/etc/environment

[joesox]

I have placed a new line in /etc/environment and shutdown -r now
and printenv doesn't show the new addition.
How do I add the following line to zentyal environment?
http_proxy="http://SQUIDIP:3128/"

[christian]

Do you confirm you want Zentyal to use itself as HTTP proxy?
Why, for my knowledge?

[joesox]

I am not sure I am doing this right but troubleshooting why
End users don't get proxied (sites blocked in SQUID are being allowed)
I set up a PBR and Juniper support confirmed with me that
traffic is going thru Zentyal server but nothing in the SQUID
access.log. My lab is setup below.
We can't set everyone's browser for proxy so it needs to be
transparent.


-------------------------------------------
|                Juniper SSG5                        |
|  eth0Untrust    eth0/1DMZ    eth0/2Trust |
--------|------------|-------------|-------
           |                 |                  |
      Internet        Zentyal         End Users

[christian]

The fact that you decide to go for explicit or transparent proxy is not linked with implementation that will make use of proxy mandatory, at least for what I understand 
I'm not sure to clearly understand your "schema" but it looks like:
- Zentyal is having only one interface
- Zentyal is de-facto not network default gateway for devices attached to eth0/2Trust
- your key component is Juniper (acting as FW I believe)

With such design:
- transparent proxy just doesn't work, or at least no "out of the box"
- without specific rules at FW level, users can still go through Juniper and access internet

The best you can do (again assuming I understand properly) is to:
- at Juniper level, to redirect out-going flow from eth0/2Trust to eth0/1DMZ
- allow only connection from eth0/1DMZ to eth0Untrust
and... this doesn't work yet because, due to willingness (or constraint) to use transparent proxy, end-user must be able to resolve names, thus access to either internal DNS handling this or direct access to external DNS, thus some exception must be defined within above principle.

I hope this helps 

[joesox]

That's what I am doing now. the PBR on the Juniper forces port 80 thru DMZ host (Zentyal). I do have some DNS allowed.
I will recheck my settings. Like I stated before, Juniper support verified that the Juniper is working properly. The HTTP Proxy host needs to be tweaked. I have read some things that the http_proxy needs to be set. Perhaps I need to follow these instructions?

http://wiki.squid-cache.org/ConfigExamples/Intercept/DebianWithRedirectorAndReporting

[christian]

What is described is this document is basically what you will get while selecting "transparent proxy" in Zentyal GUI.
But I can't see anything aiming at defining server (here Zentyal) as its own proxy server. Furthermore, it doesn't make sense to me.

Still could you clarify you Zentyal configuration for me?
- only one network interface isn't it?
- defined as internal or external?

I'm curious because I'm wondering how this kind of config (single interface AND transparent proxy) works at Zentyal level without some NAT 

[joesox]

- only one network interface isn't it?
Yes, as a proof of concept for now

- defined as internal or external?
It is defined as an internal right now, maybe that is my issue.

Here is the Document for 'Linux traffic Interception with Squid and the Browser on the same box'
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxLocalhost