CNTLM and domain searching - linux

I have an Ubuntu guest on Windows host and it uses CNTLM to authorize in the intranet NTLM proxy. The problem is CNTLM just passes the name of the requested server and doesn't do domain searching with resolv.conf or /etc/hosts. Nslookup, dig etc work fine, but curl, firefox and other apps that use proxy simply get 504 Unknown Host from the proxy.
Let's say I have "com" added to "search" in resolve.conf and when I do:
"nslookup google", "dig +search google" it all works, but when I do "curl google", it fails with 504.
Is there any way to make CNTLM use the domain searching?

Related

Website works remotely but not on the server itself when called by domain

I am using Windows Server 2019 and in IIS 10 I have created a website and I have bound it to both: "localhost" and "mydomain.com" on port 80.
mydomain.com works correctly from any client but on the server only when I call "localhost" it works otherwise I get the following error (when called by domain):
Configure your DNS in your local server to resolve the domain name as localhost
On clients, your request domain.com is resolved by its configured DNS.
It can be on public DNS (internet) or private ones (company, intranet).
From the server domain.com, do you have access to the same DNS than your clients use ?
If not, either configure additional DNS servers :
https://serverspace.io/support/help/configuring-a-dns-server-on-windows-server-2012-or-later/
or you could edit you Host file of mydomain.com (local DNS):
C:\Windows\System32\drivers\etc\hosts
It may look like that :
127.0.0.1 localhost
127.0.1.1 mydomain.com
# and existing settings

How to setup Caddy to get HTTPS on my server

I've been issues to get the HTTPS address for my server. Let's say I have a domain www.mydomain.com
If I run this command it just works fine. I can get the HTTPS.
caddy -host www.domain.com
But I have some proxies that I use for django. So I have a CaddyFile. This is how the CaddyFile is set:
# Django
www.mydomain.com {
root /root/my_projects/my_project
proxy / 127.0.0.1:8000 {
transparent
except /static
}
log /var/log/caddy.log
So if I run this command
caddy -host CaddyFile
, it's not giving me HTTPS. Instead this is what the output is:
Activating privacy features... done.
Serving HTTP on port 2015
http://.:2015/caddyfile
So how should I configure the file or what command should I use to get HTTPS on my server with the proxy and the root folder that I set in the CaddyFile?
Thanks.
I'm guessing you use caddy v1.
From the caddy docs said:
-host
The default hostname or IP address to listen on. Sites defined in the Caddyfile without a hostname will assume this one. This is usually used with -port to quickly get simple sites up and running without a Caddyfile.
The -host option maybe ignored your Caddyfile.
If your Caddyfile is in the same directory with caddy binary, try remove all args, just run caddy. It will automatically picks up the Caddyfile.
Otherwise, try this caddy -conf <path/to/your/Caddyfile>

cPanel Server Incorrect URL Resolve

My cPanel server is resolving a URL wrong. The website example.com is hosted on my cPanel server at ip 1.0.0.1. In a script I am attempting a cURL command to cp.example.com which is hosted on another server at 2.0.0.2. My server is resolving cp.example.com to the IP of 1.0.0.1. Any help will be greatly appreciated!
It seems like your dns settings for cp.example.com are not visible on the host where you are running your script. You should check the dns settings for cp.example.com. You may also want to contact the Cpanel support
When you make a cURL request from a source hosted on your cPanel server the IP for the domain is first resolved locally, if it's not found in your Server's DNS zones it will be resolved from your configuration at /etc/resolv.conf
You can test to see which IP your server is resolving this by logging via SSH and pinging it
Executed from your cPanel Server
ping cp.example.com
I can think of two workarounds for this issue:
If example.com's DNS zone is hosted in your cPanel account
Go to cPanel -> Zone Editor
Open the DNS zone for example.com
Find the A record for cp.example.com
Change it to 2.0.0.2
If you have root - edit your WHM / cPanel Server's /etc/hosts file
root#server #: vim /etc/hosts
// 2.0.0.2 cp.example.com

forticlientsslvpn doesn't work with a proxy on Cent OS 7

I'd like to use forticlientsslvpn on Cent OS 7 through a proxy but it doesn't work with a message "Can not connect to proxy" or "Can not resolve proxy address". I guess it needs some dependent libraries but I don't know them.
I downloaded the latest Forticlient SSLVPN 4.4.2329-1 64bit from here. (I installed it on debian then copied the forlder(/opt/forticlientsslvon) to the clean Cent OS 7.)
Both forticlientsslvpn CLI and GUI failed on the same error. This is the result of the cli command.
[root#cent7 /]# cd ~/forticlient-sslvpn/64bit/
[root#cent7 /]# ./forticlientsslvpn_cli --proxy 10.0.0.73:3128 --server 203.0.113.1:10443 --vpnuser myuser
Password for VPN:
STATUS::Setting up the tunnel
STATUS::Connecting...
NOTICE::Can not connect to proxy.
STATUS::Set up tunnel failed
SSLVPN down unexpectedly with error:2
Press Ctrl-C to quit
Clean up...
# Another proxy variable
[root#cent7 /]# ./forticlientsslvpn_cli --proxy http://10.0.0.73:3128 --server 172.17.97.85:10443 --vpnuser myuser
Password for VPN:
08/19/2016 18:19:26 [23461] can not resolve name http://10.0.0.73
Init SSLVPN error:Can not resolve proxy address
# Check the proxy connection
[root#cent7 /]# telnet 10.0.0.73 3128
Trying 10.0.0.73...
Connected to 10.0.0.73.
Escape character is '^]'. # OK
# Check DNS
[root#cent7 /]# nslookup 10.0.0.73
Server: 10.0.0.70
Address: 10.0.0.70#53
Non-authoritative answer:
73.0.0.10.in-addr.arpa name = dns.example.com.
Of cource my forticlient on windows in the same network works with the proxy to the server. And FireFox/wget on this Cent OS 7 server works with the proxy. Does anyone know anything about "Can not connect to proxy" error?
My IP was wrong and needed ip route add
Although the error message was "Can not connect to proxy", my destination forti IP was wrong. It was connected after I fixed it.
One more thing, I noticed a confusing point. I have two proxies like a socks proxy and a web proxy at this time. I knew ssl-vpn uses only web connections but I guessed forticlient might use ssh command during the connection. But it didn't. Forticlient_sslvpn needs only a web proxy so we just need to fill the proxy form of forticlient with a web proxy's url.
And one more thing. After I connected to ssl-vpn, it doesn't work perfectly because I can ping to internal server but not to DMZ(Of course my windows forticlient works well for both). I added ip route to DMZ and it started to work.
ip route add 192.168.3.0 via 10.0.0.5
I guessed this GW 10.0.0.5 is not the same everytime and every machine so I made the dynamic command.
ip route add 192.168.3.0/24 via $(ip route | grep 10.0.0 | awk '{print $3}' | head -1)
I hope this helps someone.

Assigning a domain name to localhost for development environment

I am building a website and would not like to reconfigure the website from pointing to http://127.0.0.1 to http://www.example.com. Furthermore, the certificate that I am using is of course made with the proper domain name of www.example.com but my test environment makes calls to 127.0.0.1 which makes the security not work properly.
What I currently want to do is configure my development environment to assign the domain name www.example.com to 127.0.0.1 so that all http://www.example.com/xyz is routed to http://127.0.0.1:8000/xyz and https://www.example.com/xyz is routed to https://127.0.0.1:8080/xyz.
I am not using Apache. I am currently using node.js as my web server and my development environment is in Mac OS X Lion.
If you edit your etc/hosts file you can assign an arbitrary host name to be set to 127.0.0.1.
Open up /etc/hosts in your favorite text editor and add this line:
127.0.0.1 www.example.com
Unsure of how to avoid specifying the port in the HTTP requests you make to example.com, but if you must avoid specifying that at the request level, you could run nodejs as root to make it listen on port 80.
Edit: After editing /etc/hosts, you may already have the DNS request for that domain cached. You can clear the cached entry by running this on the command line.
dscacheutil -flushcache

Resources