Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: Pfff on December 10, 2012, 02:03:11 pm

Title: Proxy And Firewall
Post by: Pfff on December 10, 2012, 02:03:11 pm

Hello

Since several day, it seems my transparent proxy didnot work...
When I desactivate and reactivate the modules, I have this message:

Code: [Select]

Changes saved

The process produced some warning messages:

Firewall failed to add rules for the following modules: squid. Probably this is caused by a lack of connectivity, check your configuration or disable those modules
Any ideas?

Title: Re: Proxy And Firewall
Post by: jvallecillo on January 23, 2013, 11:04:33 pm

I have the same issue.   :-\

Title: Re: Proxy And Firewall
Post by: jvallecillo on February 08, 2013, 07:29:22 pm

Hey Pfff  ;)
(http://imgs.xkcd.com/comics/wisdom_of_the_ancients.png)
http://xkcd.com/979/

Title: Re: Proxy And Firewall
Post by: Javier Amor Garcia on February 10, 2013, 01:47:53 pm

Normally is caused by.. lack of connectivity. Could you check that you have firewall rules using domain names?. They ccoudl be vulnerable to lack of DNS resolution.

If not, I suggest you to enable debug mode ( http://trac.zentyal.org/wiki/Documentation/EnableDebugMode ) and retry. In the zentyal.log the iptables commands will be show so you could check what one is causing trouble

Title: Re: Proxy And Firewall
Post by: jvallecillo on February 13, 2013, 02:14:27 am

Quote from: Javier Amor Garcia on February 10, 2013, 01:47:53 pm

They ccoudl be vulnerable to lack of DNS resolution.

I do not understand why does lack of DNS resolution is related with the firewall not adding rules for squid.
Squid is running and listening on default port (3128) but iptables is not sending http requests to the proxy port.

Quote from: Javier Amor Garcia on February 10, 2013, 01:47:53 pm

Could you check that you have firewall rules using domain names?

By firewall rules using domain names you mean rules using DNS service ports? Could you be more specific?

Thank you for your answer

Title: Re: Proxy And Firewall
Post by: Javier Amor Garcia on February 13, 2013, 08:14:52 am

Hello,

I mean that the source or destination are set to a domain name. But it seems is not your case, so forget it.

Before enabling debug mode there is other quick test you can do. Run this commands:

Code: [Select]

sudo squid -k parse /etc/squid4/squid.conf
sudo squid -k parse /etc/squid3/squid-external.conf

If they found some error, paste it there. If not, you can then try the debug mode.

Title: Re: Proxy And Firewall
Post by: jvallecillo on February 13, 2013, 08:06:29 pm

Thanks for your help.
I enabled the debug mode and found the iptables rule that failed logged in /var/log/zentyal/zentyal.log:

Code: [Select]

Error output: iptables v1.4.12: host/network `fulanito.fulano' not found
 Try `iptables -h' or 'iptables --help' for more information.This domain was in the Transparent Proxy Exemptions but I did'nt added the A record for it in the DNS Service.
I wasn't finding any relationship between bind-iptables-squid but now it makes sense.

Thank you so much Javier  :D

Title: Re: Proxy And Firewall
Post by: Javier Amor Garcia on February 14, 2013, 08:39:22 am

I am glad that you solved the problem

Title: Re: Proxy And Firewall
Post by: christian on February 14, 2013, 09:25:41 am

@jvallecillo: may I kindly ask you to edit your first post's title and stamp it as [SOVLED] ?