Author Topic: [SOLVED] Problem accessing Zentyal Web Administrator through the proxy  (Read 1213 times)

luiz Peterli

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Hello everyone!

I have version 6.1.2 of Zentyal running on Ubuntu 18.04. On this server I have the AD / DNS Firewall / Squid IPS / IDS modules on the WAN interface and the VPN module.

Everything works fine, but when I enable the proxy, even without any blocking rules, I can't access the Zentyal administration web interface through my internal network (LAN).

So, I created a permissive proxy rule for the IP, domain and URL of my Zentyal.lan, and I still can't access it when my station is configured behind the proxy.

Remember that when I remove my browser from the proxy the access happens normally, but behind the proxy the log access.log returns the following:

1580143516.314 0 172.16.99.99 TCP_DENIED / 403 23229 CONNECT zentyal.dominio.local: 8443 - HIER_NONE / - text / html

or

1580143559.826 0 172.16.99.99 TCP_DENIED / 403 23187 CONNECT 172.16.99.251:8443 - HIER_NONE / - text / html


I imagine that this could be a proxy problem with port 8443, but I can't find a method to put that port inside Squid's Safe_ports.

When I try to add port 8443 to Squid's Safe_ports ACL from the command line, and Zentyal saves some changes to the proxy module, the rule I entered from the command line is overwritten / deleted from the server's squid.conf, I can access.

Given the problem described above, I would like to know, is it possible to access the address https: //servidor.local: 8443 with the machine behind the Zentyal proxy?

Thanks in advance.
« Last Edit: January 27, 2020, 09:39:27 pm by luiz Peterli »

luiz Peterli

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Problem accessing Zentyal Web Administrator through the proxy
« Reply #1 on: January 27, 2020, 09:39:10 pm »
I was able to access the Zentyal administration interface from a machine behind the proxy.

What happens is that the tests I had done so far were based on taking a machine out of the proxy, setting the proxy settings directly in the browser (firefox) and trying to do the tests, in this descriot scenario it was the errors that happened.

I just raised a virtual windows 7 machine with the Virtual box, inserted it in my domain, it automatically accepted my server's WPAD and thus I was able to access the Zentyal WEB interface and still managed to make my proxy blocks remain.

Therefore, for the test to be really validated, the machine in question had to be inserted in the domain and completely within the proxy's moorings.