I recently wrote a web service for E4SE, eBackoffice and PeachTree financial application (which is a financial app used by a branch office) integration, since our E4SE/EBO servers are running on our data centre while PeachTree app runs at remote office and I don't yet have the access to the remote site, I have decided to write a web service to transfer the data output. I have to point out though, the core EBO procedures were written by our colleague not by me:-)
Here are the highly summarized steps:
1. use zip lib (dotnetzip etc) to compress multiple files into 1 archive;
2. Create web service method that has a return type of byte array, read the content of the zip archive and return it;
3. on client side, call the web service and catch the returned value into a MemoryStream, flush it into filestream;
4. if neccessary, write code to extract the zip file automatically
Thursday, February 25, 2010
Sunday, February 14, 2010
Transparent Proxy with squid
squid.conf:
* httpd_accel_host virtual
* httpd_accel_port 80
* httpd_accel_with_proxy on
* httpd_accel_uses_host_header on
* acl our_networks src xx.xx.xx.xx yy.yy.yy.0/24
//xx.xx.xx.xx -> ip for outgoing interface
//yy.yy.yy.0 -> internal IP
* http_access allow our_networks
* http_access allow localhost
* http_access deny all
Script for iptables:
// eth0 -> internal NIC
// eth1 -> outgoing NIC
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
* httpd_accel_host virtual
* httpd_accel_port 80
* httpd_accel_with_proxy on
* httpd_accel_uses_host_header on
* acl our_networks src xx.xx.xx.xx yy.yy.yy.0/24
//xx.xx.xx.xx -> ip for outgoing interface
//yy.yy.yy.0 -> internal IP
* http_access allow our_networks
* http_access allow localhost
* http_access deny all
Script for iptables:
// eth0 -> internal NIC
// eth1 -> outgoing NIC
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
policy based route and transparent proxy
Consider the following scenario:
you have a default gateway that connects to corporate WAN as well as providing external access, since internet access is occupying a significant amount of bandwidth, you want to redirect internet traffic to an alternative internet connection, probably local broadband link.
I have been thinking about a way to achieve this for sometime and came up with the idea:
1. use a logon scirpt to define route, direct all corporate traffic to use corporate WAN gateway and external access to use the alternative connection.
2. install linux + squid + iptables on the machine that connect directly to the local broadband, configure it as a transparent proxy to take advantage of caching.
this hasn't been tested yet, hopefully I will be able to build the lab when I get some spare time.
Continued:
this approach seems to be bit buggy and may not be the best option, I am looking into the following relevant topic: PBR, WPAD, WCCP and hopefully will find out something more robust.
the best way I can think of now is to add an interface to the WAN router which connect to the transparent proxy, configure the router with static route to corporate WAN interface for internal traffic and all other traffic to go thru the transparent proxy.
you have a default gateway that connects to corporate WAN as well as providing external access, since internet access is occupying a significant amount of bandwidth, you want to redirect internet traffic to an alternative internet connection, probably local broadband link.
I have been thinking about a way to achieve this for sometime and came up with the idea:
1. use a logon scirpt to define route, direct all corporate traffic to use corporate WAN gateway and external access to use the alternative connection.
2. install linux + squid + iptables on the machine that connect directly to the local broadband, configure it as a transparent proxy to take advantage of caching.
this hasn't been tested yet, hopefully I will be able to build the lab when I get some spare time.
Continued:
this approach seems to be bit buggy and may not be the best option, I am looking into the following relevant topic: PBR, WPAD, WCCP and hopefully will find out something more robust.
the best way I can think of now is to add an interface to the WAN router which connect to the transparent proxy, configure the router with static route to corporate WAN interface for internal traffic and all other traffic to go thru the transparent proxy.
Thursday, February 11, 2010
A simple iptables config file
*filter
-A INPUT -i lo -j ACCEPT
# -A INPUT –p tcp --syn -m limit --limit 5/second -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -s [IPADDR] -j DROP
-A INPUT -j DROP
COMMIT
-A INPUT -i lo -j ACCEPT
# -A INPUT –p tcp --syn -m limit --limit 5/second -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -s [IPADDR] -j DROP
-A INPUT -j DROP
COMMIT
Subscribe to:
Posts (Atom)