Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 30 November 2024, 10:36:11 pm

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Proxy autoconfig script problem
0 Members and 4 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Proxy autoconfig script problem  (Read 28551 times)
pnacci
Jr. Member
*
Offline Offline

Posts: 7


« on: Monday 23 March 2009, 10:27:56 pm »

Version: Endian Firewall Community release 2.2.rc3
My zones: GREEN and BLUE
Proxy requires auth on GREEN and BLUE
Proxy port: 8080

Everything is OK if I set up client with manual proxy, but I need auto-configure for laptops and using "auto configure proxy" feature (IE7) efw always returns "DIRECT"

returned proxy.pac:

function FindProxyForURL(url, host)
{
        if (isPlainHostName(host) ||
                shExpMatch( url, "*MY_PROXY_IP*" ) )
                return "DIRECT";
        else if (host == "127.0.0.1")
                return "DIRECT";
        else if (isInNet(host, "MY_LAN_NETWORK", "MY_LAN_NETMASK"))
                return "DIRECT";

       else
                return "DIRECT";

}

Line in bold come from lines 92-93 of perl script:
if ($ip eq '' || $port eq '') {
    print '                return "DIRECT";';
}

$ip contains external ip address (requested address)
$port is empty  Huh

Any clue?
Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #1 on: Wednesday 25 March 2009, 05:42:53 am »

I would guess your proxy is setup for transparent proxy. If thats the case i dont know why you even need a WPAD script.
Logged
pnacci
Jr. Member
*
Offline Offline

Posts: 7


« Reply #2 on: Wednesday 25 March 2009, 06:22:13 am »

This is /var/efw/proxy/settings file:

LOGGING=on
PROXY_BLUE=auth
MEM_POLICY=
ADMIN_MAIL_ADDRESS=
PROXY_GREEN=auth
VISIBLE_HOSTNAME=***********
L1_DIRS=
ALLOW_BLUE_GREEN_ACCESS=on
CACHE_POLICY=
UPSTREAM_PASSWORD=
ERR_LANGUAGE=Italian
UPSTREAM_USER=
LOG_FIREWALL=on
UPSTREAM_PROXY=
PROXY=on

Is there another place where proxy is set up as "transparent"?

Btw, I need WPAD to assign users the right proxy and remove default GW from their net config (through dhcp/dns). I can't put fixed proxy config in their browser because some are laptops (when on travel moible users need to connect from hotel, or wi-fi spots).


Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #3 on: Saturday 28 March 2009, 08:00:50 am »

Transparent proxy works by setting the default gateway tward the router and the router deciding where that traffic should go.

Automatic WPAD's work by DHCP or DNS.  What happens is when a client is set to automatically detect settings, it first tries to do a DHCP query for a scope option 252 WPAD, that returns a URL to the proxy.pac file. If that fails it tries to connect to the dns name WPAD in your default seach domain returned by DHCP. It then sends a http request for wpad.dat in the root directory, that returns a your output.

Proxy.pac's are identical to wpad.dat files, just a different name. the proxy.pac is generally used when doing the automatic proxy config url.

It should return where you want the requests to goto. so if your proxy is 10.2.3.4 on port 8080 it would return:

return "10.2.3.4:8080"

If your script returns "DIRECT" It goes the normal routing path, aka your default gateway.

The If's just give the ability to stop the client from sending internal traffic, and localhost requests,  through your proxy.

Personally i dont use the built in proxy.pac with endian, i have a intranet server setup with a site returning a static file(s). I have DNS and DHCP options both setup.

Hope this helps.
Logged
pnacci
Jr. Member
*
Offline Offline

Posts: 7


« Reply #4 on: Monday 30 March 2009, 04:57:36 am »

Got it!

There probably a bug in 2.2.rc3 advproxy.cgi. If you setup values in proxy settings web page of firewall and press "save" resulting file (/var/efw/proxy/settings) is saved (and with correct values) but when you press APPLY config is rewritten and mostly empty:

MEM_POLICY=
L1_DIRS=
UPSTREAM_PASSWORD=
UPSTREAM_USER=
LOG_FIREWALL=on
PROXY=on
UPSTREAM_PROXY=
LOGGING=on
PROXY_BLUE=transparent
ADMIN_MAIL_ADDRESS=
PROXY_GREEN=auth
VISIBLE_HOSTNAME=myproxyname
ALLOW_BLUE_GREEN_ACCESS=on
CACHE_POLICY=
ERR_LANGUAGE=Italian

My version is:
Linux version 2.6.22.19-72.endian15 (root@raphael-desktop) (gcc version 4.1.2 20070626 (Endian 4.1.2-14)) #1 SMP Mon Sep 8 11:49:17 EDT 2008

advproxy.cgi date is Aug 28 2008
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.102 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com