EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: wijendra on Thursday 14 January 2010, 02:06:31 pm



Title: How to Block the secondary line for the proxy authentication users
Post by: wijendra on Thursday 14 January 2010, 02:06:31 pm
Dear All,

I have installed another endian firewall with two Red interfaces. One interface for the Broad Band connection(Main link Link) and other interface for the dedicated line(Secondary link). Now I want to do is proxy authenticated users from green interface to access internet only using main link. They should not be able to use internet through secondary link even if the main link is down.

I had tried out my requirement in the following ways.

Then Section: Firewall -> Outgoing traffic -> Current rules -> I had altered the existing policy to block the port 80 for secondary link
 

2.  Section: Network -> Interface -> Up Link Editor -> I have edited the secondary link by enabling(Checked) the “Uplink is Managed” and removing (Unchecked) the “ If this uplink fails activate”

 
This configuration only works for transparent proxy, but it did not work for the authentication proxy users. My requirement is to block or not used the secondary line for the proxy authentication users.


Please advice me if this is possible with the endian firewall.


Regards,

Wijendra.




Title: Re: How to Block the secondary line for the proxy authentication users
Post by: mithun on Saturday 16 January 2010, 07:32:39 am
Can this be done using routing,static  policy?

i too have two wan ports and 1 lan. i want to be able to make all web, browsing, ftp, smtp,pop3 etc on WAN1 through proxy and my asterisk box on WAN2.

Any advice is appreciated.

Thanks,
Mithun


Title: Re: How to Block the secondary line for the proxy authentication users
Post by: Di4bLo on Friday 14 May 2010, 06:55:04 pm
I don't think the routing policies working with proxy because when a client asks for a connection to the proxy, the source ip is always the proxy.
This is my opinion but I'm still studying it.


Title: Re: How to Block the secondary line for the proxy authentication users
Post by: Di4bLo on Saturday 15 May 2010, 08:27:47 pm
This confirm what I said. Taken From Endian Knowledge Base):

Quote
Why can't I block connections from clients with the outgoing firewall which pass a proxy?
 
If a proxy will be used for a certain service (HTTP, POP, SMTP, DNS, ...) firewall rules in the ougoing firewall will take no effect, because of the very proper nature how proxies do work.

Connections from a client will be intercepted by the proxy on Endian Firewall (transparent mode) or go directly to the firewall, but never go through the firewall. The proxy then starts a new connection to the real destination, gets the data and sends it to the client. Those connections always start from the Firewall and not from the client, which hides the clients internal ip address. Such connections never go through the outgoing firewall, since in fact they are local connections.

You can use the network based access control of the respective proxy (if implemented) to block connections of certain clients.
 

 :'(