Squid reporter fails on vanilla v7

“Configuration” -> "Network"
Edit the green

That network configuration is correct, though. The 10.10.10.0 network is a 24 bit network, with proper routing in place. If I change the subnet on the interface, then the proxy could try to send packets to a ‘local’ network, despite the requirement to send to the gateway. This is a basic ethernet configuration tenet.

IIUC, the web UI does not allow to add a trusted network which is a supernet of the configured green.
It returns the error “Network already in use”.
I doubt that this behavior is correct. What do you think @dev_team?

1 Like

This is by design:

@SpiceDenver you probably need a template-custom or a manual setprop on the db.

Can you provide a reference on those steps? Also, this is a little ridiculous. The ability to add a 16 bit subnet that includes the 24 bit home network as a trusted location is a feature in all networking kit that I’ve ever encountered, and that includes Checkpoint firewalls from 1997. No one wants to add 30-40 (or more) 16 bit networks one by one. That’s why we have routers with EIGRP/OSPF.

Please don’t be so harsh, you’re the first one who encountered such limitation :slight_smile:
The UI is designed for not experienced administrators and probably the validator is too strict, but we added it to avoid common errors we faced with our users.

Try with these commands:

db networks set 10.10.10.0 network Mask 255.255.255.0 Description "my network"  
signal-event trusted-networks-modify

Of course, substitute the network address and mask accordingly to your needs.

1 Like

I think that the supernet use case is valid, I would relax or remove the validator.
Also, we could probably remove the whole trusted networks panel and underlying code.

I’m the first one to report the limitation.

Thank you for the db update command. Everything is working as expected, and the trusted networks panel actually shows the update. This will make management happy.

2 Likes