Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 01 November 2024, 07:22:53 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14248 Posts in 4376 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Simple question concerning transparent proxy (efw 2.4)
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Simple question concerning transparent proxy (efw 2.4)  (Read 25223 times)
highlander
Jr. Member
*
Offline Offline

Posts: 6


« on: Tuesday 17 August 2010, 01:24:18 am »

I've set up a simple configuration of efw 2.4. Generally works fine.

However, when I enable the transparent proxy the browsers can't see anything. My intention for now is to simply have efw redirect http traffic through the proxy for virus scanning and content filtering--without clients having to change browser settings and without any user/group authentication. (Even when I change browser settings, I can't find a configuration that works. All HTTP traffic seems to be blocked.)

Any ideas?

Thanks in advance!
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Tuesday 17 August 2010, 03:45:02 am »

Do you have a rule to allow browsing?
Logged
highlander
Jr. Member
*
Offline Offline

Posts: 6


« Reply #2 on: Tuesday 17 August 2010, 06:34:53 am »

Thanks for the response.

Apparently, I'm still not understanding the issue. On the HTTP Proxy | Access Policy tab, I created and enabled a policy: (unfiltered access, GREEN, ANY, not required, Always, ANY). I left the defaults on the Configuration tab, hit the save and apply buttons. Still no luck. Are rule/policy the same thing? Or should I be changing configuration elsewhere?
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #3 on: Tuesday 17 August 2010, 06:57:53 am »

HTTP Transparent proxy usually is very simple to run.
-Enable HTTP Proxy
-Then change to transparent
-After that, create a filter profile
-Finally, create a rule that uses that content filter.
-Apply changes and that's all.

Are both antivir & Content Filter services running? Check them on status
Logged
highlander
Jr. Member
*
Offline Offline

Posts: 6


« Reply #4 on: Tuesday 17 August 2010, 07:21:54 am »

Thanks for your patience.

Status says HTTP antivirus (havp) and Content filter are both stopped. (How are they started?)

I'm using the default content filter (for now). What page/tab do I use to define a rule for this filter?
Logged
highlander
Jr. Member
*
Offline Offline

Posts: 6


« Reply #5 on: Sunday 22 August 2010, 02:53:26 pm »

Internet access works fine whenever the HTTP Proxy is disabled. Otherwise, the client cannot browse the internet.  Status page always shows the content filter is NOT running. I cannot find any configuration that starts the content filter. I believe I'm seeing this bug under efw 2.4: bugs.endian.com/view.php?id=534.

Any ideas? Thanks in advance!
Logged
logicasrl
Full Member
***
Offline Offline

Posts: 18


« Reply #6 on: Wednesday 08 September 2010, 07:06:51 pm »

I've got the same problem, after upgrading 2.2 to 2.4.

In 2.2 I had Transparent Proxy working without problems for years: it was acting on port TCP/80 and was completely "transparent" (working on port 80 without any authentication). When I upgraded to 2.4, the Proxy was simply disabled and lost partially its configuration.

Even if I enable the proxy, under "Status - Services" I've got always "Web Proxy" and "Content Filter" STOPPED.

I've also read that it is NO MORE possible to have transparent proxy on port TCP/80: I've indeed tried and it says that there is already another service active on port 80 (and in fact in "Status - Services" I see a "Web Server" in active status).

The question is simple: HOW is it possible to activate a proxy only for content filtering aims, WITHOUT requesting any authentication?

I've tried to leave the Proxy to port TCP/8080 and configure the Access Policy that you can find in attachment, but from a Firefox I did not manage to surf the web (in Firefox I set the IP of Endian FW and the port 8080, leaving all the rest to its default values). With Proxy stopped, everything works perfectly (but of course I have no content filtering)

Has someone got a suggestion about how to configure a "proxy WITHOUT authentication" in Endian Community Edition 2.4? Is there a 2.4 administrator guide (I don't find it on the web...)?

Thank you very much,
Luca Z.
Logged
highlander
Jr. Member
*
Offline Offline

Posts: 6


« Reply #7 on: Saturday 18 September 2010, 11:30:59 am »

Again, my problem is with the transparent proxy configuration for EFW 2.4. It does not work. I did a little more investigation. Squid is failing to start because request_body_max_size in squid.conf is not correctly specified. I checked the file and the entry is written 'request_body_max_size  KB'. I tried altering it to 'request_body_max_size 0 KB' which the squid docs say should support any size. However, when I start squid, the first output line says squid.conf is being written--it overwrites my correction with the original problem 'request_body_max_size  KB'. How can I correct this behavior?
Logged
highlander
Jr. Member
*
Offline Offline

Posts: 6


« Reply #8 on: Saturday 18 September 2010, 12:44:32 pm »

Solved!

Obviously, I'm a linux noob...but I finally got it. As I said in my last post, squid.conf had a bad entry: 'request_body_max_size  KB'. This was due to the fact that the startup mechanism was writing this value from a variable $MAX_OUTGOING_SIZE in squid.conf.tmpl. $MAX_OUTGOING_SIZE was never initialized so no number appeared with the request_body_max_size property setting in squid.conf. For now, I simply commented out the entry in squid.conf.tmpl. (The squid doc says the value defaults to 1 MB.) From there I could start squid, havp, clamd, and dansguardian. After verifying the system--both through a little surfing and through inspecting the dashboard/status pages--I rebooted the machine. It came up ok.

Case closed.

I'm wondering if I should reinstall squid. I notice the latest stable release is 3.1 and the version that came with Endian 2.4 is an older 2.x version.

Any recommendations?

Logged
immortal2010
Jr. Member
*
Offline Offline

Posts: 1


« Reply #9 on: Wednesday 22 September 2010, 04:07:53 pm »

hi hello every one..
am a newbie to EFW
well i am having the problem with transparent proxy configuration. I have two different issues.

1. I can't get the mails in my mail client like Evolution. However i can send the emails but don't see any emails in the inbox of my email clients. I think there is sth to be done with SMTP or HTTP proxy.


2. another issue is howto use the Authentication active in HTTP proxy. I have made a search in many forums regarding the user authentication. They said that with transparent proxy , user/group authentication is not available, however with non-transparent proxy, user authentication can be made.
pleas clear me with these doubts and if possible guidance too.

thanks in advance..
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com