: F 1:1(0) ack 1 win 8326 <nop,nop,timestamp 4584157 257116699>
E..4aO@.@...........K..82.D0...... ........
.E...SJ.
09:54:38.514202 IP 192.168.235.200.3128 > 192.168.235.194.19389: F 1:1(0) ack 2 win 1448 <nop,nop,timestamp 257116995 4584157>
E..4..@.@.A..........8K.....2.D1...........
.SKC.E..
09:54:38.514416 IP 192.168.235.194.19389 > 192.168.235.200.3128: . ack 2 win 8325 <nop,nop,timestamp 4584158 257116995>
E..4aP@.@...........K..82.D1...... ........
.E...SKC

There is nothing logged in either squid access logs, nor the cache log.

If I open a hole in the firewall for port 21, and unset ftp_proxy, then pkg_add goes straight through and downloads the package then installs without a problem.

aragon · Jan 6, 2010

I'm not sure how fetch(3) implements FTP proxy support, and maybe it doesn't work with Squid. You might consider using SOCKS and net/csocks or net/tsocks instead.

crsd · Jan 6, 2010

# export HTTP_PROXY="http://proxy.fukawi2.local:3128" should work both for http and ftp. Are you requiring some kind of auth on your proxy?

sixtydoses · Jan 6, 2010

crsd said:
# export HTTP_PROXY="http://proxy.fukawi2.local:3128" should work both for http and ftp.

I always have to export ftp_proxy if I want to download something from a ftp site. Exporting http_proxy doesn't work for me.

crsd · Jan 6, 2010

sixtydoses said:
I always have to export ftp_proxy if I want to download something from a ftp site. Exporting http_proxy doesn't work for me.

Using which program?

sixtydoses · Jan 6, 2010

wget. Doesn't apply the same for fetch?

crsd · Jan 6, 2010

No. Quoting fetch(3):

Code:

HTTP_PROXY          URL of the proxy to use for HTTP requests.  The docuâ€
                         ment part is ignored.  Only HTTP proxies are supâ€
                         ported for HTTP requests.  If no port number is specâ€
                         ified, the default is 3128.

                         [b]Note that this proxy will also be used for FTP docuâ€
                         ments, unless the FTP_PROXY variable is set.[/b]

sixtydoses · Jan 6, 2010

Woops. My bad. Thanks!

fukawi2 · Jan 6, 2010

crsd said:
# export HTTP_PROXY="http://proxy.fukawi2.local:3128" should work both for http and ftp. Are you requiring some kind of auth on your proxy?

Thanks for all the input guys.

I have tried setting http_proxy as well with the same results. I have also tried both UPPER case and lower case versions of FTP_PROXY and HTTP_PROXY

The proxy requires no authentication.

fukawi2 · Jan 6, 2010

aragon said:
I'm not sure how fetch(3) implements FTP proxy support, and maybe it doesn't work with Squid. You might consider using SOCKS and net/csocks or net/tsocks instead.

Ahha! Solved... From fetch(3)

FTP_PROXY
URL of the proxy to use for FTP requests. The docu-
ment part is ignored. FTP and HTTP proxies are sup-
ported; if no scheme is specified, FTP is assumed.
If the proxy is an FTP proxy, libfetch will send
`user@host' as user name to the proxy, where `user'
is the real user name, and `host' is the name of the
FTP server.

To use squid, you have to export FTP_PROXY with the http:// scheme:

Code:

export FTP_PROXY='http://proxy.fukawi2.local:3128/'

Just to be confusing and mix protocols