Enhancement #3099
Web proxy: exclude local sites when mode is transparent
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-squid | |||
Target version: | v6.6 | |||
Resolution: | NEEDINFO: | No |
Description
If the proxy is configured in transparent mode, all sites are accessed using the proxy but this configuration doesn't have any sense for local sites.
Create a built-in firewall rules to avoid transparent proxy for sites hosted by the firewall itself and accessed from green and blue zones.
Associated revisions
Shorewall: bypass local sites. Refs #3099
dhclient: execute firewall-adjust on IP change. Refs #3099
History
#1 Updated by Giacomo Sanchietti over 6 years ago
- Description updated (diff)
#2 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from NEW to TRIAGED
- Target version set to v6.6
- % Done changed from 0 to 20
#3 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#4 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#5 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
Packages in nethserver-testing:
- nethserver-squid-1.3.2-1.2.g8eb5fbb.ns6.noarch.rpm
- nethserver-base-2.6.4-1.3.g60f7115.ns6.noarch.rpm
- Configure a system with a red interface in dhcp, a green interface and an orang interface
- Enable squid in transparent mode
- Try to access an HTTP page hosted inside the firewall itself
- Check the request is not logged inside
/var/log/squid/access.log
You can use following command to check Shorewall chains:
shorewall show nat
#6 Updated by Filippo Carletti over 6 years ago
- Assignee set to Filippo Carletti
#7 Updated by Filippo Carletti over 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
After updating packages, the nat rules are correct and trying to access a web page on the firewall I see the rules matching.
Also, squid access.log no longer contains references to the local websites.
#8 Updated by Giacomo Sanchietti over 6 years ago
- Assignee deleted (
Filippo Carletti)
#9 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
Released in nethserver-updates:
- nethserver-squid-1.3.3-1.ns6.noarch.rpm