Bug #3086

Can't access Squid from blue network when proxy is configured in manual or authenticated mode

Added by Giacomo Sanchietti over 6 years ago. Updated over 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-squid
Target version:v6.6
Security class: Resolution:
Affected version:v6.5-final NEEDINFO:No

Description

Steps to reproduce
  • Configure a machine with a green, red and blue interface
  • Install nethserver-squid
  • Configure the proxy in manual or authenticated mode for the blue interface
  • Clients inside blue network can't access the proxy
Expected behavior
  • Clients inside blue network can access the proxy and surf the web

The firewall blocks all traffic from blue interface to proxy port (3128).

Associated revisions

Revision c6fe11b9
Added by Giacomo Sanchietti over 6 years ago

shorewall: allow proxy access from blue. Refs #3086

History

#1 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.6
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti over 6 years ago

  • Category set to nethserver-squid

#4 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#5 Updated by Giacomo Sanchietti over 6 years ago

  • Description updated (diff)

#6 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-squid-1.3.1-1.4.gc6fe11b.ns6.noarch.rpm
Test case
  • Check the bug is not reproducible

#7 Updated by Davide Marini over 6 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

Bug fixed:

shorewall configuration with squid in manual mode (blue)

[root@nsrv ~]# diff -u rules /etc/shorewall/rules
--- rules    2015-03-12 12:07:23.661159202 +0100
+++ /etc/shorewall/rules    2015-03-12 14:47:09.982874066 +0100
@@ -182,11 +182,17 @@
 #
 # Block HTTP/HTTPS from blue to net
 #
-?COMMENT Block HTTP/HTTPS ports
+?COMMENT Proxy block HTTP/HTTPS ports
 REJECT blue        net    tcp    80,443
 #
 # Block HTTP/HTTPS from loc to net
 #
-?COMMENT Block HTTP/HTTPS ports
+?COMMENT Proxy block HTTP/HTTPS ports
 REJECT loc        net    tcp    80,443

+#
+# Allow Squid access from blue
+#
+?COMMENT Allow Squid access from blue
+ACCEPT    blue    $FW    tcp    3128
+

#8 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-base:
  • nethserver-squid-1.3.2-1.ns6.noarch.rpm

Also available in: Atom PDF