Author Topic: Proxy And Firewall (Read 3149 times)

Pfff · « **on:** December 10, 2012, 02:03:11 pm »

Hello

Since several day, it seems my transparent proxy didnot work...
When I desactivate and reactivate the modules, I have this message:

Code: [Select]

Changes saved

The process produced some warning messages:

Firewall failed to add rules for the following modules: squid. Probably this is caused by a lack of connectivity, check your configuration or disable those modules

Any ideas?

jvallecillo · « **Reply #1 on:** January 23, 2013, 11:04:33 pm »

I have the same issue. $:-\$

jvallecillo · « **Reply #2 on:** February 08, 2013, 07:29:22 pm »

Hey Pfff

http://xkcd.com/979/

Javier Amor Garcia · « **Reply #3 on:** February 10, 2013, 01:47:53 pm »

Normally is caused by.. lack of connectivity. Could you check that you have firewall rules using domain names?. They ccoudl be vulnerable to lack of DNS resolution.

If not, I suggest you to enable debug mode ( http://trac.zentyal.org/wiki/Documentation/EnableDebugMode ) and retry. In the zentyal.log the iptables commands will be show so you could check what one is causing trouble

jvallecillo · « **Reply #4 on:** February 13, 2013, 02:14:27 am »

Quote from: Javier Amor Garcia on February 10, 2013, 01:47:53 pm

They ccoudl be vulnerable to lack of DNS resolution.

I do not understand why does lack of DNS resolution is related with the firewall not adding rules for squid.
Squid is running and listening on default port (3128) but iptables is not sending http requests to the proxy port.

Quote from: Javier Amor Garcia on February 10, 2013, 01:47:53 pm

Could you check that you have firewall rules using domain names?

By firewall rules using domain names you mean rules using DNS service ports? Could you be more specific?

Thank you for your answer

Javier Amor Garcia · « **Reply #5 on:** February 13, 2013, 08:14:52 am »

Hello,

I mean that the source or destination are set to a domain name. But it seems is not your case, so forget it.

Before enabling debug mode there is other quick test you can do. Run this commands:

Code: [Select]

sudo squid -k parse /etc/squid4/squid.conf
sudo squid -k parse /etc/squid3/squid-external.conf

If they found some error, paste it there. If not, you can then try the debug mode.

jvallecillo · « **Reply #6 on:** February 13, 2013, 08:06:29 pm »

Thanks for your help.
I enabled the debug mode and found the iptables rule that failed logged in /var/log/zentyal/zentyal.log:

Code: [Select]

Error output: iptables v1.4.12: host/network `fulanito.fulano' not found
 Try `iptables -h' or 'iptables --help' for more information.

This domain was in the Transparent Proxy Exemptions but I did'nt added the A record for it in the DNS Service.
I wasn't finding any relationship between bind-iptables-squid but now it makes sense.

Thank you so much Javier

Javier Amor Garcia · « **Reply #7 on:** February 14, 2013, 08:39:22 am »

I am glad that you solved the problem

christian · « **Reply #8 on:** February 14, 2013, 09:25:41 am »

@jvallecillo: may I kindly ask you to edit your first post's title and stamp it as [SOVLED] ?

Cookies usage

Author Topic: Proxy And Firewall (Read 3149 times)

Pfff

Proxy And Firewall

jvallecillo

Re: Proxy And Firewall

jvallecillo

Re: Proxy And Firewall

Javier Amor Garcia

Re: Proxy And Firewall

jvallecillo

Re: Proxy And Firewall

Javier Amor Garcia

Re: Proxy And Firewall

jvallecillo

Re: Proxy And Firewall

Javier Amor Garcia

Re: Proxy And Firewall

christian

Re: Proxy And Firewall