Bug #2111

Proxy: web traffic is blocked when Squid is disabled and configured in transparent mode

Added by Giacomo Sanchietti almost 8 years ago. Updated almost 8 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-squid
Target version:v6.4-beta2
Security class: Resolution:
Affected version:v6.4-beta1 NEEDINFO:No

Description

When Squid status is disabled and Mode is set to transparent or transparent_ssl, LAN clients can't access the web: all HTTP traffic is redirect to Squid which is not running.

Expected behavior: all clients can directly access HTTP and HTTPS pages.


Related issues

Related to NethServer 6 - Enhancement #2072: Squid: add bypass rules for trasparent proxy CLOSED

Associated revisions

Revision 3347bf2a
Added by Giacomo Sanchietti almost 8 years ago

firewall templates: enable Squid rules only is status is enabled. Refs #2111

Revision bf99ef2d
Added by Giacomo Sanchietti almost 8 years ago

/etc/shorewall/rules template: open ports 80 and 443 if Squid mode is transparent(_ssl). Otherwise no http traffic is possible. Refs #2111

History

#1 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20
Fragments to update:
  • /etc/e-smith/templates/etc/shorewall/interfaces/20squid
  • /etc/e-smith/templates/etc/shorewall/providers/20squid
  • /etc/e-smith/templates/etc/shorewall/rules/35squid
  • /etc/e-smith/templates/etc/shorewall/tcrules/20squid

#2 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#4 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
New package in nethserver-testing:
  • nethserver-squid-1.0.3-5.0gitbf99ef2d.ns6.noarch.rpm
Test case
  • Enable transparent proxy, check clients can reach web sites via Squid (see /var/log/squid/access.log)
  • Disable proxy, clients must now directly reach HTTP pages

#5 Updated by Davide Principi almost 8 years ago

  • Affected version changed from v6.4-beta2 to v6.4-beta1

#6 Updated by Davide Principi almost 8 years ago

  • Assignee set to Davide Principi

#7 Updated by Davide Principi almost 8 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

  # rpm -qa | grep ^neth | sort
nethserver-base-1.4.1-12.0gitce7f7f4e.ns6.noarch
nethserver-firewall-base-1.0.5-1.ns6.noarch
nethserver-grub-1.0.1-1.ns6.noarch
nethserver-httpd-admin-1.0.5-2.0git1ca852bd.ns6.noarch
nethserver-lib-1.3.1-1.0git2f4e0795.ns6.noarch
nethserver-nethgui-1.2.3-12.0git5b9e9170.ns6.noarch
nethserver-ntp-1.0.4-1.ns6.noarch
nethserver-openssh-1.0.2-3.0git38f86fc0.ns6.noarch
nethserver-php-1.1.0-1.ns6.noarch
nethserver-release-6.4-3.0gite4f69d31.ns6.noarch
nethserver-shorewall-1.0.1-3.0git29edddbd.ns6.noarch
nethserver-smartd-1.0.0-1.ns6.noarch
nethserver-squid-1.0.3-5.0gitbf99ef2d.ns6.noarch
nethserver-yum-1.1.1-1.ns6.noarch

#8 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
In nethserver-updates:
  • nethserver-squid-1.0.4-1.ns6.noarch.rpm

Also available in: Atom PDF