Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 11 August 2022, 08:41:23 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14173 Posts in 4334 Topics by 6325 Members
Latest Member: edegiobbi
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  use only proxy server
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: use only proxy server  (Read 14543 times)
supportov
Jr. Member
*
Offline Offline

Posts: 1


« on: Saturday 30 July 2011, 11:16:26 pm »

Hi all,

I would like to use only the proxy server part from endian, i already have a router that is gateway , i have installed Endian 2.4.1 , and i would like all http traffic to  go to the proxy server on my endian. Is there a way i can route the trafic to the proxy server.

Thanks,
Logged
Milkwerm
Jr. Member
*
Offline Offline

Posts: 6


« Reply #1 on: Thursday 04 August 2011, 07:53:04 am »

This is exactly how I use my Endian install. just install with one NIC (RED) and set it to gateway in the network settings pages.

Although I'm hunting around now for a content filter capable of Kerberos authentication due to the number of Win7 and server 2008R2 installs were pushing out. Modifying reg keys to enable ntlm v2 on all these boxes is a pain. Undecided (and yes I could do it with Group preferences, but I'd rather do it using the correct mechanisms for the new OS's  Wink )
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #2 on: Thursday 04 August 2011, 09:26:29 am »

Endian can use proxy http content filter.
You just connect to your active directory, and create rules with groups.

And it works, all http/https traffic goes via proxy and get logger by user.
Logged
Milkwerm
Jr. Member
*
Offline Offline

Posts: 6


« Reply #3 on: Wednesday 07 September 2011, 02:18:12 pm »

I already have mine doing NTLM authentication via AD. what I want is native Kerberos support. MS has moved on from using NTLM as its main auth mechanism. A default Windows7 install will never get out though the proxy on a ENDIAN box (that has AD auth turned on) because of the lack of Kerberos support. Squid most definitely supports it as I have build a Debian/Squid3 box that worked, unfortunately finding a content filter with kerberos support is proving problematic (Dans Guardian has no immediate plans for it sadly).     Embarrassed
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #4 on: Thursday 15 September 2011, 04:58:28 am »

A default Windows7 install will never get out though the proxy on a ENDIAN box (that has AD auth turned on)
I was writing this just with Win7 using non-transparent proxy...

I'm using Windows Server 2008 R2 as Active Directory, and I can use non-transparent HTTP proxy without problems, using NTLM auth.
I didn't change anything on either Win7 boxes or Windows 2008 R2 DC.

What I indeed change on 2.4.0 was some packages to allow Windows server 2008 R2 AD:
http://www.efwsupport.com/index.php?topic=1949.0
Logged
Milkwerm
Jr. Member
*
Offline Offline

Posts: 6


« Reply #5 on: Thursday 29 September 2011, 12:56:49 pm »

Thanks mrkroket, I will have a play around with that.
Although mine was built in a 2k3 domain that is now mixed mode 2k3/2k8r2 DC's so it has always worked until I added the win7 clients.
I found that i had to edit the registry on Win7 to change the NTLMv2 settings before the browser would authenticate. never thought to check the Squid version after that.
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #6 on: Friday 30 September 2011, 02:36:04 am »

As you say you can always deploy the reg tweaks via GPO. This should be a one step update for all machines in your domain.
It's minor issue if with that works correctly.
Logged
fobe
Jr. Member
*
Offline Offline

Posts: 2


« Reply #7 on: Friday 13 January 2012, 03:14:35 am »

Hi All,

I'm using EFW Community 2.5 but I'm unable to choose only the "RED" interface. I can use 1 NIC but then the "Wizard" is asking for a second RED NIC and also the RED NIC is then the same network as the GREEN NIC.

Could someone tell me how to accomplish to have Endian FW 2.5 only as webproxy?
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #8 on: Friday 13 January 2012, 04:17:45 am »

You can create a "fake" RED interface, a RED gateway interface. Create it on Network->Interfaces->Uplinks, an uplink of type Gateway.
Logged
fobe
Jr. Member
*
Offline Offline

Posts: 2


« Reply #9 on: Friday 13 January 2012, 04:51:38 am »

thanks for the fast reply & help, it's working now Smiley
Logged
davvidde
Full Member
***
Offline Offline

Gender: Male
Posts: 68


« Reply #10 on: Monday 23 January 2012, 02:09:05 am »

I have an Endian 2.2 box (I know, I'm late yet) with the above config (one NIC, proxy server not transparent, dansguardian + AD 2000/2003 mixed) and I deployed with GPO the "LmCompatibilityLevel" registry key which permits in the Win7 Clients the authentication to the NTLM module in Squid/Endian.
Do Anyone know, if I upgrade to EFW 2.5, the Win7 Clients may authenticate without the "downgrading" of LMCompatibility Level?

Thanks
Davide.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.095 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com