Difference between revisions of "How to configure WPAD"

From wiki.IPBRICK.COM
Jump to: navigation, search
(Configuration Hint - Proxy)
 
(One intermediate revision by the same user not shown)
Line 64: Line 64:
 
== Configuration Hint - Proxy ==
 
== Configuration Hint - Proxy ==
  
'''How to use proxy to access sites not running at port 80/443'''
+
'''How to use a proxy to access sites which aren't running on port 80/443'''
  
 
# Let's imagine that you want to access http://site.xpto.com:81;
 
# Let's imagine that you want to access http://site.xpto.com:81;
# Go to ''Security » Proxy » Settings » Configurations » Other configurations'' and on ''Allowed connections'' add port 81 as authorized; [[File:proxy_port81.png]]
+
# Go to ''Security » Proxy » Settings » Configurations » Other configurations'' and on ''Allowed connections'' add port 81 as authorized; [[File:Proxy_port81.png]]
# Go to ''Advanced Configurations » Network » Firewall'' and insert the following ''General Settings rule'':
+
# Go to ''Advanced Configurations » Network » Firewall'' and insert the following ''General Settings'' rule:
 
#:  Rule: INPUT
 
#:  Rule: INPUT
 
#:  Interface: ETH1
 
#:  Interface: ETH1
Line 74: Line 74:
 
#:  Origin port: 81
 
#:  Origin port: 81
 
#:  Parameters: ! --syn
 
#:  Parameters: ! --syn
#: Policy: ACCEPT [[File:proxy_port81a.png]]
+
#: Policy: ACCEPT [[File:Proxy_port81a.png]]
 
# Apply Configurations;
 
# Apply Configurations;
 
# Use a LAN PC and test now the connection to http://site.xpto.com:81.
 
# Use a LAN PC and test now the connection to http://site.xpto.com:81.

Latest revision as of 12:49, 4 April 2016


* * * THIS PAGE IS UNDER CONSTRUCTION * * *

This How-to will describe how to configure WPAD on IPBrick.

These configurations allow a user to access an Intranet server without needing to use a proxy service as an intermediary and, at the same time, prohibits an external access without a proxy server. The first aspect promotes a better performance and the second one prevents security issues.

Two scenarios will be presented here:

  1. The first scenario will show the configurations for one IPBrick.
  2. The second scenario will demonstrate how to configure WPAD between two IPBrick servers:
    • One IPBrick is the Intranet server where DHCP and DNS services will run;
    • One IPBrick is the security server where Proxy service will run.

The following examples will explain step by step how to configure a WPAD (Web Proxy Auto-Discovery) for both scenarios.


First scenario

Cenario1.jpeg

On our first scenario, the aim is to configure WPAD with an IPBrick as an Intranet server, where DHCP and DNS services will run.

In order to do this we have to:

  1. DHCP: activate WPAD.
    • Go to Advanced configurations » Support services » DHCP » Subnets » General options; Subnets.png
    • On Proxy Auto-configuration, select Yes (by default is set up to No). Proxyautoconfiguration.png
  2. Proxy: activate WPAD.
    • Go to IPBrick.C » Proxy » Auto-configuration; Proxyautoconfiguration3.png
    • On Auto-configuration » Enable Auto-configuration, select Yes (by default is set up to No). Proxyautoconfiguration2.png

Note: There is no need to configure anything for DNS because it already points to the server in question.


Second scenario

Cenario2.1.jpeg

On the second scenario, the aim is to configure WPAD with an IPBrick as a security server, where Proxy server will run.

So, in this case, we have to servers. One of them is an Intranet server which is connected to our LAN; the other is a communication server that links our LAN to the Internet.

As a practical example, let's call "srv01" to our internal server and "srv02" to the external one; "srv01" lodges DNS and DHCP services and "srv02" acts as a proxy.

  1. To configure our "srv01":
    • DNS: it's lodged on "srv01" but it has to point to "srv02".
      • Go to Advanced configurations » Support services » DNS » Domains; DNSdomains.png
      • Select your domain on Forward zone; Aliases.png
      • Here it is possible to see several configurations but, for our configuration, search for WPAD on the Aliases table; WPAD.png
      • Select WPAD and configure it to your server, "srv02"; WPADsrv02.png
      • Repeat these steps but this time search for Proxy on Aliases. Proxysrv02.png
    • DHCP: activate WPAD.
      • Go to Advanced configurations » Support services » DHCP » Subnets » General options; Subnets.png
      • On Proxy Auto-configuration, select Yes (by default is set up to No). Proxyautoconfiguration.png

Now we have both DNS and DHCP configured on our "srv01", pointing to "srv02".

  1. To configure "srv02":
    • Proxy: activate WPAD.
      • Go to IPBrick.C » Proxy » Auto-configuration; Proxyautoconfiguration3.png
      • On Auto-configuration » Enable Auto-configuration, select Yes (by default is set up to No). Proxyautoconfiguration2.png

Configuration Hint - Proxy

How to use a proxy to access sites which aren't running on port 80/443

  1. Let's imagine that you want to access http://site.xpto.com:81;
  2. Go to Security » Proxy » Settings » Configurations » Other configurations and on Allowed connections add port 81 as authorized; Proxy port81.png
  3. Go to Advanced Configurations » Network » Firewall and insert the following General Settings rule:
    Rule: INPUT
    Interface: ETH1
    Protocol: TCP
    Origin port: 81
    Parameters: ! --syn
    Policy: ACCEPT Proxy port81a.png
  4. Apply Configurations;
  5. Use a LAN PC and test now the connection to http://site.xpto.com:81.