This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using proxy without user setting changes

All users from LAN gets NATed to access the internet but we need some users to use a proxy without changing any settings from client side.
So the internal users with private IP is using gateway as Astaro firewall and some kind of rule which forwards all http traffic to the proxy server which is running squid and is on a separate box.We are not using proxy service on the Astaro Gateway.
How can this be done?

This thread was automatically locked due to age.

0 Ölm over 15 years ago

preet provide us with detailed screenshoots when this occurs.
Cancel
Vote Up 0 Vote Down

Cancel
0 preet over 15 years ago

Ok it works but for http and not for https
I tried to add a service group for http and https which it does not accept so i have to create 2 different DNAT rules for http and https

DNAT Rule 1 for http

LANPC---http----Any-----DNAT to Proxy---target port 3128 (This Works)

DNAT Rule 2 for https

LANPC---https----Any-----DNAT to Proxy---target port 3128

Shows up error in the proxy log whereas it works directly via the proxy by changing the browser setting without using the DNAT on Astaro

TCP_DENIED/400 1522 NONE error:unsupported-request-method - NONE/- text/html
Cancel
Vote Up 0 Vote Down

Cancel
0 Ölm over 15 years ago

It seems not to be supported by your SQUID. The reason is probably that Squid expects a PROXY connection from the browser (with the "CONNECT method) but it receives a standard https request from the browser, which it doesn´t accept. This is probably because of Squid is not beeing able to worek as a transparent proxy.

You really should think about using the "transparent proxy" feature of the Astaro instead (you still can use your Squid proxy, if you want to, but you can avoid using DNAT and also it WEILL work). Transparent Proxy is exaclty the feature you want .
Cancel
Vote Up 0 Vote Down

Cancel