Hi. I have an openSUSE server in my network which, among others, acts as my proxy server. But it is not yet all correctly configured because whenever I connect to it (through ethernet or wifi), the connection goes straight outside without passing through the proxy. I had to manually configure the device to pass through the proxy before its connection passes through my filtering proxy.
I then followed these steps to configure squid as transparent… but then after finishing all the steps, everything went haywire. so I erased all that I added into squid.conf and SuSefirewall2. Internet connection is back to what it was before, however, I’ve been noticing weird changes like from a client in my network I couldn’t ping an external address (e.g. www.google.com) and any mail client application in my clients cannot connect to its respective mail servers (google, yahoo, work mail, etc…)
I’ve tried rereading and rereading those two configuration files I edited (squid.conf and SuSEfirewall2) and it seems as though everything is back to how it was before… but still the strange symptoms persist. I tried switching off my suse firewall and nothing changed, so i suppose it’s not my firewall that’s blocking ping (icmp) nor the mail ports (25, 110, 143, etc).
Sounds to me like you’re not configuring your client machines’ web proxy settings correctly.
The basic concept to understand is that there is first the default gateway and then there is a possible web proxy.
The default gateway as everyone should know is the router address all ethernet traffic leaving the local network should be pointed at.
The exception is when a web proxy exists in the network, and by definition the “web protocols” (http, httpx, ftp, ftps, sftp, etc) should point to the web proxy instead of the default gateway.
So, how is this normally implemented?
By configuring the web applications (eg web browser) to point to the web proxy in the application settings, and optionally closing the default gateway’s firewall settings to these web protocols (except from the web proxy).
Then, the next choice is whether to configure the web proxy and any other similar apps manually or automatically. To configure manually, every app (eg Firefox, Chromium, chrome, Dolphin, etc) has to be individually configured.
Optionally but requires some work, you can create a web proxy script and serve that script from a specified server. After that, you can then configure every web app to point to the URL instead of entering settings manually in the app.
If you understand and follow <all> the above steps,
You should be able to understand where you might have an issue, particularly if you’re pushing a web proxy script… ie Did you create and the script properly? Is it being served properly? Is each and every web app configured properly to look for the script instead of a manual configuration? Did the address/location of the served script change?
Hi tzu2,
Thanks for the reply. as of the moment, I prefer configuring my client(s) manually since I’m still simply testing things out. I thought that “transparent proxy” is a concept/solution to avoid needing to make changes/configurations to the client side, as if automatically leading all connections outward through the proxy filter. One question, where does one open or close web protocols in default gateway? It’s funny because by observation, it seems as though only http and https can come in and go out of my network, everything else is impossible… I can’t even ping an external address.