Enhancement #3323

Add CIDR subnets and ip ranges as hosts without proxy in Proxy

Added by Giovanni Bezicheri over 2 years ago. Updated over 2 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-squid
Target version:v6.7
Resolution: NEEDINFO:No

Description

It would be very useful to exclude an entire CIDR subnet and ip ranges using the feature "hosts without proxy". Actually this is possible only for hosts and host groups.


Related issues

Related to NethServer 6 - Enhancement #3226: Entire Subnet and Ip Ranges Exclusion in Proxy CLOSED

Associated revisions

Revision d6422156
Added by Giovanni Bezicheri over 2 years ago

Add CIDR subnets and ip ranges as hosts without proxy in Proxy. Refs #3323

Revision 9fd4c84d
Added by Giacomo Sanchietti over 2 years ago

shorewall rules: skip non-exiting host addresses. Refs #3323

Revision 7e8d5586
Added by Giacomo Sanchietti over 2 years ago

Web UI: remove ip ranges from destination bypass. Refs #3323

Shorewall doesn't allow the ip range inside the ORIGINAL field.

History

#1 Updated by Giovanni Bezicheri over 2 years ago

  • Subject changed from Add CIDR subnets as hosts without proxy in Proxy to Add CIDR subnets and ip ranges as hosts without proxy in Proxy
  • Description updated (diff)

#2 Updated by Giovanni Bezicheri over 2 years ago

  • Category set to nethserver-squid
  • Status changed from NEW to TRIAGED
  • Assignee set to Giovanni Bezicheri
  • Target version set to v6.7
  • % Done changed from 0 to 20

#3 Updated by Giovanni Bezicheri over 2 years ago

  • Status changed from TRIAGED to ON_DEV
  • % Done changed from 20 to 30

#4 Updated by Giovanni Bezicheri over 2 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#5 Updated by Giovanni Bezicheri over 2 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giovanni Bezicheri)
  • % Done changed from 60 to 70

Test Package: nethserver-squid-1.3.10-1.4.g5f43ccf.ns6.noarch.rpm in nethserver-testing.

Test Case:
  1. Add a subnet and and ip range in "Hosts without proxy".
  2. Try to make traffic from a host in the subnet or ip range you specify above and * ASSERT * that traffic is not filtered by proxy.

#6 Updated by Giacomo Sanchietti over 2 years ago

  • Assignee set to Giacomo Sanchietti

#7 Updated by Giacomo Sanchietti over 2 years ago

#8 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from ON_QA to TRIAGED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 20

System and Package Version installed
Package Installed: nethserver-squid-1.3.10-1.4.g5f43ccf.ns6.noarch

Test Results after update
  • Created an ip-range and a cidr:
    ipr1=iprange
        Description=
        End=192.168.5.23
        Start=192.168.5.22
    cidr1=cidr
        Address=192.168.2.0/24
        Description=
    
  • Used both inside a source bypass:
    bcidr1=bypass-src
        Description=
        Host=cidr;cidr1
        status=enabled
    bipr1=bypass-src
        Description=
        Host=iprange;ipr1
        status=enabled
    
  • Rule is correctly created: OK
    REDIRECT loc:!192.168.1.22,192.168.5.3,192.168.2.0/24,192.168.1.22,192.168.5.22-192.168.5.23 3129 tcp 80 - !192.168.5.246
  • Use the same cidr inside a destination bypass: OK
  • Use the same ip range inside a destination bypass: FAILED
    Shorewall error:
    ERROR: Unknown Host (192.168.5.22-192.168.5.23) /etc/shorewall/rules (line 125)
    

Verified Or Reopen
Reopen

Note
This feature is also affected by this bug: #3324

#9 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#10 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#11 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
In nethserver-testing:
  • nethserver-squid-1.3.10-1.6.g7e8d558.ns6.noarch.rpm
Test case
  • Create an ip range
  • Open the "Sites without proxy page" and create a new destination bypass
  • No ip range should be listed inside the "Destination" field

#12 Updated by Giovanni Bezicheri over 2 years ago

  • Assignee set to Giovanni Bezicheri

#13 Updated by Giovanni Bezicheri over 2 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giovanni Bezicheri)
  • % Done changed from 70 to 90

#14 Updated by Giacomo Sanchietti over 2 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-squid-1.3.11-1.ns6.noarch.rpm

Also available in: Atom PDF