I am new to NethServer and would appreciate your advice and assistance.
I have installed NethServer with the following applications: Antivirus, Firewall, Web Proxy & Filter, and Web Server.
The server is functioning as a router, and all traffic is passing through as expected. However, I am unable to manage or control the traffic effectively. For example, I cannot block specific websites or filter content as needed.
Could you please guide me on how to properly configure traffic management and content filtering?
It seems you are trying to use nethserver 7 which is out of date. For anything new you should start with ns8 (no router capabilities) and nethsec (prividing the networking stuff) if you like nethserver/nethesis brand.
Transparent proxy?
Are the clients connecting through the proxy?
Example of what you are trying to filter/block and if logs say something about it?
IIRC webproxy filter can block domains but it’s not set to analyze url requests…
There are protocols and other things that can be blocked through IPS module.
EDIT:
The proxy can be enabled only on green and blue zones. Supported modes are:
Manual: all clients must be configured manually
Authenticated users must enter a user name and password in order to navigate
Transparent: all clients are automatically forced to use the proxy for HTTP connections
Transparent SSL: all clients are automatically forced to use the proxy for HTTP and HTTPS connections
The proxy is always listening on port 3128. When using manual or authenticated modes, all clients must be explicitly configured to use the proxy.
clients can be
automatically configured using WPAD protocol. In this case it is useful to enable Block HTTP and HTTPS ports option to avoid proxy bypass.
If the proxy is installed in transparent mode, all web traffic coming from clients is diverted through the proxy. No configuration is required on individual clients.
In transparent SSL mode, the proxy implements the so-called “peek and splice” behavior: it establishes the SSL connection with remote sites and checks the validity of certificates without decrypting the traffic.
When I set the Mode Green Zone to “Transparent SSL,” I am able to see all the traffic in the access.log. However, I want to allow only domain computers to have internet access, so I have done the following:
Joined the proxy server to the domain.
Added all domain accounts as authenticated on the proxy server.
Changed Mode Green Zone from “Transparent SSL” to “Authenticated.”
Modified the krb5.conf settings to enable Kerberos authentication.
After performing these changes, when I trace a website, I can see that the traffic is passing through the proxy server. However, I am unable to see this traffic in the access.log, and I cannot manage any of this traffic.
Sorry, don’t exactly know.
So no signs of being working nor clues neither on access.log, cache.log nor any blocking on ufdguard logs, or anything else on /var/log/messages?
Are Windows clients accessing the proxy server using the FQDN?
When switching to authenticated mode, nothing appears in the log files mentioned above. I believe there is a missing configuration. Is there any guide or instruction available for setting up this scenario?