Installing Software Packages behind Firewall
Recently, I had a scenario in which I had to install software packages on nodes that are behind firewalls with no access to internet. Only one node on the LAN is connected to internet while the rest of the nodes aren’t.
To get the nodes configured there are two options:
- Either download the deb package manually and install them
- Use a proxy to allow connecting the local nodes through the head node to internet.
Following figure shows the network configuration that I am dealing with. We have a LAN on subnet 192.168.4.0/24. The headnode has IP 192.168.4.100. The nodes that we want to setup software packages on have IPs in ranges 192.168.4.101-192.168.4.120.
Setup Proxy Server
To do this we will setup a proxy server at the head node. We will use Squid proxy server. Install the proxy server using:
sudo apt install squid3
Create a copy of original squid conf so that if we mess things up we have the original copy
sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original To set your Squid server to listen on TCP port 8888 instead of the default TCP port 3128, change the http_port directive as such:
http_port 8888. For our example we will simply use the
Using Squid’s access control, you may configure use of Internet services proxied by Squid to be available only users with certain Internet Protocol (IP) addresses. For example, we will illustrate access by users of the 192.168.4.0/24 subnetwork only:
Add the following to the bottom of the ACL section of your
acl fortytwo_network src 192.168.4.0/24 Then, add the following to the top of the http_access section of your /etc/squid3/squid.conf file:
http_access allow fortytwo_network
After making changes to the /etc/squid3/squid.conf file, save the file and restart the squid server application to effect the changes using the following command entered at a terminal prompt:
sudo systemctl restart squid3.service
Using proxy with apt
Edit configuration file for apt using
Paste this line in the apt.conf
You can also specify proxy option directly while using apt
sudo http_proxy='http://192.168.4.100:3128/' apt-get install package-name
Configure proxy for python-pip
sudo pip install Flask-MongoAlchemy --proxy="http://192.168.4.100:3128"
Configure Maven with proxy
<settings> . . <proxies> <proxy> <id>example-proxy</id> <active>true</active> <protocol>http</protocol> <host>proxy.example.com</host> <port>8080</port> <username>proxyuser</username> <password>somepassword</password> <nonProxyHosts>www.google.com|*.example.com</nonProxyHosts> </proxy> </proxies> . . </settings>
Adding this to your pom.xml with respective changes will allow Maven to fetch the dependencies using the specified proxy.