Bug #3275

New zones can't browse the net through proxy

Added by Filippo Carletti over 2 years ago. Updated over 2 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-squid
Target version:v6.7-final
Security class:important Resolution:
Affected version:v6.6 NEEDINFO:No

Description

After network reconfiguration, squid should be reconfigured.
Details here:
http://community.nethserver.org/t/content-filter-default-policy-not-applying-to-new-zones/1657

signal-event interface-update doesn't expand squid.conf.

Associated revisions

Revision 4833fcba
Added by Giovanni Bezicheri over 2 years ago

Trigger nethserver-squid-update event on interface-update. Refs #3275

Revision 14732134
Added by Giovanni Bezicheri over 2 years ago

Expand squid.conf after interface update. Refs #3275

Revision 8125300a
Added by Giacomo Sanchietti over 2 years ago

Revert "Expand squid.conf after interface update. Refs #3275"

This reverts commit 147321342ec67d4f06774169aa11b17304266c9c.

Revision cea6c32f
Added by Giacomo Sanchietti over 2 years ago

Revert "Trigger nethserver-squid-update event on interface-update. Refs #3275"

This reverts commit 4833fcbac6ed86a9ce6cc6841379b410d4091363.

Revision 014d519e
Added by Giacomo Sanchietti over 2 years ago

interface-update event: reconfigure and restart squid. Refs #3275

Revision 7b6899b1
Added by Giacomo Sanchietti over 2 years ago

createlinks: squid restart moved to nethserver-squid package. Refs #3275

History

#1 Updated by Filippo Carletti over 2 years ago

  • Target version set to v6.7

#2 Updated by Giovanni Bezicheri over 2 years ago

  • Assignee set to Giovanni Bezicheri

#3 Updated by Giovanni Bezicheri over 2 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20
  • Security class set to important

#4 Updated by Giovanni Bezicheri over 2 years ago

  • Status changed from TRIAGED to ON_DEV
  • % Done changed from 20 to 30

#5 Updated by Giovanni Bezicheri over 2 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#6 Updated by Giovanni Bezicheri over 2 years ago

Filippo Carletti wrote:

After network reconfiguration, squid should be reconfigured.
Details here:
http://community.nethserver.org/t/content-filter-default-policy-not-applying-to-new-zones/1657

signal-event interface-update doesn't expand squid.conf.

I think it isn't enough because after expanding squid.conf you need to restart some services, so i think we need to execute a signal-event nethserver-squid-update in interface-update event's action.

#7 Updated by Giovanni Bezicheri over 2 years ago

Giovanni Bezicheri wrote:

Filippo Carletti wrote:

After network reconfiguration, squid should be reconfigured.
Details here:
http://community.nethserver.org/t/content-filter-default-policy-not-applying-to-new-zones/1657

signal-event interface-update doesn't expand squid.conf.

I think it isn't enough because after expanding squid.conf you need to restart some services, so i think we need to execute a signal-event nethserver-squid-update in interface-update event's action.

Forget what I just said! it's sufficient to expand squid.conf in interface-update.

#8 Updated by Giovanni Bezicheri over 2 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giovanni Bezicheri)
  • % Done changed from 60 to 70

Package in nethserver-testing:

nethserver-base-2.9.1-1.2.g1473213.ns6.noarch.rpm

Check the bug is not reproducible.

#9 Updated by Adam P over 2 years ago

  • Assignee set to Adam P

#10 Updated by Adam P over 2 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Adam P)
  • % Done changed from 70 to 90

System and Package Version installed
ESXi 5.1 - Nethserver 6.6 fully updated
Package Installed: nethserver-base-2.8.1-1.ns6.noarch.rpm
Other Packages installed: Basic firewall, DNS and DHCP server, web filter, web proxy

Test Original Problem
Setup a basic green + red network. Enabled web filter and proxy server. Added a second green interface and enabled DHCP. Bug confirmed, clients on second green interface receive proxy ‘access denied’ error when attempting to browse the external websites. Disabled proxy and reenabled as a work-around and was able to browse. Reinstalled NS to reproduce the error.

Install Updated Package
yum --enablerepo=nethserver-testing upgrade nethserver-base

Test Results after install
Test case 1:
Added 2nd green interface and configured DHCP
Ok on Ubuntu/Windows7 - both able to browse internet

Verified or Reopen
Verified

#11 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from VERIFIED to ON_QA
  • % Done changed from 90 to 70

#12 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from ON_QA to TRIAGED
  • % Done changed from 70 to 20

Sorry to put the issue back to TRIAGED after the verification, but the commit has been made in the wrong package.
The fix must be inside nethserver-squid package.

#13 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#14 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#15 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-squid-1.3.8-1.2.g014d519.ns6.noarch.rpm
Test case
  • Please make sure to have the latest stable release of nethserver-base
  • Check the bug is not producible

#16 Updated by Adam P over 2 years ago

  • Assignee set to Adam P

#17 Updated by Adam P over 2 years ago

  • Status changed from ON_QA to TRIAGED
  • % Done changed from 70 to 20

Error upon upgrading:
file /etc/e-smith/events/interface-update/services2adjust/squid from install of nethserver-squid-1.3.8-1.2.g014d519.ns6.noarch conflicts with file from package nethserver-squidguard-1.3.2-1.ns6.noarch

#18 Updated by Adam P over 2 years ago

  • Assignee deleted (Adam P)

#19 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

Squid reload must be moved inside the squid package.

#20 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#21 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Packages in nethserver-testing:
  • nethserver-squidguard-1.3.2-1.1.g7b6899b.ns6.noarch.rpm
  • nethserver-squid-1.3.8-1.2.g014d519.ns6.noarch.rpm

#22 Updated by Adam P over 2 years ago

  • Assignee set to Adam P

#23 Updated by Adam P over 2 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Adam P)
  • % Done changed from 70 to 90

System and Package Version installed
ESXi 5.1 - Nethserver 6.7 rc1 fully updated
Packages Installed:
nethserver-squid-1.3.8-1.2.g014d519.ns6.noarch.rpm
nethserver-squidguard-1.3.2-1.1.g7b6899b.ns6.noarch.rpm
Other Packages installed: Basic firewall, DNS and DHCP server, web filter, web proxy

Install Updated Package
yum --enablerepo=nethserver-testing upgrade nethserver-squid nethserver-squidguard

Test Results after install
Test case 1:
Added 2nd green interface and configured DHCP
Ok on Ubuntu/Windows7 - both able to browse internet

Verified or Reopen
Verified

#24 Updated by Giacomo Sanchietti over 2 years ago

Released in nethserver-base:
  • nethserver-squid-1.3.9-1.ns6.noarch.rpm
  • nethserver-squidguard-1.3.3-1.ns6.noarch.rpm

#25 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

#26 Updated by Filippo Carletti over 2 years ago

  • Subject changed from New zones can't browse the net thorugh proxy to New zones can't browse the net through proxy

#27 Updated by Giacomo Sanchietti over 2 years ago

  • Target version changed from v6.7 to v6.7-final

Also available in: Atom PDF