July 4, 2010 at 1:19 am #49586
Today i’ve tryed the same configuration (2 bridged + 1 for administration), and I had the same problem.
After some attempts, i’ve figured out the problem and managed it to work.
The proxy, once intercepted the http connection, need to connect itseft to internet, so the bridged connection need an ip that could connect to internet!
Probably i’m wrong but, it seem that HAVP in transparent proxy mode doesn’t manage the http connection as expected, opening a new connection to internet to retrive the data requested by the client to analize the incoming stream with clamav, instead to analize the incoming and outgoing stream to drop the “bad” one on the fly.January 20, 2011 at 5:33 pm #49587
Sorry to dredge up an old topic, but I’ve been searching for a solution to this and this is the only forum thread I’ve found relating to the problem.
I’m in the same situation as the others posting this problem; I have 2 NICs Bridged and want to capture and scan HTTP traffic with the transparent proxy.
I have followed the instructions at http://www.zeroshell.net/eng/qos/ to setup the Bridge and QoS.
I have also followed the instructions at http://www.zeroshell.net/eng/proxy-antivirus/ to setup the Transparent Proxy.
When the proxy is active with capture rules on the internal NIC all HTTP traffic stops.
I noticed this at the bottom of the Transparent Proxy instructions.
There are basically be two reasons why the proxy might not work correctly. First of all, it is necessary to ensure whether the Zeroshell box is configured as a router or a bridge, and also that traffic to and from Internet actually goes through it. Secondly, you must be certain of the correct configuration of the [HTTP Capturing Rules], which determine which http requests are actually redirected towards the proxy process (havp listens on 127.0.0.1:8080). In particular, if http request capture is imposed on a network interface that is part of a bridge, you must be sure that at least one IP address has been defined on the latter.
I bolded the last line because it sort of describes how to fix this problem. However, I think this is a case of the instructions getting lost in translation. I’m usually pretty good at deciphering a bad translation but this has me stumped. Can someone provide some better details on what changes need to be made to make this work?
Edit: Solved. Apparently the Bridge needs 2 IP addresses assigned to it for the HTTP proxy to work. Unfortunately I still can’t use the HTTP proxy because it is blocking (even after I made exception rules) a WebDAV site I use for an important file transfer process. Just thought I would update this post with the solution.
You must be logged in to reply to this topic.