Squid reporter fails on vanilla v7

NethServer Version: 7 (1611)
Module: Lightsquid

Additionally, using the basic directions to set up a manual proxy is not enough and the proxy never works. Do I need two NICs for this? The documentation is very sparse and, in the case of v7, nonexistent – http://docs.nethserver.org/projects/nethserver-devel/en/v7/web_proxy.html as seen here.

Steps to replicate:
Install fresh from 1611 ISO.
Select the ‘web proxy’ checkmark and apply from the list of available software.
Allow to install, and complete.
Set proxy to manual from the web proxy section (bottom of the menu at left), and apply.
Get failure as above from the applications/lightsquid section.
Redirect a browser/OS to use the proxy server and it will not answer the browser.
Nmap reports that the port (3128) is open.

Reports are created in the night, please check again the page above tomorrow. We may add a button like “Create report now”.

Ok, what about the manual proxy being a failure to function? Are there any tips or specific steps to check or test?

Error messages?
What’s in the logs? /var/log/squid/access.log (and cache.log)
Is squid running? WebUI-> Status->Services

Access.log is empty, despite having just tested. Cache.log refers to a logswitch, though there’s no other files than cache.log(date).gz. The contents there: http://i.imgur.com/z3SenjM.png

Squid.out has 3 error messages, all the same: Warning: empty ACL: acl no_cache dstdomain “/etc/squid/acls/no_cache.acl”

Are you sure that your client is sending requests to NethServer proxy?
Please check from NethServer itself, running:

wget http://www.nethserver.org/

You should see some lines in access.log,
If true, your problems are on the client and I can’t do anything about it. :slight_smile:

The test you specified resulted in a success, with output in the access.log. I’m checking to see why the client isn’t successful.

After further testing, it seems that it works on the same segment as the nethserver, but requests from a different network segment are ignored by neth.

I disabled iptables and now:
1500923707.266 0 TCP_DENIED/403 3693 CONNECT www.google.com:443 - HIER_NONE/- text/html
Which leads me to suspect that the ACLs aren’t open enough for multiple networks.

So, basically, on a default configuration, the neth squid implementation is only valid for one local network.


Allow access from green and trusted networks.

acl localnet src
acl localnet_dst src

Both of those were previously set to which won’t work if you have a larger network than the 24 bit default.

Unless there’s a way to firmly edit the squid.conf file with, the whole thing is wasted time.

Additional networks need to be added in the Trusted network page.

Except that you cannot. Because the network is already there, and unable to be removed through the web UI, it does not allow

In order to correct this, I added the needed ACL to the squid.conf file and made it read only so it remains unchanged.

that’s not the way to go, you’re breaking things instead of fixing them :wink:

Fix the Web UI to allow me to add a 16 bit network that encompasses the 24 bit default. :wink:

Is that one your only network subnet?
Aren’t you able just to edit that network to change the netmask?
Sounds strange

There is no need for two NICs.
About the documentation, please check:

Can you share your network settings (db networks show) ?
AFAIK setting 16 bit network is allowed. Could you try what Stefano suggested?

No, the edit option isn’t available. It’s created automatically during installation and cannot be modified from trusted networks.

https://1drv.ms/v/s!ApFzaTTO9sIMyjIowl3smg1OHlvk for a video of the action.

[root@Corp-Proxy03 ~]# db networks show
provider=xDSL provider