Author Topic: Gateway throuth Transparent Proxy  (Read 2371 times)

tberaia

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Gateway throuth Transparent Proxy
« on: January 27, 2012, 01:40:19 pm »
HI!
I want to make Gateway from Zentyal with Nat, but to make all traffic throuth Proxy, with QoS and web filter like on picture.

can anyone help me ?

vshaulsk

  • Zen Samurai
  • ****
  • Posts: 477
  • Karma: +9/-1
    • View Profile
Re: Gateway throuth Transparent Proxy
« Reply #1 on: January 27, 2012, 02:38:18 pm »
Zentyal can do all that with just its standard setup.

All you need is two have a minimum of two interfaces.  One for internal and one for external.

Once you install zentyal you can select the proxy and traffic shaping modules.

Under the proxy module you can (click) on the transparent proxy mode..... this will pick up any traffic coming in on port 80.
Also under the proxy module you can define some traffic shaping features and filter features. (look at the documentation for screen shots and some more detail).  Also you will see a traffic shaping module in which you can define rules based on interface.... this one works by shaping traffic leaving zentyal.  So if you are trying to to shape lets say P2P traffic you would define a rule on the internal interface to limit traffic coming from the internet to internal clients (downloading) and you would also define a rule on the external interface which would limit your lan clients upload capability of P2P traffic.

Zentyal makes what you want to do very easy for the most part.  To look at traffic you can install the bandwidth monitor if you want to look at bandwidth usage by IP.... also you would use the logs section to look at proxy logs which would tell you your traffic by IP (you can even make zentyal notify you of different things based on events ..... certain IP got denied access through proxy).

The one thing to watch out for is that transparent proxy can't filter or proxy HTTPS connections.  If you want proxy on both HTTPS and HTTP you will need to use port based proxy..... but than you will need to make sure all your clients web browsers are configured correctly.  This can be done manually or by introducing a proxy.pac/wpad.dat.  The second way is an automatic proxy discovery mechanism.  If you search of it on this form you will find some discussion about it... plus a member christian created a pretty good document describing how to implement it.  The proxy auto discovery method would automatically set your client browsers to point at the correct proxy port.... this would allow you to proxy both HTTS and HTTPS traffic + if you want it can authenticate by user.

If you need more details or have some  more questions ...... I will try to help if I can.  I spent some time setting up my system and had to learn from the ground up.