Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 22 November 2024, 08:16:32 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14258 Posts in 4377 Topics by 6516 Members
Latest Member: DaveH
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Authentication on transparent proxy?? RESOLVED!
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Authentication on transparent proxy?? RESOLVED!  (Read 38732 times)
zelemo
Jr. Member
*
Offline Offline

Posts: 6


« on: Friday 29 May 2009, 06:17:33 am »

Hi newbie here.

I've got a very frustrating problem on 2.2rc3.  Just installed it, and I've set it up for transparent proxy on HTTP.

And when I do, every time anyone goes to any web site, I get the message :-

The requested URL could not be retrieved
While trying to retrieve the URL: <whatever>

The following error was encountered:

Unable to forward this request at this time.

Sorry, you are not currently allowed to request:
<whatever>
from this cache until you have authenticated yourself.

This request could not be forwarded to the origin server or to any
parent caches. The most likely cause for this error is that:
The cache administrator does not allow this cache to make direct connections to origin servers, and
All configured parent caches are currently unreachable.

It's driving me mad!  It shouldn't have any reference to authentication,as it's transparent.  If I bypass the proxy, it's fine.

The only thing I've done that's not straight "out-of-the-box" is to replace the standard blacklist with the ones in URLblacklist.com.  But that shouldn't have any effect.

Suggestions gratefully accepted.  Thanks.
Logged
inteq
Full Member
***
Offline Offline

Posts: 12


« Reply #1 on: Friday 29 May 2009, 06:19:31 am »

Have you added anything in the Proxy config that refer to parent proxies?
If so, delete that.
Logged
zelemo
Jr. Member
*
Offline Offline

Posts: 6


« Reply #2 on: Friday 29 May 2009, 06:51:20 am »

Nope.  The only thing I can find that is even like that refers to "upstream proxies" but I've left that strictly alone.  I'm not using any other proxies apart from this one - normal access for web sites is "direct connection" which just uses the default gateway which is the firewall and is meant to use the transparent proxy.

Apart from the urlblacklist, I've touched NO config files - just installed and configured it via the web interface.
Logged
inteq
Full Member
***
Offline Offline

Posts: 12


« Reply #3 on: Friday 29 May 2009, 10:42:12 am »

Stupid question, but the PCs behind the proxy are on the same subnet as the green interface?
Logged
zelemo
Jr. Member
*
Offline Offline

Posts: 6


« Reply #4 on: Friday 29 May 2009, 03:52:31 pm »

No, it's a fair question and yes they are.  If I switch from "transparent" to "disabled" it all springs into life.  That's how it's set up at the moment, and how I'm replying to you now.

It did actually work for a  of days...I'm going to try switching back to the original blacklist.  Can't see why that should make ANY difference....
Logged
zelemo
Jr. Member
*
Offline Offline

Posts: 6


« Reply #5 on: Saturday 30 May 2009, 07:22:36 am »

OK - it's fixed.

It WAS to do with the new blacklist from URLBlacklist.  I'd installed the new blacklist, but it was still sorted.  And it seems that dansguardian is extremely bad at dealing with sorted lists - it puts the firewall CPU up to 100% and stays there for a LONG time.  I never actually had enough patience to confirm whether it finished or not.  BUT....while it was in that state, it wouldn't deal with requests through the proxy.  (I only have a little 386 machine with a mere 256K of RAM, so it was probably struggling...).

So I took the advice of the URLBlacklist site and rl'd all the files.  Blacklist now works, dansguardian runs in seconds when it starts and everything is hunky dory.

Hope this helps someone else who runs into this problem.
Logged
inteq
Full Member
***
Offline Offline

Posts: 12


« Reply #6 on: Saturday 30 May 2009, 08:31:14 am »

Now that is one machine spec I haven't seen in ages Smiley
You must be very patient....
Logged
zelemo
Jr. Member
*
Offline Offline

Posts: 6


« Reply #7 on: Saturday 30 May 2009, 08:30:00 pm »

Actually, that's a typo.  Even I don't have any 386 machines lying around any more.  It's a Pentium III.

It was sitting in the corner doing nothing, so I thought I'd try installing Endian on it.   For just two or three users, it works fine (so long as you don't use the phrase-matching content filter!); I've got a 10M cable connection and I get 9.5M through the firewall....so that's great.

Having said all that, I have actually ordered a Pentium 4 with a gig of RAM from good ol' eBay, which should ensure I don't even get close to running out of ooomph.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com