EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: supportov on Saturday 30 July 2011, 11:16:26 pm



Title: use only proxy server
Post by: supportov on Saturday 30 July 2011, 11:16:26 pm
Hi all,

I would like to use only the proxy server part from endian, i already have a router that is gateway , i have installed Endian 2.4.1 , and i would like all http traffic to  go to the proxy server on my endian. Is there a way i can route the trafic to the proxy server.

Thanks,


Title: Re: use only proxy server
Post by: Milkwerm on Thursday 04 August 2011, 07:53:04 am
This is exactly how I use my Endian install. just install with one NIC (RED) and set it to gateway in the network settings pages.

Although I'm hunting around now for a content filter capable of Kerberos authentication due to the number of Win7 and server 2008R2 installs were pushing out. Modifying reg keys to enable ntlm v2 on all these boxes is a pain. :-\ (and yes I could do it with Group preferences, but I'd rather do it using the correct mechanisms for the new OS's  ;) )


Title: Re: use only proxy server
Post by: mrkroket on Thursday 04 August 2011, 09:26:29 am
Endian can use proxy http content filter.
You just connect to your active directory, and create rules with groups.

And it works, all http/https traffic goes via proxy and get logger by user.


Title: Re: use only proxy server
Post by: Milkwerm on Wednesday 07 September 2011, 02:18:12 pm
I already have mine doing NTLM authentication via AD. what I want is native Kerberos support. MS has moved on from using NTLM as its main auth mechanism. A default Windows7 install will never get out though the proxy on a ENDIAN box (that has AD auth turned on) because of the lack of Kerberos support. Squid most definitely supports it as I have build a Debian/Squid3 box that worked, unfortunately finding a content filter with kerberos support is proving problematic (Dans Guardian has no immediate plans for it sadly).     :-[


Title: Re: use only proxy server
Post by: mrkroket on Thursday 15 September 2011, 04:58:28 am
A default Windows7 install will never get out though the proxy on a ENDIAN box (that has AD auth turned on)
I was writing this just with Win7 using non-transparent proxy...

I'm using Windows Server 2008 R2 as Active Directory, and I can use non-transparent HTTP proxy without problems, using NTLM auth.
I didn't change anything on either Win7 boxes or Windows 2008 R2 DC.

What I indeed change on 2.4.0 was some packages to allow Windows server 2008 R2 AD:
http://www.efwsupport.com/index.php?topic=1949.0 (http://www.efwsupport.com/index.php?topic=1949.0)


Title: Re: use only proxy server
Post by: Milkwerm on Thursday 29 September 2011, 12:56:49 pm
Thanks mrkroket, I will have a play around with that.
Although mine was built in a 2k3 domain that is now mixed mode 2k3/2k8r2 DC's so it has always worked until I added the win7 clients.
I found that i had to edit the registry on Win7 to change the NTLMv2 settings before the browser would authenticate. never thought to check the Squid version after that.


Title: Re: use only proxy server
Post by: mrkroket on Friday 30 September 2011, 02:36:04 am
As you say you can always deploy the reg tweaks via GPO. This should be a one step update for all machines in your domain.
It's minor issue if with that works correctly.


Title: Re: use only proxy server
Post by: fobe on Friday 13 January 2012, 03:14:35 am
Hi All,

I'm using EFW Community 2.5 but I'm unable to choose only the "RED" interface. I can use 1 NIC but then the "Wizard" is asking for a second RED NIC and also the RED NIC is then the same network as the GREEN NIC.

Could someone tell me how to accomplish to have Endian FW 2.5 only as webproxy?


Title: Re: use only proxy server
Post by: mrkroket on Friday 13 January 2012, 04:17:45 am
You can create a "fake" RED interface, a RED gateway interface. Create it on Network->Interfaces->Uplinks, an uplink of type Gateway.


Title: Re: use only proxy server
Post by: fobe on Friday 13 January 2012, 04:51:38 am
thanks for the fast reply & help, it's working now :)


Title: Re: use only proxy server
Post by: davvidde on Monday 23 January 2012, 02:09:05 am
I have an Endian 2.2 box (I know, I'm late yet) with the above config (one NIC, proxy server not transparent, dansguardian + AD 2000/2003 mixed) and I deployed with GPO the "LmCompatibilityLevel" registry key which permits in the Win7 Clients the authentication to the NTLM module in Squid/Endian.
Do Anyone know, if I upgrade to EFW 2.5, the Win7 Clients may authenticate without the "downgrading" of LMCompatibility Level?

Thanks
Davide.