set proxy via dhcp ?

My users use their laptops in different networks. Is there any way to set
proxies via dhcpd ?

How do you solve the problem of different proxies in different networks ?

thnx,
peter

--
peter pilsl
pilsl_usenet@goldfisch.at
http://www.goldfisch.at

peter pilsl <pilsl_usenet@goldfisch.at> wrote:

> My users use their laptops in different networks. Is there any way to set
> proxies via dhcpd ?

Not that I know of. Proxies are probably more of a client setting
than a network connection, but I see your dilemma.

> How do you solve the problem of different proxies in different networks ?

With a PAC file, probably on the internal web server.

--
*--------------------------------------------------------*
| ^Nothing is foolproof to a sufficiently talented fool^ |
| Heath Raftery, HRSoftWorks _\|/_ |
*______________________________________m_('.')_m__ _______*

peter pilsl <pilsl_usenet@goldfisch.at> wrote:

> My users use their laptops in different networks. Is there any way to set
> proxies via dhcpd ?

> How do you solve the problem of different proxies in different networks ?

You mean a proxy for some www browser? Some allow to enter an URL
to download automatic config file. Setup was somewhere at
netscape.com explained. If you write a perl cgi printing out the
proper config, depending on the client IP, it should be doable.

--
Michael Heiming

Remove +SIGNS and www. if you expect an answer, sorry for
inconvenience, but I get tons of SPAM

Heath Raftery wrote:

>
>> How do you solve the problem of different proxies in different networks ?
>
> With a PAC file, probably on the internal web server.
>

sorry for not expressing myself clearly:

my users have their laptop and use it at different networks:

i) the office
ii) their home
iii) uproad at some hotel, WLAN whatever

in the office they are forced to use a proxy, cause I do not NAT or such
stuff to prevent my users from stealing bandwitdth with kazaa and whatever.

at home the office proxy (proxy.local) cannot be found of course but their
provider wants them to use a complete different one.

you see the problem. The IP is easily changed by using DHCP, but the proxy ?
I was thinking about some startup-script that determines the correct
proxy-setting by the subnet and then changes the IE-proxy-setting by
silently applying a reghack (yep - the clients are MS), but then maybe the
user plugs in the networkcable after startup and so on ... its would not be
a clean solution and its OT here ...

thnx a lot,
peter


--
peter pilsl
pilsl_usenet@goldfisch.at
http://www.goldfisch.at

"peter pilsl" <pilsl_usenet@goldfisch.at> wrote in message
news:4004f341$1@e-post.inode.at...
> Heath Raftery wrote:
> my users have their laptop and use it at different networks:
>
> i) the office
> ii) their home
> iii) uproad at some hotel, WLAN whatever
>
> in the office they are forced to use a proxy, cause I do not NAT or such
> stuff to prevent my users from stealing bandwitdth with kazaa and
whatever.
>
> at home the office proxy (proxy.local) cannot be found of course but their
> provider wants them to use a complete different one.

Approaches no. 1:

Make a wpad.dat-file (same contents as a proxy.pac, but the name is
important).
Create a website called wpad.yourdomain.tld and place the file here.
Configure your browsers to "Automatically detect settings" under
proxy-config.
The browsers will now look at the name they got from the DHCP-server and do
the following:
If the name is ws1.something.subdomain.domain.tld the browser will query DNS
for the following:
wpad.something.subdomain.domain.tld
wpad.subdomain.domain.tld
wpad.domain.tld

When it gets a hit, it will look for a file called wpad.dat at that IP (this
means that the site has to be the default site on the webserver), and
configure itself like an ordinary proxy.pac.
When a client connects from home they will either get a similar file, if
their ISP has configured wpad, or just time out and go direct.

Approaches no. 2:
Make a proxy.pac and place it locally on the machines and point your browser
to it.
In this file you wrap all your proxy-stuff in:

function FindProxyForURL(url, host) {

if (isInNet(myIpAddress, "your network", "your netmask")){
//any proxy-config for your network goes here
return "PROXY www-cache.yourdomain.tld:3128";
}
return "DIRECT";
}

In this example, if the client is on your network it will use your proxy, if
not, it will go direct (unless their ISP hand out the same private IP# as
you...).

This is what I consider the two approaches to the problem, but you can make
your proxy.pac/wpad.dat very smart and deal with many special cases. If you
have any questions, please ask again.

Keller

"peter pilsl" <pilsl_usenet@goldfisch.at> wrote in message
news:4004f341$1@e-post.inode.at...
> you see the problem. The IP is easily changed by using DHCP, but the proxy
?
> I was thinking about some startup-script that determines the correct
> proxy-setting by the subnet and then changes the IE-proxy-setting by
> silently applying a reghack (yep - the clients are MS), but then maybe the
> user plugs in the networkcable after startup and so on ... its would not
be
> a clean solution and its OT here ...

BTW, there IS in fact a way to do this with DHCP, but it is very tricky. It
involves introducing:

option wpad-url code 252 = text ;
option wpad-url "http://wpad.yourdomain.tld/wpad.dat";

to your dhcpd.conf.

I had many troubles configuring this, and ended up not doing it at all. Some
of the problems involved browsers requesting wpad.da instead, and i have
heard about people with browsers that added all kinds of characters after
wpad.da, eg. wpad.dal, wpad.daf etc. And finally, it's only supported in
very few browsers (IE).
Go after one of my other suggestions in another post.

Keller

Carsten Keller <CK@adm.iha_i_hate_swen.dk> wrote:
> This is what I consider the two approaches to the problem, but you can make
> your proxy.pac/wpad.dat very smart and deal with many special cases. If you
> have any questions, please ask again.

On my work (and home) network, proxy.pac is the same as wpad.dat.
Furthermore, both are actually a CGI script that hands out a different
result depending on the client's source IP address.

To determine the appropriate proxy file from a collection of
possibilities, it looks at all four octets of the address, then the first
three, then only two, then just the first, and then finally dishes out
a default "no proxying here" file.

This works well with our VPN users too, as we can request their browsers
to go direct for everything except our corporate intranet sites.

Chris

Carsten Keller wrote:
> Approaches no. 1:
>
> Make a wpad.dat-file (same contents as a proxy.pac, but the name is
> important).
> Create a website called wpad.yourdomain.tld and place the file here.
> Configure your browsers to "Automatically detect settings" under
> proxy-config.
> The browsers will now look at the name they got from the DHCP-server and do
> the following:
> If the name is ws1.something.subdomain.domain.tld the browser will query DNS
> for the following:
> wpad.something.subdomain.domain.tld
> wpad.subdomain.domain.tld
> wpad.domain.tld


I cannot get this to work:

I have checked the Windows XP boxes out and they are auto-configuring
their WPAD on other networks.

On my home Linux based network (DNS, DHCPD, etc) IE doesn't even do DNS
lookups on wpad.ANYTHING. I turn on query logging on BIND on the linux
box and sure enough no wpad queries at all.

The Wpad is waiting there to be used, but never gets asked for.

Do you have any idea why this might be happenning ?

--
The above name and e-mail are fake as a SPAM/Virus prevention method.
However, I would like to hear any assistance in the newsgroup if possible.

> I have checked the Windows XP boxes out and they are auto-configuring
> their WPAD on other networks.
>
> On my home Linux based network (DNS, DHCPD, etc) IE doesn't even do DNS
> lookups on wpad.ANYTHING. I turn on query logging on BIND on the linux
> box and sure enough no wpad queries at all.
>
> The Wpad is waiting there to be used, but never gets asked for.
>
> Do you have any idea why this might be happenning ?


Do windows clients get assigned correct domain names?

I have tried to setup WPAD on numerous occassions - but the god damn
thing is so broken in the Microsoft Internet Explorers from different
releases of Windows and service packs that i finally gave up in
frustration. Save yourself much headache - do it manually or use a
proxy-script.

Andrey Asadchev wrote:

>
>> I have checked the Windows XP boxes out and they are auto-configuring
>> their WPAD on other networks.
>>
>> On my home Linux based network (DNS, DHCPD, etc) IE doesn't even do
>> DNS lookups on wpad.ANYTHING. I turn on query logging on BIND on the
>> linux box and sure enough no wpad queries at all.
>>
>> The Wpad is waiting there to be used, but never gets asked for.
>>
>> Do you have any idea why this might be happenning ?
>
>
>
> Do windows clients get assigned correct domain names?

If by that you mean correct DNS suffix - then yes.

'wpad' resolves correctly to 192.168.0.200 - and
http://192.168.0.200/wpad.dat returns the script.

>
> I have tried to setup WPAD on numerous occassions - but the god damn
> thing is so broken in the Microsoft Internet Explorers from different
> releases of Windows and service packs that i finally gave up in
> frustration. Save yourself much headache - do it manually or use a
> proxy-script.

Cannot do it that way, as at one location I don't have control over
things and it is WPAD or nothing there.