- This topic is empty.
August 29, 2012 at 2:19 am #43433
Hi, I’m working with a situation where I have a transparent proxy implemented with zeroshell.
I need to be able to access a specific external web-host at port 8080. Having the transparent proxy enabled seems to interfere with being able to access external web-hosts at port 8080. Whether or not the capture rule is blank, capture, or not capture, I cannot access a web host at port 8080.
What is the best work around for this situation?
I only need one node, lets say, 10.0.0.1 to be able to access this specific web-host (lets say: 126.96.36.199) at port 8080. The proxy can be completely bypassed for this node (10.0.0.1) if that makes it easier.
Is there an iptables nat rule that I can put into the startup scripts as a work around?
The primary idea that I originally had was to change the proxy server port from 8080 to 8081. I managed to find one file havp.config (I think) where I could change a port, but It still didn’t work… there was still some kind of iptables redirect at port 8080… I have a feeling that there is at least one other factor relating to changing the transparent proxy port because when there are no capture rules the 8080 redirect in iptables is not there, but it still doesn’t work.
If your solution requires changing configuration files outside of the DB, another question I have would be how to patch the config files on startup (but I can research that separately)
Thanks so much for your help!August 30, 2012 at 1:45 pm #52444
What release of Zeoshell are you using?August 30, 2012 at 8:20 pm #52445
I believe it is 1 beta 12 or 13August 30, 2012 at 8:29 pm #52446
Please upgrade to the 2.0.RC1 on which the proxy does not use the port 8080 tcp.
FulvioAugust 31, 2012 at 12:33 am #52447
Hi, I should have mentioned this earlier. I’m primarily using the zeroshell combined with the dansguardian plugin for internet content filtering. Therefore, I cannot upgrade to the latest version of zeroshell at this time. Do you know of any other options for this situation?August 31, 2012 at 4:23 am #52448
Upgrade to the 1.0.beta16 that has the DG package available.
- You must be logged in to reply to this topic.