Wednesday, July 15, 2009

Endian: Transparent Proxy on Green (make it work)

These last few days have been really busy, I'm currently migrating one of the office network setups to a UTM solution.
I'm installing and testing the Community (that is the free and unsupported ;) ) edition of the Endian Firewall.

Had a lot of problems to get the built in proxy Squid to get up and running in transparent mode, whatever I tried, it always belched this error message while trying to browse any page:

Sorry, you are not currently allowed to request:
<...Some website URL here...>
from this cache until you have authenticated yourself.

This request could not be forwarded to the origin server or to any
parent caches. The most likely cause for this error is that:
The cache administrator does not allow this cache to make direct connections to origin servers, and
All configured parent caches are currently unreachable.

Transparent mode, on the Green interface is the Holy Grail, no setup on any client at all, all the HTTP traffic goes thru the Proxy, and whatever limit or filter you wish to apply on it, but, after a default install, it refused to let the clients reach the internet, a real and major PITA.

Googled like a MF and read just about what ever I can get my hands on, even rebooted the Endian Firewall box, just to see if that would work.
In the end, found the solution, and I'm posting hoping someone might find it interesting as well.

To enable it, goto Proxy, after enabling it, set transparent for Green, Save an reinit, and then goto the 'Defautl Policy' tab, and click on "Create a rule", and set it like on the screenshot.

Authentication on transparent proxy?? RESOLVED! - Lots of hope on this one, but nothing
The requested URL could not be retrieved - Lots of hope on this one, but nothing
Beta 2.2 "Content Filter": msg#00010 - This is the closest
SOLVED [Fwd: Help with AV y Content Filter]
Proxy no longer allows access
Squid/DansGuardian not functioning together for "Standard" users.
Content Filter does not start when enabled so proxy denies access to all web pages

Labels: , , , , ,


Blogger arif said...

Creating a new rule is solved the problem but it is not filtering any content. I have defined some URLs to blacklist but i can enter that sites.

7:48 AM  
Blogger hictio said...

That's weird.
Mine filters content w/o any problem.
How are you filering it? Or better yet, where?

11:47 AM  

Post a Comment

<< Home