NethServer Version: 7 (1611)
Module: Lightsquid

IOmtGuW.png902×332 10.7 KB

Additionally, using the basic directions to set up a manual proxy is not enough and the proxy never works. Do I need two NICs for this? The documentation is very sparse and, in the case of v7, nonexistent – http://docs.nethserver.org/projects/nethserver-devel/en/v7/web_proxy.html as seen here.

Steps to replicate:
Install fresh from 1611 ISO.
Select the ‘web proxy’ checkmark and apply from the list of available software.
Allow to install, and complete.
Set proxy to manual from the web proxy section (bottom of the menu at left), and apply.
Get failure as above from the applications/lightsquid section.
Redirect a browser/OS to use the proxy server and it will not answer the browser.
Nmap reports that the port (3128) is open.

Reports are created in the night, please check again the page above tomorrow. We may add a button like “Create report now”.

Ok, what about the manual proxy being a failure to function? Are there any tips or specific steps to check or test?

Error messages?
What’s in the logs? /var/log/squid/access.log (and cache.log)
Is squid running? WebUI-> Status->Services

Access.log is empty, despite having just tested. Cache.log refers to a logswitch, though there’s no other files than cache.log(date).gz. The contents there: http://i.imgur.com/z3SenjM.png

Squid.out has 3 error messages, all the same: Warning: empty ACL: acl no_cache dstdomain “/etc/squid/acls/no_cache.acl”

Are you sure that your client is sending requests to NethServer proxy?
Please check from NethServer itself, running:

http_proxy=localhost:3128
wget http://www.nethserver.org/

You should see some lines in access.log,
If true, your problems are on the client and I can’t do anything about it.

The test you specified resulted in a success, with output in the access.log. I’m checking to see why the client isn’t successful.

After further testing, it seems that it works on the same segment as the nethserver, but requests from a different network segment are ignored by neth.

I disabled iptables and now:
1500923707.266 0 10.10.14.228 TCP_DENIED/403 3693 CONNECT www.google.com:443 - HIER_NONE/- text/html
Which leads me to suspect that the ACLs aren’t open enough for multiple networks.

So, basically, on a default configuration, the neth squid implementation is only valid for one local network.

Changed:

Allow access from green and trusted networks.

acl localnet src 10.10.0.0/16
acl localnet_dst src 10.10.0.0/16

Both of those were previously set to 10.10.10.0/24 which won’t work if you have a larger network than the 24 bit default.

Unless there’s a way to firmly edit the squid.conf file with 10.10.0.0/16, the whole thing is wasted time.

Additional networks need to be added in the Trusted network page.

Except that you cannot. Because the 10.10.10.0/24 network is already there, and unable to be removed through the web UI, it does not allow 10.10.0.0/16.

In order to correct this, I added the needed ACL to the squid.conf file and made it read only so it remains unchanged.

that’s not the way to go, you’re breaking things instead of fixing them

Fix the Web UI to allow me to add a 16 bit network that encompasses the 24 bit default.

Is that one your only network subnet?
Aren’t you able just to edit that network to change the netmask?
Sounds strange

There is no need for two NICs.
About the documentation, please check:

• Web proxy — NethServer 7 Final
• http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-squid.html

Can you share your network settings (db networks show) ?
AFAIK setting 16 bit network is allowed. Could you try what Stefano suggested?

No, the edit option isn’t available. It’s created automatically during installation and cannot be modified from trusted networks.

https://1drv.ms/v/s!ApFzaTTO9sIMyjIowl3smg1OHlvk for a video of the action.

[root@Corp-Proxy03 ~]# db networks show
10.1.225.0=network
Description=Summit
Mask=255.255.255.0
ens160=ethernet
bootproto=none
gateway=10.10.10.254
ipaddr=10.10.10.251
netmask=255.255.255.0
role=green
ppp0=xdsl-disabled
AuthType=auto
FwInBandwidth=
FwOutBandwidth=
Password=
name=PPPoE
provider=xDSL provider
role=red
user=