Using the built-in proxy as a "normal" proxy

Home Page Forums Network Management ZeroShell Using the built-in proxy as a "normal" proxy

This topic contains 4 replies, has 0 voices, and was last updated by  ptaylor 10 years, 9 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #41131

    ptaylor
    Member

    I run ZeroShell primarily for the Radius server so I can have a secure wireless network. Just last night, I updated from a very old beta to beta 10 and I’m interested in using the built-in proxy and its virus scanning feature.

    But, in my environment, ZeroShell is just another machine on the network, not the gateway itself. Is there any way to configure my clients to communicate directly to the proxy server? Currently, I have another machine with Squid, so I’m simply pointing the clients to the squid IP, port 3128. When I tried the same thing against port 8080 on Zeroshell, I get an HAVP error page “The request is unknown: Invalid request”.

    I’ve tried it both with an without capture rules in place, but get the same result. Is there something else to do to get HAVP to let me point directly to it?

    Thanks,
    Paul

    #46754

    imported_fulvio
    Participant

    Hi Paul,

    try to comment the line

    TRANSPARENT true

    in the file

    /root/kerbynet.cgi/template/havp.config

    and the restart the proxy service.

    Regards
    Fulvio

    #46755

    ptaylor
    Member

    Thanks! That worked great.

    Are you planning to include a WebGUI switch for this in future versions? Generally, I expect most people would rather have the transparent feature enabled, but maybe there are enough oddballs like me out there that this would be a decent feature to include.

    As it is, I expect this to stop working the next time I reboot ZeroShell, correct? (I’m running the VMware edition of beta 10)

    Thanks,
    Paul

    #46756

    imported_fulvio
    Participant

    To make permanent the change you have to:

    – copy your modified version of the file with
    cp /root/kerbynet.cgi/template/havp.config /Database

    – In the section [Setup][Startup] add the following line to the [Pre Boot] script:
    cp /Database/havp.config /root/kerbynet.cgi/template

    – Enable Pre Boot script by clicking on the [Enabled] flag.

    I don’t like a network in which the users must change their browser configuration to use the proxy with the antivirus. I prefer the transparent mode in which any http request is automatically redirected to the proxy and the result scanned by ClamAV.

    Regards
    Fulvio

    #46757

    ptaylor
    Member

    Thanks for the tip on how to make this change more permanent in my installation.

    I agree with the idea of a transparent proxy, in theory. In practice, however, it hasn’t worked out that well for me. There were a few problems when I tried to use a transparent proxy back a year or so ago (with Squid running under pfSense). The only one that I can specifically recall is that iTunes sporadically had trouble with downloads of paid content. I could disable the transparent proxy and iTunes would immediately start working after having failed for hours before.

    #46758

    imported_fulvio
    Participant

    If you use a proxy (transparent or not) all requests reach the web servers with the IP of the proxy. This can be a problem with some servers (probably iTunes is one of them) because if two users of your LAN make requests in the same time slot the server thinks it is a duplicate. For this reason Zeroshell has two type of capturing rules:

    – “Capture” with which it is possible to define interfaces, clients and servers to be redirected to the proxy;

    – “Do not capure” with which you can exclude the redirection and the http requests are directly forwarded.

    You should just exclude the IP subnets of iTunes.

    Regards
    Fulvio

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.