Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 06 December 2024, 12:38:49 am

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  How to Block the secondary line for the proxy authentication users
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: How to Block the secondary line for the proxy authentication users  (Read 12794 times)
wijendra
Jr. Member
*
Offline Offline

Posts: 3


« on: Thursday 14 January 2010, 02:06:31 pm »

Dear All,

I have installed another endian firewall with two Red interfaces. One interface for the Broad Band connection(Main link Link) and other interface for the dedicated line(Secondary link). Now I want to do is proxy authenticated users from green interface to access internet only using main link. They should not be able to use internet through secondary link even if the main link is down.

I had tried out my requirement in the following ways.

Then Section: Firewall -> Outgoing traffic -> Current rules -> I had altered the existing policy to block the port 80 for secondary link
 

2.  Section: Network -> Interface -> Up Link Editor -> I have edited the secondary link by enabling(Checked) the “Uplink is Managed” and removing (Unchecked) the “ If this uplink fails activate”

 
This configuration only works for transparent proxy, but it did not work for the authentication proxy users. My requirement is to block or not used the secondary line for the proxy authentication users.


Please advice me if this is possible with the endian firewall.


Regards,

Wijendra.


Logged
mithun
Full Member
***
Offline Offline

Posts: 11


« Reply #1 on: Saturday 16 January 2010, 07:32:39 am »

Can this be done using routing,static  policy?

i too have two wan ports and 1 lan. i want to be able to make all web, browsing, ftp, smtp,pop3 etc on WAN1 through proxy and my asterisk box on WAN2.

Any advice is appreciated.

Thanks,
Mithun
Logged
Di4bLo
Full Member
***
Offline Offline

Posts: 39


« Reply #2 on: Friday 14 May 2010, 06:55:04 pm »

I don't think the routing policies working with proxy because when a client asks for a connection to the proxy, the source ip is always the proxy.
This is my opinion but I'm still studying it.
Logged
Di4bLo
Full Member
***
Offline Offline

Posts: 39


« Reply #3 on: Saturday 15 May 2010, 08:27:47 pm »

This confirm what I said. Taken From Endian Knowledge Base):

Quote
Why can't I block connections from clients with the outgoing firewall which pass a proxy?
 
If a proxy will be used for a certain service (HTTP, POP, SMTP, DNS, ...) firewall rules in the ougoing firewall will take no effect, because of the very proper nature how proxies do work.

Connections from a client will be intercepted by the proxy on Endian Firewall (transparent mode) or go directly to the firewall, but never go through the firewall. The proxy then starts a new connection to the real destination, gets the data and sends it to the client. Those connections always start from the Firewall and not from the client, which hides the clients internal ip address. Such connections never go through the outgoing firewall, since in fact they are local connections.

You can use the network based access control of the respective proxy (if implemented) to block connections of certain clients.
 

 Cry
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com