This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Redirect all internal http request to a debian proxy squid

Hi,

 

I have spent lot of time on a problem.

 

Can someone help me to redirect all http request to an external proxy ?

 

I explain. 

I have a squid proxy on eth7 => ip 192.168.100.1 gw 192.168.100.254

 

We want to redirect all http request from hosts to debian squid proxy connect on eth7

 

I tried to make a DNAT From ANY =>  HTTP => To ANY => redirect to : my proxy

But NAT don't want Any on destination

I tried with "Wan (network)" and it is the same.

 

I think NAT is only to redirect external request, no ?

Exterior =>  redirect to => internal server is OK but doesn't work Internal =>  redirect to => Another internal network

 

Someone else have a solution ? 

 

Thanks in advance for your response.

 

Best regards  



This thread was automatically locked due to age.
Parents
  • Hi,

     the first question is why do you want to use another proxy when you have a very complete proxy inbuilt to the UTM?

    The second question is why use the DNAT with your external proxy, that will just lead to confusion and issues with debugging packet flow?

    You are probably better off using MASQ with a selective filter rule, internal network -> http -> network 7 -> allow (-> log if you wish). MASQ internal network -> network 7 interface. The MASQ rule might be the bug?

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • Hi,

     

    Thank you for your answer.

     

    I would like to use an extrenal squid proxy to cache a big size data, the memory into UTM9 is not large.

     

    2nd, my external proxy must be "transparente", in this case we must redirect http flow to proxy address.

    It doesn't work actually. Can I redirect all trafic on HTTP to my proxy ?

     

    3rd, the rules are ok. In none transparente mode, my squid proxy is ok.

     

    Thank you in advance for your response.

     

    Best regards 

Reply
  • Hi,

     

    Thank you for your answer.

     

    I would like to use an extrenal squid proxy to cache a big size data, the memory into UTM9 is not large.

     

    2nd, my external proxy must be "transparente", in this case we must redirect http flow to proxy address.

    It doesn't work actually. Can I redirect all trafic on HTTP to my proxy ?

     

    3rd, the rules are ok. In none transparente mode, my squid proxy is ok.

     

    Thank you in advance for your response.

     

    Best regards 

Children
  • You can put extra memory in your UTM or it will cache them on the disk, you can configure that function.

    Further you can also use the UTM proxy in transparent mode, so I think you need some help from your reseller because you are making you network and life unnecessarily difficult.

    Also please review you web browser setup so that your posts are not double or triple spaced, this will make you posts easier to read.

    Also I use my proxy in transparent mode, without any issues.

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • Can you not use Web Protection > Web Filter Profiles > Parent Proxies ?


    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • Thank you for your answer.

    If I can put external memory to upgrade the cache capacity, i want to make that. Can you tell me where an how we found this option ? 

    Another question, can I put download limit per user/host by UTM internal proxy ? 

    Best regards

  • Hi,

    what is the hardware of your ATM? The UTM software will assign the cache as it sees fit. The cache is based on spare memory which depends on how complex your UTM configuration is?

    If the device is a Sophos hardware you might be hardware limited. Talk to your reseller if it is Sophos hardware.

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • Salut, Yann, and welcome to the UTM Community!

    If this is a Sophos appliance like an SG 210, you are right that you cannot add RAM or change the hard drive.

    Si j'ai bien compris, the answer is simple if you have a Web Protection subscription.  Use a Parent Proxy for the servers that send large files.

    If you don't have that subscription and must solve this problem with basic networking, we need more detail.  Please insert a simple diagram showing where the clients, web server(s) and Squid are.  Include obfuscated IP addresses.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA