Author Topic: gateway proxy is not being used by zentyal 2.2 system functions  (Read 2277 times)

Remon

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +4/-0
  • Luctor et emergo
    • View Profile
gateway proxy is not being used by zentyal 2.2 system functions
« on: December 10, 2011, 11:39:44 am »
Could anybody elaborate how the gateway proxy is supposed to work, or point me to the error in my setup or expectations?

-I have a normal WAN gateway by DHCP, gateway = 10.20.0.1
-With this all setup I can surf the web from my zentyal server and get software updates with apt-get and the software maintenance
-I have setup a http proxy on the WAN side of my network network  on 10.20.0.33  port 8080  , so its positioned in the DMZ.
-Proxy test was OK: If i hard set in firefox on the server the proxy manual I see traffic on my proxy so its operational and reachable from the zentyal box

I now define this proxy in the Gateway section and Save

-> The proxy settings in FF on the box are set to normal again and I can goto internet BUT this is not via the proxy I see
-> I can nolonger get software updates with apt-get and the software maintenance, Access is denied
-> I so totally no attempt to address the external proxy in the proxy logs (high verbose and connection logging on).

I tried as http proxy and as socks4/5 proxy but as the system does not seem to try to open an connection is has no effect.

I checked the EXPORT settings, and as should, the proxy is listed there.
declare -x http_proxy="http://user:user@10.20.0.33:8080/"
« Last Edit: December 10, 2011, 01:57:53 pm by Remon »

Remon

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +4/-0
  • Luctor et emergo
    • View Profile
Re: gateway proxy is not being used by zentyal 2.2 system functions
« Reply #1 on: December 10, 2011, 02:28:17 pm »
Ok, proxy base issue solved.  ::) :o
The proxy was not expecting a user/pass. Removing it allowed usage by the update mechanism and apt-get .

-Browsing from the zentyal box was not done automatic via the proxy although in FF the 'use system proxy' was set.

-I noticed that Zentyal HTTP Proxy does not work anymore when you define a gateway proxy.
clients using the zentyal http-proxy cannot connect anymore to any sites.

The alert events list an error hen as well:
The HTTP proxy was not able to browse www.google.com: 500 Can't connect to localhost:3128 (connect: Connection refused) (repeated 82 times

Is this an sort of internal keep alive? i could not find it configured anywhere.

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: gateway proxy is not being used by zentyal 2.2 system functions
« Reply #2 on: December 10, 2011, 02:31:16 pm »
Does your proxy use Zentyal as the gateway? Does Zentyal have the HTTP proxy module installed, enabled and in transparent mode?

This feature does three things:

1.- enable proxy configuration for APT
2.- enable system wide proxy configuration (needs reboot to be fully applied) as it configures a system wide environment variable and all services need a restart to get this configuration
3.- makes local HTTP proxy use this defined proxy as a parent server

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: gateway proxy is not being used by zentyal 2.2 system functions
« Reply #3 on: December 10, 2011, 02:32:22 pm »
This error probably comes from the HTTP proxy event, configured with your Zentyal Cloud subscription, that check proxy is properly working every few minutes.

Remon

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +4/-0
  • Luctor et emergo
    • View Profile
Re: gateway proxy is not being used by zentyal 2.2 system functions
« Reply #4 on: December 10, 2011, 04:21:21 pm »
> Does your proxy use Zentyal as the gateway?
No, the proxy in the "DMZ" (my WAN network) uses a normal other gateway (the central adsl router) that also is the default gw for zentyal by DHCP on the eth0 WAN interface.

>Does Zentyal have the HTTP proxy module installed, enabled and in transparent mode?
Yes, and without the gateway proxy set in Zentyal I have an operational transparent proxy with filtering for my zentyal LAN internal network PCs

>This feature does three things:
>1.- enable proxy configuration for APT
>2.- enable system wide proxy configuration (needs reboot to be fully applied) as it configures a system wide environment variable and all services need a restart to get this configuration
>3.- makes local HTTP proxy use this defined proxy as a parent server

I rebooted as I thought this was the issue then, but the clients on the Internal zentyal network still cannot then use the zentyal proxy anymore. there is no response.

In the /var/log/zentyal/zentyal.log I find the error that is mostly the same issue that the clients seem to effect:

Quote
INFO> Log.pm:118 EBox::Event::Dispatcher::Log::send - $VAR1 = bless( {
                 'source' => 'HTTP proxy client',
                 'compMessage' => 'proxy_www.google.com_500',
                 'level' => 'warn',
                 'dispatchers' => [
                                    'any'
                                  ],
                 'timestamp' => 1323530331,
                 'message' => 'The HTTP proxy was not able to browse www.google.com: 500 Can\'t connect to localhost:3128 (connect: Connection refused)'
               }, 'EBox::Event' );


I checked the running Services, and HTTPProxy is not running->> Restarting manually does not help.

Quote
2011/12/10 18:39:07 INFO> Service.pm:716 EBox::Module::Service::restartService - Restarting service for module: squid
2011/12/10 18:39:08 INFO> Base.pm:1056 EBox::Module::Base::__ANON__ - Using custom template for /etc/dansguardian/languages/ukenglish/template.html: /etc/zentyal/stubs/squid/template.html.mas


In syslog I find:
Quote
Dec 10 18:44:09 zentyal squid[21578]: Bungled squid.conf line 43: never_direct allow all
Dec 10 18:44:09 zentyal init: squid main process (21578) terminated with status 1

So I checked the squid.conf. And as the syslog indicates it fails on the line after the inserted HTTPProxy item.

Quote

cache_peer 10.20.0.33 parent 8080 0 no-query no-digest
never_direct allow all


# <EBOX> TAG_ACL #
auth_param basic realm Zentyal HTTP proxy
« Last Edit: December 10, 2011, 07:07:36 pm by Remon »

Remon

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +4/-0
  • Luctor et emergo
    • View Profile
Re: gateway proxy is not being used by zentyal 2.2 system functions
« Reply #5 on: December 10, 2011, 07:26:15 pm »
A 3 piece :) but with an ending!

I found the issue. Its hinted on this topic: http://web.archiveorange.com/archive/v/ieAjrGQtxWSVZZTQT6ov
Quote
Order is critical to some things in the squid config file.
The wiki bit most relevant is here:
   http://wiki.squid-cache.org/SquidFaq/OrderIsImportant

In short, there are lines in your squid.conf which start "acl ". The
never_direct line MUST be somewhere underneath at very least the one
starting with "acl all src ".

I moved the line "never_direct allow all" down to the bottom under all 'acl' entries, then started directly on /etc/init.d/squid start.
The Zentyal interface creates this config normally, thus when I start or save in Zentyal the httpproxy is broken again.



------------
>> For anybody finding this thread: The issue was resolved with the 2.2.2 release of zentyal-squid package.

« Last Edit: December 15, 2011, 10:00:52 pm by Remon »