HTTP Proxy strange behavior

Hi all, (Release 5.816)

I have to the external NIC some alias IP addresses.
Likewise there is some DNAT rules (with external alias addresses) those the Port 80 etc. from external NIC to DMZ forward.
As soon as i activate HTTP proxy in transparency mode,
cannot access from external any more to the Web servers in the DMZ.

Packet Filter log:

13:10:51 217.247.242.89 4062 -> 217.6.XXX.2 8080 TCP 48

That is interesting the Port 8080 is used here, although transparency is active mode.

Only if i activate "Any" in Allowed network, it works.

Likewise is interresant with "Any" all request of the port 80 on the real IP address of the external NIC received.
One could believe that no DNAT would work.

Stefan

Parents

0 Xeno over 20 years ago

If HTTP proxy is set to transparent mode, a redirect rule is set in the packetfilter framework of ASL. This rule prevents from port 80 from beeing DNATed. In V5 the behaviour of the redirect rule was different. So the problem starts in V6. Maybe it's a bug or just a different behaviour. But a the moment I would not know a good workaround.

Xeno
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 StefanS_01 over 20 years ago in reply to Xeno

Xeno,

Thanks for your info.. These settings come from a ASL 5 config file.
There the settings without problems work.
I think I must with the Proxy wait, until this question for the version 6 is clarified.

It's a litle pity.

Stefan
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 StefanS_01 over 20 years ago in reply to Xeno

Xeno,

Thanks for your info.. These settings come from a ASL 5 config file.
There the settings without problems work.
I think I must with the Proxy wait, until this question for the version 6 is clarified.

It's a litle pity.

Stefan
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data