Warning: the information on this page is not "official". In September 2018, Intel IT published their official page at https://wiki.ith.intel.com/display/proxy/Proxy+Users+Guide+Home
For computers and programs supporting the use of WPAD (Web Proxy Autodiscovery Protocol) (almost all web browsers, chromebooks and more) a WPAD configuration file is maintained by Intel IT and available at: http://wpad.intel.com/wpad.dat This is the official configuration used by all Windows systems maintained by IT so it's very unlikely to be broken - or at least never for very long.
If needed this can also be passed as a configuration URL, for example, to Mozilla Firefox and FoxyProxy. One possible reason one might have to explicitly set this URL is for instance because Intel IT does not set ".intel.com" as a DNS search domain in every location (same reason why http://goto.intel.com/TAC always works while http://goto/TAC only works in most places).
This (complex) configuration works better with internal intel.com sites thanks to various exclusion lists.
If you forget this URL you can find it quickly again on any IT system: Start Menu->type "proxy"->LAN settings.
Check https://intelpedia.intel.com/AWS_Administrative_Bastion_Host for background info.
Create ~/.ssh/config with the following line:
Host *.amazonaws.com ProxyCommand /usr/bin/nc -X 5 -x proxy-us.intel.com:1080 %h %p
Then start SSH with:
ssh -i "Key.pem" user@ec2.compute.amazonaws.com
Where Key.pem is the private key generated in AWS
Where user is the user in the AWS system
Where ec2.compute.amazonaws.com is the DNS of the AWS system
You can ssh into external systems with Secure IT's ssh client that is installed in our Linux server pool with:
ssh -o ProxyCommand='socat - "socks5:%h:%p|tcp:proxy-socks.<site>.intel.com:1080"' SOME_EXTERNAL_TO_INTEL_SITE
You can also add this to your $HOME/.ssh/config file to simplify retyping (change <site> to your site, jf/sc/fm/us etc.):
Host example.com ProxyCommand nc -X 5 -x proxy-<site>.intel.com:1080 %h %p
Then type on the command line, for example: ssh somelogin@example.com
Add this to your ~/.ssh2/ssh2_config
:
github.com: ProxyCommand /usr/intel/bin/socat - "socks5:%h:%p|tcp:proxy-socks.<site>.intel.com:1080"
With GIT
/usr/intel/pkgs/git/2.17.0/bin/git clone --config http.sslVersion=tlsv1.2 ssh://git@github.com/mmccoo/vocab.git
With netcat
Modification of your .ssh/config file on a host where you use openssh you can modify your .ssh/config file to include
Host * ProxyCommand nc -X 5 -x proxy-us.intel.com:1080 %h %p
Please don't modify your system's master config file /etc/ssh/ssh_config file, this affects all users and probably isn't what you want to do. On OpenSuse or SLES/SLED the 'netcat' provided here is netcat-openbsd. Be sure each Host directive has a full empty line between entries in your config files.
If your system does not have BSD netcat, e.g. you run Fedora, consider using this ProxyCommand instead.
Host * ProxyCommand nc --proxy-type socks5 --proxy proxy-us.intel.com:1080 %h %p
Debian Linux netcat's nc command does not support -X, -x, --proxy, and --proxy-type, so use connect-proxy instead:
Host * ProxyCommand connect-proxy -S proxy-us.intel.com:1080 %h %p
With connect.exe
If you do not have netcat installed, but you have connect.exe (which is the case for MinGW):
Inline:
ssh -o ProxyCommand='connect -S proxy-us.intel.com:1080 %h %p' externalsite.com
Using ~/.ssh/config:
Host * ProxyCommand connect -S proxy-us.intel.com:1080 %h %p
To clone an http git URL (note: this does *NOT* work for git:// urls), inside Linux, do something like:
setenv http_proxy proxy-chain.intel.com:911 git clone http://github.com/tpope/vim-fugitive.git
To clone an http git URL, inside Windows, do something like:
git config --global http.proxy http://proxy-chain.intel.com:911 git clone --recursive https://github.com/spf13/spf13-vim.git
To clone an ssh git URL through the socks proxy (tested on OS X 10.8), do the following
1. Install connect (a socks proxy utility) using homebrew (or MacPorts) or your local package manager:
brew install connect
2. In your shell startup script (i.e. ~/.profile
), set the following environment variables:
export SSH_SOCKS_SERVER='proxy-us.intel.com:1080' export GIT_PROXY_COMMAND='~/bin/socks_connect'
3. Create a text file called ~/bin/socks_connect
with the contents:
#!/usr/bin/env bash connect -5 -S $SSH_SOCKS_SERVER $*
4. Make the script executable:
chmod +x ~/bin/socks_connect
Cloning git:// in Linux
Requirement : socat
1. Create the proxy file at ~/bin/gitproxy
mkdir ~/bin vi ~/bin/gitproxy
2. Copy these lines to the gitproxy file and save it. You can replace 'png' with a local proxy server for better speed. For example, in the US, use proxy-jf.intel.com
.
#!/bin/bash PROXY=proxy.png.intel.com exec socat STDIO SOCKS4:$PROXY:$1:$2
3. Edit ~/.gitconfig and put these lines in. Edit gitproxy, name and email.
[core] editor = vi gitproxy = /home/<linux username>/bin/gitproxy [user] name = <full name> email = <Intel email address>
4. Make the script executable:
chmod u+x ~/bin/gitproxy
The following shell script will set up Intel proxies on Ubuntu. The script has been tested on Ubuntu 12.04, 14.04, 16.04.2, and 18.04, but will probably work on other versions as well. Run it as follows:
wget --no-proxy --no-check-certificate https://intelpedia.intel.com/images/8/88/Setup_intel_proxy.sh.zip unzip Setup_intel_proxy.sh.zip chmod +x setup_intel_proxy.sh sudo ./setup_intel_proxy.sh
Matthew Fernandez: why does the above script set include 134.134.0.0/16 in no_proxy? At first I thought this was a mistake and it was supposed to be the private rage 172.16.0.0/12 (which is also missing), but after looking up 134.134.0.0/16 it seems this might be a range assigned to Intel in Hillsboro. Is this range universally reachable without a proxy for users outside US?
Linux/UNIX/MinGW users who are using clients not capable of auto-configuration will want to define these environment variables.
export http_proxy=http://proxy-chain.intel.com:911 export https_proxy=http://proxy-chain.intel.com:912 export ftp_proxy=http://proxy-chain.intel.com:911 export socks_proxy=http://proxy-us.intel.com:1080 export no_proxy=intel.com,.intel.com,localhost,127.0.0.1
On OpenSuse or SLES look at /etc/sysconfig/proxy
or use yast proxy
, on other platforms consider modification of /etc/environment
or ~/.bashrc
Ubuntu 12.04.4 LTS, Precise Pangolin Example
Manual Configuration
/etc/environment
filesudo vi /etc/environment
http_proxy=http://proxy-chain.intel.com:911 https_proxy=http://proxy-chain.intel.com:912 ftp_proxy=http://proxy-chain.intel.com:911 socks_proxy=http://proxy-us.intel.com:1080 no_proxy=intel.com,.intel.com,localhost,127.0.0.1
/etc/sudoers
file with visudo
. To use nano, instead run sudo EDITOR=nano visudo /etc/sudoers
.sudo visudo -f /etc/sudoers
Defaults env_reset
Defaults env_keep += "http_proxy https_proxy ftp_proxy socks_proxy no_proxy"
/etc/apt/apt.conf
filesudo vi /etc/apt/apt.conf
Acquire::http::proxy "http://proxy-chain.intel.com:911"; Acquire::https::proxy "http://proxy-chain.intel.com:912";
From a Windows cmd shell, do something like:
set http_proxy=http://proxy-chain.intel.com:911 cpan
To pass proxy parameters to java.exe in Windows:
java.exe -Dhttp.proxyHost=proxy-chain.intel.com -Dhttp.proxyPort=911 -Dhttps.proxyHost=proxy-chain.intel.com -Dhttps.proxyPort=912
To install packages in Sublime Text 3 using Package Control, the proxy needs to be specified in Package Control settings: Preferences > Package Settings > Package Control > Settings - User
{ "http_proxy": "proxy-chain.intel.com:911" }
If you see error message InvalidCertificateException add these lines to the same config :
"downloader_precedence": { "linux": [ "curl", "urllib", "wget" ], "osx": [ "urllib" ], "windows": [ "wininet" ] }
Add the following to ~/.subversion/servers:
http-proxy-host = proxy-us.intel.com http-proxy-port = 911
Upon launch, go to sign in screen. Find the link to settings and enter:
Type: HTTP
Address: proxy-chain.intel.com
Port: 911
Username: <Leave Blank>
Password: <Leave Blank>
After entering, press "Update Proxy". Back at the login, you must use Spotify username/password credentials, logging in with email (versus username) will not work and login with Facebook will not work. After initial login, if nothing seems to load, File -> Exit and reopen.
Launch Notepad++ with administrator privileges?
(Help Menu) -> Set Updater Proxy...
Proxy server: proxy-chain.intel.com
Proxy port: 911
Plugins
-> Plugin Manager
-> Show Plugin Manager
Click Settings button
Proxy address : proxy-chain.intel.com
Proxy port: 911
Configure->Settings->Network
Type: SOCKS5 proxy
Hostname: proxy-us.intel.com
Port: 1080
Username:
Password:
File->Preferences->User Settings In settings.json add: {
"http.proxy": "http://proxy-chain.intel.com:911", "https.proxy": "https://proxy-chain.intel.com:912"
}
To install packages using npm for node.js set the proxy by executing the following:
npm config set proxy http://proxy-chain.intel.com:911 npm config set https-proxy http://proxy-chain.intel.com:912 npm config set strict-ssl false set HTTP_PROXY=http://proxy-chain.intel.com:911 set HTTPS_PROXY=http://proxy-chain.intel.com:912 npm --without-ssl --insecure install
Run
apm config set proxy "http://proxy-chain.intel.com:911" apm config set https_proxy "https://proxy-chain.intel.com:912" npm config set proxy "http://proxy-chain.intel.com:911" npm config set https_proxy "https://proxy-chain.intel.com:912"
(Note that apm may not be on your path. Usually found in C:\Users\<USER>\AppData\Local\atom\app-<VERSION>\resources\app\apm\bin).
If it does not exist, create the file .gradle/gradle.properties in your home directory.
Add to .gradle/gradle.properties:
systemProp.http.proxyHost=proxy-chain.intel.com systemProp.http.proxyPort=911 systemProp.http.nonProxyHosts=*.intel.com|localhost
systemProp.https.proxyHost=proxy-chain.intel.com systemProp.https.proxyPort=912 systemProp.https.nonProxyHosts=*.intel.com|localhost
Make a file called .bowerrc in your home directory which contains the following:
{ "directory": "bower_components", "registry": "https://bower.herokuapp.com", "https-proxy": "http://proxy-chain.intel.com:912" }
If .bowerrc already exist, add
"https-proxy": "http://proxy-chain.intel.com:912"
Prior to 0.5.0 you need to execute the following in the <path to Julia>\Git\cmd\ directory
git config --global url."https://github.com/".insteadOf git://github.com/ git config --global http.proxy http://proxy-chain.intel.com:911 git config --global https.proxy https://proxy-chain.intel.com:912
You may also need to delete your .julia folder located somewhere like c:\Users\<username>\.julia and then run Pkg.init() from inside Julia.
After 0.5.0 you just need to set your proxy environment variables.
sudo gem install rake -p "http://proxy-chain.intel.com:911"
Note - it seems that the "-p" argument shown above does not work, and instead the environment variable HTTP_PROXY should be set to this path. For example (c-shell example given here):
setenv HTTP_PROXY http://proxy-chain.intel.com:911 sudo gem install rake
Add the following environment variables to your system:
HTTP_PROXY=http://proxy-chain.intel.com:911 HTTPS_PROXY=http://proxy-chain.intel.com:912
And/Or use the vagrant-proxyconf plugin
Create the file $HOME/.m2/settings.xml with the following content:
<settings> <proxies> <proxy> <id>http</id> <active>true</active> <protocol>http</protocol> <host>proxy-chain.intel.com</host> <port>911</port> <nonProxyHosts>intel.com</nonProxyHosts> </proxy> <proxy> <id>https</id> <active>true</active> <protocol>https</protocol> <host>proxy-chain.intel.com</host> <port>912</port> <nonProxyHosts>intel.com</nonProxyHosts> </proxy> </proxies> </settings>
Anaconda Python
Make a file called .condarc in your $HOME directory which contains
proxy_servers: http: http://proxy-chain.intel.com:911 https: https://proxy-chain.intel.com:912
In Windows, $HOME is C:\Users\<YOUR USERNAME>
NOTE:
In order to install Natural Language Processing Toolkit in Anaconda: a) First run: nltk.set_proxy('http://proxy-chain.intel.com:911') b) Then run: nltk.download()
NOTE:
To install other packages without using 'conda install package_name' add the following code after importing 'os' package: import os os.environ['http_proxy'] = 'http://proxy-chain.intel.com:911' os.environ['HTTP_PROXY'] = 'http://proxy-chain.intel.com:911' os.environ['https_proxy'] = 'https://proxy-chain.intel.com:912' os.environ['HTTPS_PROXY'] = 'https://proxy-chain.intel.com:912'
Pip Python
command line
pip3 --proxy https://proxy-chain.intel.com:911 <...>
config file
Create the file pip.ini . On windows, located at: %APPDATA%\pip\pip.ini
Add these lines:
[global] proxy = http://proxy-chain.intel.com:911
src: https://stackoverflow.com/a/43473312
Make a file called .wgetrc in your $HOME directory (or the directory of whatever depends on wget) which contains
http_proxy=http://proxy-chain.intel.com:911 https_proxy=https://proxy-chain.intel.com:912 ftp_proxy=http://proxy-chain.intel.com:911
or set these as environmental variables as described in the section above. More details here.
Add the following environment variable if you experience problems passing the proxy args to imbedded curl calls.
export ALL_PROXY='socks5://proxy-us.intel.com'
(Windows)
Under Preferences/Network Connections:
in "Active Provider" drop down menu: select "Manual"
fill table Proxy entries as following:
Schema | Host | Port | Provider | Auth | User | Password |
---|---|---|---|---|---|---|
HTTP | proxy-chain.intel.com | 911 | Manual | No | ||
HTTPS | proxy-chain.intel.com | 912 | Manual | No |
(Linux)
same as above, but you might need to use a local proxy instead, like proxy-mu.
NOTE: under Proxy bypass you might add other local (test) servers that not require proxies
General SOCKS support in docker should now also be in main-stream code, see https://github.com/docker/docker/pull/20366
On Ubuntu Linux 14.04 Make sure docker daemon runs with http_proxy env variable defined (e.g., in /etc/default/docker).
On Ubuntu Linux 16.04 and beyond. As a result of OS using systemd; the docker daemon need extra configuration. Follow instructions from https://docs.docker.com/engine/admin/systemd/#http-proxy
Notice The docker service file might be /lib/systemd/system/docker.service
For the pre-Windows 10 versions of Docker and Kitematic start the virtualbox host with
docker-machine rm default docker-machine create -d virtualbox --engine-env HTTP_PROXY=http://proxy-chain.intel.com:911 \ --engine-env HTTPS_PROXY=https://proxy-chain.intel.com:912 \ --engine-env NO_PROXY=192.168.99.100 default
When you start Kitematic it will initially show an error, but just click "Use Virtualbox".
On Windows 10 (using Docker for Windows), right click on the Docker icon in the notification area, select Settings. Then click Proxies. Select "Manual proxy configuration" and enter the following then click Apply.
Web Server (HTTP): http://proxy-chain.intel.com:911 Secure Web Server (HTTPS): http://proxy-chain.intel.com:912 Bypass for these hosts: intel.com,.intel.com,localhost,127.0.0.1
Add the following line to /etc/yum.conf
proxy=https://proxy-chain.intel.com:912
Fedora 24 and newer, update into /etc/dnf/dnf.conf (Use the http version, dnf doesn't like https proxy)
proxy=http://proxy-chain.intel.com:911
To download and install Rust using rustup, download rustup-init here: https://www.rust-lang.org/install.html. Then run rustup-init.exe.
For more information, see https://github.com/rust-lang-nursery/rustup.rs#working-with-network-proxies
On Windows:
The easiest way is to create a permanent environmental variable. To create an environmental variable, right-click the Start button and go to System
-> Advanced system settings
-> Advanced
tab -> Environment Variables...
-> (Under System variables) New...
. Set Variable name
to https_proxy
, set Variable value
to socks5://proxy-us.intel.com:1080
, and click OK
. Then run rustup-init.exe.
Alternatively, to temporarily set an environmental variable before running rustup-init.exe, open up a terminal where rustup-init.exe is.
In Command Prompt, run this command:
set https_proxy=socks5://proxy-us.intel.com:1080
If using PowerShell, run this instead:
$env:https_proxy = "socks5://proxy-us.intel.com:1080"
Then run ./rustup-init.exe.
After obtaining a username and then downloading and configuring your private SSH key, add to your account's ~/.ssh/config. Adjust u9999/9999 as appropriate.
Host colfax User u9999 HostName localhost Port 4022 IdentityFile ~/.ssh/colfax-access-key-9999 ProxyCommand ssh -T colfax-via-proxy Host colfax-via-proxy User guest HostName cluster.colfaxresearch.com IdentityFile ~/.ssh/colfax-access-key-9999 LocalForward 4022 c009:22 # (Windows) ProxyCommand connect.exe -S proxy-us.intel.com:1080 %h %p # (Mac) ProxyCommand nc -X 5 -x proxy-us.intel.com:1080 %h %p # (Unix) ProxyCommand nc -x proxy-us.intel.com:1080 %h %p
Usage: ssh colfax
SecureCRT and SecureFX clients support SSH and SFTP, respectively. It is a commercial product for MS Windows from VanDyke Software. It is similar to the F-Secure SSH Client.
To configure SecureCRT/FX:
To reach a chat server outside the Intel network, Pidgin (or another IRC client) can be configured with the following settings:
Basic Tab:
Protocol: IRC Username: (any nickname you choose, but it has to be something) Server: irc.freenode.net No password
Advanced Tab:
Port: 6697 Encodings: UTF-8 Check “Use SSL”
Proxy Tab:
Proxy type: SOCKS 5 Host: proxy-us.intel.com (or your local equivalent, see below) Port: 1080
Other Intel proxies besides proxy-us.intel.com include proxy-jf, proxy-sc, proxy-iind, proxy-iild, proxy-ir, proxy-mu, proxy-png, proxy-prc, all ending with .intel.com.
There are two types of proxy servers at Intel.
These servers provide proxy access between Intel and the public internet. The DMZ proxy servers operate in clustered pools that sit behind load balancers which will distribute your traffic up among the proxy servers as well as provide redundancy for when a proxy server is down for maintenance. The DMZ proxy servers can only access external content, and cannot access internal content or web pages. The proxy-us.intel.com
address is the load balanced address for the DMZ proxy servers in the US (there are other Intel DMZ proxy pools for Ireland, Israel, Malaysia, China, Germany, and India). The proxy-us.intel.com
address is actually split between two separate pools, One in JF (proxy-jf.intel.com
) and one in FM (proxy-fm.intel.com
). Using the proxy-us.intel.com
address is the recommended DMZ address in the US, as it provides very high redundancy across two campuses, and two separate Internet Service providers. There are many legacy DNS address for various campuses such as proxy-hf.intel.com
, or proxy-ch.intel.com
, which all point back to proxy-us.intel.com
.
Internal proxy servers enable access to internal intel resources such as SharePoint sites etc…, these proxy servers do not have access to the Internet, however they are configured with forwarding policies that will forward queries to external websites to the DMZ proxy servers. When you hear the phrase “proxy-Chain”, this is referring to the “chain” of proxy servers that start at the Internal proxy’s, then forward requests to the external proxys’s if necessary. Additionally the proxy-chain.intel.com
address is a geographically aware DNS address on the load balancers, which will direct your traffic to the nearest Internal proxy server to your location, then to the nearest DMZ proxy server. This behavior is especially useful when you are fetching both internal and external resources using clients that do not understand NO_PROXY; by using the proxy chain, you send all requests to a proxy that does know the difference.
Another concept to understand is the autoproxy.
Intel uses an Autoproxy system based on the industry standard WPAD (Web Proxy Auto discovery) protocol. When your web browser is configured to use “Automatically detect settings” it will look up and contact one of the many WPAD servers we run, which will dynamically generate (based on your geographical location, IP network range, and other variables) a file called WPAD.DAT, which is a large JavaScript file that will tell your browser where to direct traffic. For example, the WPAD.dat file will tell your browser to send traffic to the DMZ proxy servers for external websites, and the Internal proxy servers for internal websites. Additionally we will use JavaScript to force traffic for some specific sites out specific proxy servers, typically in cases where the destination has whitelisted a specific IP range for us to access secure content. If you would like to inspect the WPAD.dat file yourself in more detail, you can simply point your browser to http://wpad.intel.com/wpad.dat and save the file, you can then open it as a text file and view the javascript that will be passed to your browser.
Another point to mention is the different between HTTP, and SOCKS proxy servers. HTTP proxy servers, as their name implies can only handle HTTP and HTTPS traffic, and cannot handle traffic for other protocols (such as SSH, Telnet, IM Protocols, etc…). SOCKS (or more specifically SOCKS5) is a protocol that will enable almost any application to work via the proxy servers, as long as the application supports SOCKS, and the require port has been approved by Intel InfoSec and enabled on the Firewalls. For example, if you wanted to SSH out of Intel, you could configure an application like Putty to use “proxy-us.intel.com” port 1080 using the SOCKS5 protocol, and would then be able to SSH via the Intel firewalls to external hosts.
Proxy ports serve to distinguish between the type of traffic and protocol, so the load balancers and proxy servers know what type of traffic they are dealing with. Standard HTTP traffic should use port 911, HTTPS/SSL traffic should use port 912, SOCKS5 traffic should use port 1080. The primary reason for distinguishing between HTTP and HTTPS traffic is session persistency. HTTP traffic will only have a session persistency of 30 seconds via our load balancers, meaning that your traffic will only be sent to the same proxy server for up to 30 seconds before the load balancers will direct traffic to another proxy server in order to effectively balance the massive volume of internet traffic we generate. Such short session persistency time will break HTTPS however, because if the load balancer changes traffic to a different proxy server in the middle of a session, that will change your external IP address, which will break the encrypted SSL session, as it will look like someone trying to inject data into the secure session, and the remote host will terminate the session. For this reason we use port 912 with HTTPS traffic, which will use a 1 hour session timer, which is long enough for almost all secure sessions.
SOCKS connection not working for proxy-chain.intel.com
As of at least 2018-08-21, SOCKS connections to port 1080 do not seem to work for the server "proxy-chain.intel.com". It seems that SOCKS connections are only able to work to site-specific / country-specific servers such as "proxy-us.intel.com" as well as "proxy-socks.fm.intel.com", etc. Does anyone know the reason for this? Is "proxy-chain.intel.com" using some other port for SOCKS, or is SOCKS not supported at all on that server? Can someone with information about this please document it here? Thanks, --Mpelstei (talk) 11:35, 21 August 2018 (PDT)
The single gateway that other companies use that does not require individual applications/systems to be configured, is called “transparent” proxy mode. Intel uses what’s referred to as “Explicit” proxy mode.
Transparent proxy servers are used in scenarios where the primary reason you have implemented proxy servers is for Content control (restricting inappropriate work websites), and caching. Transparent proxy mode requires no proxy configuration on any applications, as the network will use policy based routing to direct all HTTP/HTTPS traffic to the proxy servers automatically. Non HTTP/HTTPS traffic, however, will be directed around the proxy servers, allowing them to connect directly to the internet. While this is very convenient, it is also much less secure, and Intel Information Security policy prevents us from operating transparent proxy servers.
One of the primary advantages from a security perspective of using explicit proxy servers is that it complements the company's Data Loss Prevention procedures, by making it much more difficult for unauthorized data exfiltration. For example, if a Virus made it into the Intel network and was attempting to collect sensitive data and send it back out using FTP, the virus would be unable to send the traffic out of Intel without detailed knowledge of our proxy infrastructure, as the virus would need to be configure to use the appropriate Intel proxy servers. This is particularity important at a company like Intel where our intellectual property is worth many billions of dollars. Additionally, the Transparent proxy mode does not scale as well for high bandwidth scenarios, or companies with a worldwide footprint.
Note that the load balanced records (like proxy.sc.intel.com and proxy.fm.intel.com) will not respond to ping commands, and that is expected. The individual machines, e.g. proxy-chain.glb.intel.com will respond to ping.
If the application uses non-standard ports for access, then IT Service Operations will need to get a request to the proxy team to enable those specific ports.
Contact:
GSM Infrastructure IT Service Operations / Technical Assistance Center (TAC) [1]
Use the following script as proxy command if you need to use ssh/git/etc.. from inside and outside the Intel network:
#!/usr/bin/perl -w my $nc = '/usr/bin/nc'; my ($host, $port) = @ARGV; my $proxy = 'proxy-us.intel.com'; if ($host !~ /\./ || $host =~ /(^|\.)intel\.com$/ || $host =~ /^(10|172\.1[6789]|172\.2[0-9]|172\.3[01]|192\.168|192\.0\.2|143\.183|134\.134)\./ || ! gethostbyname($proxy) ) { exec($nc, $host, $port); } else { exec($nc, '-X', '5', '-x', $proxy.':1080', $host, $port); }
This script requires netcat.
Connecting to a web server:
nc -X 5 -x proxy-us.intel.com:1080 google.com 80
nc -X connect -x proxy-chain.intel.com:911 google.com 80
nc -X 5 -x proxy-us.intel.com:1080 login.trilug.org 22
Proxy Servers at Intel are managed by DNS Engineering. To see the proxy server settings, simply surf to autoproxy.intel.com and open the file (JavaScript syntax) which opens at this location.
If you know that your application needs a direct proxy server, you can find one at this listing of Intel proxy servers. (Use port 911 for the proxy server. For PuTTY proxy configuration, setting to port 1080 and using SOCKS5 appears to work.)