Bug #3086
Can't access Squid from blue network when proxy is configured in manual or authenticated mode
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-squid | |||
Target version: | v6.6 | |||
Security class: | Resolution: | |||
Affected version: | v6.5-final | NEEDINFO: | No |
Description
Steps to reproduce
- Configure a machine with a green, red and blue interface
- Install nethserver-squid
- Configure the proxy in manual or authenticated mode for the blue interface
- Clients inside blue network can't access the proxy
- Clients inside blue network can access the proxy and surf the web
The firewall blocks all traffic from blue interface to proxy port (3128).
Associated revisions
shorewall: allow proxy access from blue. Refs #3086
History
#1 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from NEW to TRIAGED
- Target version set to v6.6
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#3 Updated by Giacomo Sanchietti over 6 years ago
- Category set to nethserver-squid
#4 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#5 Updated by Giacomo Sanchietti over 6 years ago
- Description updated (diff)
#6 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
Package in nethserver-testing:
- nethserver-squid-1.3.1-1.4.gc6fe11b.ns6.noarch.rpm
- Check the bug is not reproducible
#7 Updated by Davide Marini over 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Bug fixed:
shorewall configuration with squid in manual mode (blue)
[root@nsrv ~]# diff -u rules /etc/shorewall/rules --- rules 2015-03-12 12:07:23.661159202 +0100 +++ /etc/shorewall/rules 2015-03-12 14:47:09.982874066 +0100 @@ -182,11 +182,17 @@ # # Block HTTP/HTTPS from blue to net # -?COMMENT Block HTTP/HTTPS ports +?COMMENT Proxy block HTTP/HTTPS ports REJECT blue net tcp 80,443 # # Block HTTP/HTTPS from loc to net # -?COMMENT Block HTTP/HTTPS ports +?COMMENT Proxy block HTTP/HTTPS ports REJECT loc net tcp 80,443 +# +# Allow Squid access from blue +# +?COMMENT Allow Squid access from blue +ACCEPT blue $FW tcp 3128 +
#8 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
Released in nethserver-base:
- nethserver-squid-1.3.2-1.ns6.noarch.rpm