Author Topic: [solved] Getting trouble in configuring explicit proxy in zentyal 3.0  (Read 7855 times)

Zent User

  • Zen Warrior
  • ***
  • Posts: 121
  • Karma: +1/-3
    • View Profile
@ Christian,

      I've mistakenly removed the old topic,So posting newly again here,

  My question follows:

Quote
@Christian,

      Sorry to interrupt you,I've read each and every post relating to explicit proxy setup,even though I'm not able to configure correctly,So,I'm posting everything what I've configured still now,if everything goes fine then I'll upload a video relating this

server name: msserver01.lan,its eth1(internal interface) ip is 192.168.6.1,clients range 192.168.6.2-192.168.6.30

Currently one client is there connected to server who's name is system01.desktop ip is 192.168.6.5(assigned by DHCP)

How steps followed from http://trac.zentyal.org/wiki/Documentation/Community/HowTo/SelectRightHTTPproxyDesign link,I want to go with WPAD with DNS option instead of DHCP

Steps

1)
Quote
DNS, with the “well known aliases” method, is easier because, if your clients FQDN is, thanks to DHCP, inherited from domain name, then browser will search for wpad.(whatever).yourdomain[4]. Let's make it clearer
you domain is "mydomain.com"
client, thanks to DHCP is known as "client.private.mydomain.com"
WPAD mechanism will search in DNS for
wpad.private.mydomain.com
wpad.mydomain.com

   Already I've one entry in DNS module,with DOMAIN (msserver01.lan),in host tab I've added two entries newly one for wpad having Hostname as "wpad",IP as 192.168.6.1,alias as "wpad.msserver01.lan" and other for client having Hostname as "system01.desktop",IP as 192.168.6.5

2)
Quote
create a wpad.dat file and store it at the root of your wpad.yourdomain[4] web server, that's it.

Generic wpad.pad example:

proxy.pac or wpad.dat example:

function FindProxyForURL(url, host)
{
   if (isInNet(host, "192.168.0.0", "255.255.255.0")) {
      return "DIRECT";
   } else {
      if (shExpMatch(url, "http:*"))
         return "PROXY zentyal.yourdomain.com:3128" ;
      if (shExpMatch(url, "https:*"))
         return "PROXY zentyal.yourdomain.com:3128" ;
      if (shExpMatch(url, "ftp:*"))
         return "PROXY zentyal.yourdomain.com:3128" ;
      return "DIRECT";
   }
}

      I've created a file with name "wpad.dat" in "/var/www" with content as

function FindProxyForURL(url, host)
{
   if (isInNet(host, "192.168.6.0", "255.255.255.192")) {
      return "DIRECT";
   } else {
      if (shExpMatch(url, "http:*"))
         return "PROXY msserver01.lan:3128" ;
      if (shExpMatch(url, "https:*"))
         return "PROXY msserver01.lan:3128" ;
      if (shExpMatch(url, "ftp:*"))
         return "PROXY msserver01.lan:3128" ;
      return "DIRECT";
   }
}

         And in webserver module I've added virtual host with name as "wpad.msserver01.lan" and removed all entries in Firewall->Rules for internal network.I've tried in chrome and in firefox,after some it showing  "Error 7(net::ERR_TIMED_OUT):The operation timed out."

  Christian,where I was doing mistake ? please assist me

 questions which you have raised

  My server name : msserver01
  Domain name : msserver01.lan

 I've default entry in DNS,with domain name as "msserver01.lan" in that I've given "wpad" in "hostname tab" and "192.168.6.1" in "ip address tab".

Doubt: There was another entry in hostnames tab as "system10.desktop.lan" with "IP" as "192.168.6.5",now I deleted it,even though in my client system when I give "system10.desktop.lan" I'm able to  access index.html file,how ? I've cleared browser history also.

               Christian I'm very much glad to you,Sorry for giving lot of strain to you.
« Last Edit: November 23, 2012, 10:03:41 am by Zent User »
Regards
Zent User

christian

  • Guest
Re: Getting trouble in configuring explicit proxy in zentyal 3.0
« Reply #1 on: November 17, 2012, 10:59:44 am »
As you've already read my previous reply, please fix your proxy.pac (or wpad.dat) file to user Zentyal FQDN  ::)

Zent User

  • Zen Warrior
  • ***
  • Posts: 121
  • Karma: +1/-3
    • View Profile
Re: Getting trouble in configuring explicit proxy in zentyal 3.0
« Reply #2 on: November 17, 2012, 12:06:01 pm »
Sorry Christian,I didn't get you,is there anything wrong in wpad.dat file ?
Regards
Zent User

christian

  • Guest
Re: Getting trouble in configuring explicit proxy in zentyal 3.0
« Reply #3 on: November 17, 2012, 12:20:23 pm »
yes, as you read it because you specify now what's your domain is, you should have understood that expectation in wpad.dat file is to set FQDN for proxy server.
What is perhaps not clear to you is that FQDN is made of host name (here msserver01) and domain name (here msserver01.lan)

yes, your domain name is strange but this is your choice  ;)

then fqdn is msserver01.msserver01.lan  8)

Zent User

  • Zen Warrior
  • ***
  • Posts: 121
  • Karma: +1/-3
    • View Profile
Re: Getting trouble in configuring explicit proxy in zentyal 3.0
« Reply #4 on: November 17, 2012, 12:51:46 pm »
Thanks Christian,

        I've changed "msserver01.lan" to "msserver01.msserver01.lan" and tried but failed,again I've given "http://msserver01.msserver01.lan/wpad.dat" in network proxy setting of the system,even though it failed(I've selected "Autoproxy" in browser").I hope I'm using 3.0 So, there is no entries required in SRV and TXT tabs ? Currently I've only one record in DNS module with name msserver01.lan which exist by default,in that only I've added required things.
« Last Edit: November 17, 2012, 01:20:45 pm by Zent User »
Regards
Zent User

christian

  • Guest
Re: Getting trouble in configuring explicit proxy in zentyal 3.0
« Reply #5 on: November 17, 2012, 01:47:37 pm »
I don't see why using 3.0 prevent to add SRV entry  ::)
You obviously did read my previous reply (the one erased while removing your post) as you highlighted in this thread what your domain name is and now you focus on SRV record.

Again, to it step by step:
- write correct wpad.dat
- test it using (explicitly in conf) proxy with both IE and Firefox browsers
- once and only once this works, you can focus on the automatic detection

You are not yet at the stage you can try to solve the whole stack in one simple move  ;)

Zent User

  • Zen Warrior
  • ***
  • Posts: 121
  • Karma: +1/-3
    • View Profile
Re: Getting trouble in configuring explicit proxy in zentyal 3.0
« Reply #6 on: November 17, 2012, 02:04:21 pm »
ok thanks,

   Now I'll come with from first step but I didn't understand how to check proxy conf by using IE and FireFox,will you explain clearly
Regards
Zent User

christian

  • Guest
Re: Getting trouble in configuring explicit proxy in zentyal 3.0
« Reply #7 on: November 17, 2012, 04:34:38 pm »
 ::)
In firefox, there is an option to specify URL from where proxy.pac is loaded ("automatic proxy configuration URL")
In IE, "use automatic configuration script" has exactly same purpose.

Doing so, you will load you wpad.dat (or proxy.pac) and ensure it works as expected.

flicker

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
How we should came to know,FQDN is working ?
« Reply #8 on: November 19, 2012, 05:54:24 am »
I'm going to setup explicit proxy,before that I want to confirm that FQDN is working,for that how I need to check ?


[MODERATOR MODE]
I'm merging this post because even if forum member looks different, topic is obviously the same, from same source BTW  ::)
Creating multiple new post for same topic, after having, by mistake, deleted one similar thread, is the best way not to get any support from forum because it makes everything difficult to follow
Try to make it easy and simple for other forum members please  :)
[/MODERATOR MODE]
« Last Edit: November 19, 2012, 08:19:42 am by christian »

Zent User

  • Zen Warrior
  • ***
  • Posts: 121
  • Karma: +1/-3
    • View Profile
Re: Getting trouble in configuring explicit proxy in zentyal 3.0
« Reply #9 on: November 19, 2012, 06:16:53 am »
I've given automatice proxy configuration URL as http://msserver01.msserver01.lan/wpad.dat in firefox,after some time browser showing "Timed Out". When I give that url in address the file (wpad.dat) is downloading.

    When I'm going for wpad.dat approach I'm deleting firewall record having "any-allow",because it allowing the site to browse.
Regards
Zent User

christian

  • Guest
Re: Getting trouble in configuring explicit proxy in zentyal 3.0
« Reply #10 on: November 19, 2012, 08:10:44 am »
1 - Control at FW is to prevent users to bypass proxy. It has nothing to do with wpad.
2 - This to say that you must first start with proxy validation: if you set proxy in your browser, does it work? first step  8)
3 - Second step is to set-up proxy.dat or wpad.dat file and ensure it work when configuring URL. Second setp. If you get time-out here, this means that wpad.dat has something wrong.
' - third step is to use either DHCP or DNS discovery method.

christian

  • Guest
Re: How we should came to know,FQDN is working ?
« Reply #11 on: November 19, 2012, 08:11:53 am »
Could you explain what you mean with "FQDN is working"?

Zent User

  • Zen Warrior
  • ***
  • Posts: 121
  • Karma: +1/-3
    • View Profile
Re: Getting trouble in configuring explicit proxy in zentyal 3.0
« Reply #12 on: November 19, 2012, 08:34:04 am »
Thanks Christian,

         Lot of Zentyal users suffering in setting explicit proxy,even forum moderators(like you) also in guiding suffering in guiding newbie's(like me),even though you have suggested built-in Explicit Proxy feature for next coming versions of Zentyal,we are happy for that,if possible why can't we have clear explanation in setting up explicit proxy,how this http://download.webtitan.com/manuals/webtitan_quickstart_WPAD.pdf .Please don't take my words negative way,it will save your's time also.
Regards
Zent User

christian

  • Guest
Re: Getting trouble in configuring explicit proxy in zentyal 3.0
« Reply #13 on: November 19, 2012, 08:47:21 am »
I don't take your comment the wrong (bad) way but just don't understand what you mean.
Your main issue is not with proxy setting but with basic networking stuff.
You have defined in your wpad.dat domain name instead of server name  :o and you still try to solve everything stacked instead of checking every single (simple) step as I suggest.

I explained the proxy stuff in the HowTo pages. Some other sites available on internet also describe this in an even better and clearer way. However link you show here just make things a bit confusing as it show only partial stuff dedicated to another product.

I think I already explained everything. If you still don't understand but can't explain further what is not clear to you, then I can't help further.

I think you should get in touch with "flicker" who is facing, as you, FQDN related question that may solve your problem with wpad.dat  ;)

Zent User

  • Zen Warrior
  • ***
  • Posts: 121
  • Karma: +1/-3
    • View Profile
Re: Getting trouble in configuring explicit proxy in zentyal 3.0
« Reply #14 on: November 19, 2012, 09:56:48 am »
@Christian,

      I'll able to configure basic network stuff,currently,DHCP,DNS,HTTP Proxy(Transparent),Firewall,File Sharing,etc working fine for me.Just I want to move from Transparent Proxy to Explicit Proxy here I struck.

      Currently I tried with DNS as in some posts I read that its easy to implements,If possible can you explain how I need to proceed with DHCP.
 
  if (isInNet(host, "192.168.6.0", "255.255.255.192"))
   {
      return "DIRECT";
    }

         Now I will keep above code in wpad.dat,I think it will redirect any request from 192.168.6.0/24 to requested URL ?,So there will be no issues.(once everything works fine I write other rules).

Doubt : Should we delete "allow any rule" in firewall or not before implementing explicit proxy ?

     The main intention of link in previous post is,how they are shown with screenshots,that's it.

    I'm not understanding that in which way I can express my thankfulness to you,because I crossed the limits of "Support" .
« Last Edit: November 19, 2012, 10:04:41 am by Zent User »
Regards
Zent User