Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: Pfff on December 10, 2012, 02:03:11 pm
-
Hello
Since several day, it seems my transparent proxy didnot work...
When I desactivate and reactivate the modules, I have this message:
Changes saved
The process produced some warning messages:
Firewall failed to add rules for the following modules: squid. Probably this is caused by a lack of connectivity, check your configuration or disable those modules
Any ideas?
-
I have the same issue. :-\
-
Hey Pfff ;)
(http://imgs.xkcd.com/comics/wisdom_of_the_ancients.png)
http://xkcd.com/979/
-
Normally is caused by.. lack of connectivity. Could you check that you have firewall rules using domain names?. They ccoudl be vulnerable to lack of DNS resolution.
If not, I suggest you to enable debug mode ( http://trac.zentyal.org/wiki/Documentation/EnableDebugMode ) and retry. In the zentyal.log the iptables commands will be show so you could check what one is causing trouble
-
They ccoudl be vulnerable to lack of DNS resolution.
I do not understand why does lack of DNS resolution is related with the firewall not adding rules for squid.
Squid is running and listening on default port (3128) but iptables is not sending http requests to the proxy port.
Could you check that you have firewall rules using domain names?
By firewall rules using domain names you mean rules using DNS service ports? Could you be more specific?
Thank you for your answer
-
Hello,
I mean that the source or destination are set to a domain name. But it seems is not your case, so forget it.
Before enabling debug mode there is other quick test you can do. Run this commands:
sudo squid -k parse /etc/squid4/squid.conf
sudo squid -k parse /etc/squid3/squid-external.conf
If they found some error, paste it there. If not, you can then try the debug mode.
-
Thanks for your help.
I enabled the debug mode and found the iptables rule that failed logged in /var/log/zentyal/zentyal.log:
Error output: iptables v1.4.12: host/network `fulanito.fulano' not found
Try `iptables -h' or 'iptables --help' for more information.
This domain was in the Transparent Proxy Exemptions but I did'nt added the A record for it in the DNS Service.
I wasn't finding any relationship between bind-iptables-squid but now it makes sense.
Thank you so much Javier :D
-
I am glad that you solved the problem
-
@jvallecillo: may I kindly ask you to edit your first post's title and stamp it as [SOVLED] ?