Author Topic: Gateway Only Mode - Internet through Gateway (without proxy)  (Read 3023 times)

ashokjp

  • Zen Apprentice
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Gateway Only Mode - Internet through Gateway (without proxy)
« on: November 17, 2011, 12:28:18 pm »
I am trying to setup Zentyal as a gateway on my network. I need client machines to access internet directly through gateway without using proxy. Everything works fine, ping, server is able to connect to internet, client is able to connect "via proxy" but not directly without proxy

The server is able to ping, resolve domains, to internet fine.
But when it comes to client machine, they are not able to access internet via default gateway.

Connection Setup
eth0 - external interface
eth1 - internal interface

Connection Path
router (192.168.1.2) --> eth0(192.168.1.254) -->eth1(10.0.0.254)-->internal networks in 10.0.0.x range

Interface and gateway configurations in zentyal
external interface eth0 - ip:192.168.1.254 | gateway 192.168.1.2
internal interface eth1(10.0.0.254)

The internal machines have default gateway set as the server internal interface ip - 10.0.0.254 and it is pinging fine from the internal clients.
The server can ping the internal client and client can ping back
Client is able to connect to internet via proxy @ 3128 port.

Have searched forum, tried the below, but no positive results
  • edit /etc/sysctl.conf and uncomment net.ipv4.ip_forward=1
  • Tried giving allow for all firewall configuration categories
  • tried running iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Tried fresh install 3 times. Spend an hour on forum search, couldnt get anything helpfull.
Any help is deeply appreciated

ashokjp

  • Zen Apprentice
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: Gateway Only Mode - Internet through Gateway (without proxy)
« Reply #1 on: November 17, 2011, 12:32:16 pm »
attached screenshots of configuration pages

ashokjp

  • Zen Apprentice
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: Gateway Only Mode - Internet through Gateway (without proxy)
« Reply #2 on: November 18, 2011, 04:15:21 pm »
anyone ? any help ?

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Gateway Only Mode - Internet through Gateway (without proxy)
« Reply #3 on: November 18, 2011, 04:23:58 pm »
What are your firewall rules look like in the firewall section:  internal to external networks???

Is there a rule which allows any internal connection to port 80 or 443???     


ashokjp

  • Zen Apprentice
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: Gateway Only Mode - Internet through Gateway (without proxy)
« Reply #4 on: November 18, 2011, 06:55:56 pm »
Yes, I had seen suggestions like that in forum, so i had enabled http. infact i even tried putting a rule with accept from any source to any destination in all firewall categories.

Http proxy is working fine, but i need internal machines to access internet through gateway (zentyal ip) without proxy
directly,

bcz some of our office apps dont work with proxy.

-- client can ping zentyal gateway but cannot ping to internet
-- client can browse through proxy

Currently in that section of firewall, only 1 rule which gives access from and to any network

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Gateway Only Mode - Internet through Gateway (without proxy)
« Reply #5 on: November 18, 2011, 07:12:27 pm »
What about under the proxy module??  Do you have anything checked?? 

Now if you look at the firewall logs..  taking a simple client pc sending traffic to port 80 .... what does the firewall log tell you.

Just trying to break this down into step by step trouble shooting.

1) make sure in proxy no transparent proxy is checked.
2) in firewall from internal to external network you have a rule for either any - any or any to http (with http defined as port 80 and 443)
3) on the client make sure they are not point at the proxy port 3128 (default for zentyal)
4) check to make sure the gateway is set properly for the client (should be the IP of the internal interface)

Now if you have all this done and its still not working.  Try running a port scan from the client to see if port 80 on the system is open.  Also check firewall logs and see what they say is happening to the client. dropping packets???

ashokjp

  • Zen Apprentice
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: Gateway Only Mode - Internet through Gateway (without proxy)
« Reply #6 on: November 18, 2011, 07:15:12 pm »
1. I have tried with proxy --> transparent proxy checked as well as unchecked
2. I have tried putting ACCEPT ALL (ANY) source and destination in all sections of firewall
3. I am talking about ping to internet, in client too, which doesnt go through proxy.
-- I have verified no proxy has been set in client
4. I have tried setting gateway manually, croscchecked a dozen times as well as set using dhcp

Firewall logs are empty. :(

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Gateway Only Mode - Internet through Gateway (without proxy)
« Reply #7 on: November 18, 2011, 07:21:35 pm »
sorry for firewall logs to work you need to set a rule in the firewall section you want to monitor.  The rule should be log any from any.  should be the first rule in that section!!

Add that and set the system with the steps I provided.  Lets see what the read out is :)


ashokjp

  • Zen Apprentice
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: Gateway Only Mode - Internet through Gateway (without proxy)
« Reply #8 on: November 18, 2011, 08:20:25 pm »
I have put log entry in all firewall categories as first entry

Went back to client pc, verified gateway, subnet
client pc can ping gateway (zentyal server ip) fine, but not any internet ip
checked for firewall logs, its still empty :(
firewall module, log module is enabled
no tick in http proxy -> transparent proxy

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Gateway Only Mode - Internet through Gateway (without proxy)
« Reply #9 on: November 18, 2011, 08:52:48 pm »
Strange:  I have not run into this kind of issue myself.

Normally I just setup (eth0)-internal static    (eth1) - external    Make sure under network gateway I have the correct gateway provided by my ISP.  Have the correct DNS servers in my network DNS section.

Than I run DHCP module and create a range.  Make zentyal my gateway; DNS; (in my case also NTP and wins).

Make sure no proxy is set and port 80 and 443 are open in the firewall section + plus turn on logging.  My clients go directly out to the web.


Now for you is there anyway to run a port scan from the client and see if port 80 is open???

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Gateway Only Mode - Internet through Gateway (without proxy)
« Reply #10 on: November 18, 2011, 08:57:41 pm »
Also in logs.... I think you might have to configure the firewall log.  I don't think it is turned on by default.
(its the second tab on the screen on which all the different log results can be found) --- If I was home I would make a print screen.. sorry for the bad explanation on where to find things.