Title: Simple question concerning transparent proxy (efw 2.4) Post by: highlander on Tuesday 17 August 2010, 01:24:18 am I've set up a simple configuration of efw 2.4. Generally works fine.
However, when I enable the transparent proxy the browsers can't see anything. My intention for now is to simply have efw redirect http traffic through the proxy for virus scanning and content filtering--without clients having to change browser settings and without any user/group authentication. (Even when I change browser settings, I can't find a configuration that works. All HTTP traffic seems to be blocked.) Any ideas? Thanks in advance! Title: Re: Simple question concerning transparent proxy (efw 2.4) Post by: mrkroket on Tuesday 17 August 2010, 03:45:02 am Do you have a rule to allow browsing?
Title: Re: Simple question concerning transparent proxy (efw 2.4) Post by: highlander on Tuesday 17 August 2010, 06:34:53 am Thanks for the response.
Apparently, I'm still not understanding the issue. On the HTTP Proxy | Access Policy tab, I created and enabled a policy: (unfiltered access, GREEN, ANY, not required, Always, ANY). I left the defaults on the Configuration tab, hit the save and apply buttons. Still no luck. Are rule/policy the same thing? Or should I be changing configuration elsewhere? Title: Re: Simple question concerning transparent proxy (efw 2.4) Post by: mrkroket on Tuesday 17 August 2010, 06:57:53 am HTTP Transparent proxy usually is very simple to run.
-Enable HTTP Proxy -Then change to transparent -After that, create a filter profile -Finally, create a rule that uses that content filter. -Apply changes and that's all. Are both antivir & Content Filter services running? Check them on status Title: Re: Simple question concerning transparent proxy (efw 2.4) Post by: highlander on Tuesday 17 August 2010, 07:21:54 am Thanks for your patience.
Status says HTTP antivirus (havp) and Content filter are both stopped. (How are they started?) I'm using the default content filter (for now). What page/tab do I use to define a rule for this filter? Title: Re: Simple question concerning transparent proxy (efw 2.4) Post by: highlander on Sunday 22 August 2010, 02:53:26 pm Internet access works fine whenever the HTTP Proxy is disabled. Otherwise, the client cannot browse the internet. Status page always shows the content filter is NOT running. I cannot find any configuration that starts the content filter. I believe I'm seeing this bug under efw 2.4: bugs.endian.com/view.php?id=534.
Any ideas? Thanks in advance! Title: Re: Simple question concerning transparent proxy (efw 2.4) Post by: logicasrl on Wednesday 08 September 2010, 07:06:51 pm I've got the same problem, after upgrading 2.2 to 2.4.
In 2.2 I had Transparent Proxy working without problems for years: it was acting on port TCP/80 and was completely "transparent" (working on port 80 without any authentication). When I upgraded to 2.4, the Proxy was simply disabled and lost partially its configuration. Even if I enable the proxy, under "Status - Services" I've got always "Web Proxy" and "Content Filter" STOPPED. I've also read that it is NO MORE possible to have transparent proxy on port TCP/80: I've indeed tried and it says that there is already another service active on port 80 (and in fact in "Status - Services" I see a "Web Server" in active status). The question is simple: HOW is it possible to activate a proxy only for content filtering aims, WITHOUT requesting any authentication? I've tried to leave the Proxy to port TCP/8080 and configure the Access Policy that you can find in attachment, but from a Firefox I did not manage to surf the web (in Firefox I set the IP of Endian FW and the port 8080, leaving all the rest to its default values). With Proxy stopped, everything works perfectly (but of course I have no content filtering) Has someone got a suggestion about how to configure a "proxy WITHOUT authentication" in Endian Community Edition 2.4? Is there a 2.4 administrator guide (I don't find it on the web...)? Thank you very much, Luca Z. Title: Re: Simple question concerning transparent proxy (efw 2.4) Post by: highlander on Saturday 18 September 2010, 11:30:59 am Again, my problem is with the transparent proxy configuration for EFW 2.4. It does not work. I did a little more investigation. Squid is failing to start because request_body_max_size in squid.conf is not correctly specified. I checked the file and the entry is written 'request_body_max_size KB'. I tried altering it to 'request_body_max_size 0 KB' which the squid docs say should support any size. However, when I start squid, the first output line says squid.conf is being written--it overwrites my correction with the original problem 'request_body_max_size KB'. How can I correct this behavior?
Title: Re: Simple question concerning transparent proxy (efw 2.4) Post by: highlander on Saturday 18 September 2010, 12:44:32 pm Solved!
Obviously, I'm a linux noob...but I finally got it. As I said in my last post, squid.conf had a bad entry: 'request_body_max_size KB'. This was due to the fact that the startup mechanism was writing this value from a variable $MAX_OUTGOING_SIZE in squid.conf.tmpl. $MAX_OUTGOING_SIZE was never initialized so no number appeared with the request_body_max_size property setting in squid.conf. For now, I simply commented out the entry in squid.conf.tmpl. (The squid doc says the value defaults to 1 MB.) From there I could start squid, havp, clamd, and dansguardian. After verifying the system--both through a little surfing and through inspecting the dashboard/status pages--I rebooted the machine. It came up ok. Case closed. I'm wondering if I should reinstall squid. I notice the latest stable release is 3.1 and the version that came with Endian 2.4 is an older 2.x version. Any recommendations? Title: Re: Simple question concerning transparent proxy (efw 2.4) Post by: immortal2010 on Wednesday 22 September 2010, 04:07:53 pm hi hello every one..
am a newbie to EFW well i am having the problem with transparent proxy configuration. I have two different issues. 1. I can't get the mails in my mail client like Evolution. However i can send the emails but don't see any emails in the inbox of my email clients. I think there is sth to be done with SMTP or HTTP proxy. 2. another issue is howto use the Authentication active in HTTP proxy. I have made a search in many forums regarding the user authentication. They said that with transparent proxy , user/group authentication is not available, however with non-transparent proxy, user authentication can be made. pleas clear me with these doubts and if possible guidance too. thanks in advance.. |