Tell me please !!! Configured 3 profiles, access - admin, access - denied and access allowed according to limited criteria !!! Question: how to resolve local hosts? For example, if different servers are used !!! I say everyone who is AD
[image]
Hi
It’s a bit difficult to answer your question, as the uploaded image does not appear (You may need to re-edit your post and upload the image again…).
To resolve local hosts you need an internal DNS Server, like your NethServer has built-in.
Note: local, internal DNS names (fqdn) do not have to match external DNS.
But any external DNS in the same namespace must be resolveable…
Example:
Your domain is domain.com.
Your Nethserver has a fqdn of nethserver.domain.com (This must be in DNS!)
Your AD will have a fqdn of ad.domain.com (This must be in DNS!)
Do not forget to add in external stuff like an external hosted website, www.domain.com into your internal DNS.
Best is to have 2-3 internal DNS servers / site (All contain the same info!). but this will all also work with using only one server…
This information can be distributed to your clients with DHCP. Best would be to use DHCP on your NethServer, and fill in the details like Gateway, DNS, Domainname in the DHCP settings…
My 2 cents
Andy
it is, I have 2 DNS internal. It’s just that there is more than one service and they need access to them via a local network !!!
configured like this for full access
but it comes out
Hi
Better! But my cyrillic is VERY poor…
For questions on this forum, it helps to use english, and also to post english screenshots.
You can change the language on top right of Cockpit (Port 9090) - took me a long time to find that there… 
My 2 cents
Andy
Or tell me where you can specify the IP or sites that squid should bypass ???
Have a look at Proxy, there you can define firewall objects or domains to bypass.
You can choose a source or a destination.
now I have authorization and I need to use it, and you mean to set up the source and destination? It’s a little unclear how to do this …
No, these are to independent things.
- You can setup a destination, what is reachable from your clients without using the proxy
- You can setup a source (address of one of your clients) which always bypass the proxy.
That is, I indicate in the source the address of the server to which you need access without a proxy and that’s it? But for example I have a virtual server to which I can access by IP 192.168.11.11:8008, how can I specify it correctly?
Perhaps @Andy_Wismer has an idea.
Hi
Call heard…
Try this:
Safe Ports
These Ports are for SSL enabled devices / ports… AFAIK, they also enable without ssl…
Add them in the (already extended) line and exand the template with the command shown…
config setprop squid SafePorts 443,8008,8443,8080,5001,5000
signal-event nethserver-squid-save
To Exclude Sites:
config setprop squid NoCache www.nethserver.org,www.google.com
signal-event nethserver-squid-save
Reverse Proxy
There’s also the option of using a reverse Proxy. If your NethServer has LetsEncrypt SSLs, this would give you the option of the virtual server being SSL protected with https, all done by the NethServer. The virtual Server does not need any config for this!
This does need a legit DNS fqdn entry in both Internal and External DNS to work, besides the LE entry.
My 2 cents
Andy
1 Like
Thank you very much! It helped and it brought a good result!
Sorry I didn’t understand a little what you mean. Can you describe in more detail?
Hi
Let’s take as an example you have two websites you’ld like to host internally, www.domain1.com and www.domain2.com. www.domain1.com would be hosted on your NethServer, www.domain2.com would be on another internal server, with internal IP 192.168.22.23.
Both www.domain1.com and www.domain2.com would point to your external IP. That would work for the “outside world” or Internet. But for your internal machines, you’ld need a DNS entry, eg on your NethServer for both domains, but pointing to the Internal IP of the NethServer and other Server.
Hope this helps.
As for the main question, you can help others with the same / similiar issue by marking this as solved, see here:
My 2 cents
Andy
here is a new problem. configured in the squid filter, some users handle well and some are not at all denied access! Tell me why?
Hi
My cyrillic is non-existant and so is my russian.
If you could provide an english screenshot, that would help…
My 2 cents
Andy
Hi
How does the config look like?
Anything special about the PCs having problems? (eg win update…)