Problem ClearOS proxy in DMZ

**WarriorP** · 15-09-2010

To improve a bit my network, I decided that the start there would be a dedicated machine acting as a proxy and it would be located in DMZ. I work with IPCop and my network is divided into three zones: green, orange and red.

My choice, for practical reasons, has focused on installing ClearOS as a proxy filter (Theguardian).

Addressing:

- Green: 192.168.1.x
- Orange: 192.168.2.x
- Red: 192.168.0.x

ClearOS is 192.168.2.4 and when I am setting the browser to a post in the Green Zone (IP: 192.168.2.4, port: 8080) I can not surf. I get a page ClearOS consistently telling me that the web agent has detected a problem and a warning message saying access denied.

If I pass ClearOS in Green Zone no problem, I put a SME Server + Theguardian, no problem. So if my problem is with the management of local networks. About SME Server, it is possible to add access to various services (such as proxy for example) at different LANs but that is it on ClearOS?? I did not find the setting for this kind of setting.

Can you help me in this kind of setup process and has a solution?

**Spyrus** · 15-09-2010

As your Green network is not in the same network as your Proxy and that this is in the DMZ, you must add it in squid.conf for the green network so that it can be used.

**WarriorP** · 15-09-2010

So that's what I added in my squid.conf:

- In #ACCESS CONTROLS I added:

src 192.168.1.0/255.255.255.0 acl localsrc
dst 192.168.1.0/255.255.255.0 acl localdst

- In #TAG: http_access I added:

http_access allow localsrc

Now it works well but I'm not sure what I did (syntax errors, omissions, etc.)

**Spyrus** · 15-09-2010

That seems good but you do not need "dst 192.168.1.0/255.255.255.0 acl localdst". Also use mask as "/24" instead of providing 255.255.255.0. It makes reading better and more understandable.

**WarriorP** · 15-09-2010

Yes quite agreed with the 24 instead of 255.255.255.0, but what is the problem with dst 192.168.1.0/255.255.255.0 acl localdst if I followed the structure of the squid.conf in ClearOS?

And I have one last little problem: the proxy denied me access to the configuration interface of my IPCop and the url is https://192.168.1.2:4445. In acl squid I saw that we could configure the ports but I was fine to allow port 4445, I'm thrown every time. Any idea?

**Lemog** · 15-09-2010

If you think a little Squid, we understand that the source must be authorized (or to allow acl src +). And the natural source is the network of the machine, ie the dmz, and therefore not the Green network, and therefore it must be added. It has a logical reasoning.