Topic: is transproxy automatic in 4.1.2 ??

[Allen Rapini]

I just did a clean install to a machine that is going to be my "home" e-smith and was happy to see that the transproxy is working automatically. There is no need to set the proxy port in the client for the client to access the internet.

I notice no logging is done to /var/log/squid/acess.log when the client access the gateway port directly, but it will log if they proxy port x.x.x.x:3128 is specified in the client.

I don't necessarily have a preference, but this behaviour is similiar to 4.1.1 with the transproxy applied. Unfortunately, the command from Charlie Brady doesn't seem to have the same effect in 4.1.2

under 4.1.1., the command from Charlie "/sbin/e-smith/signal-event network-create" and a re-boot was all that was necessary to make this work and log without specifiying a proxy port.

I also want to test the pam_auth, sleazeball, and squidguard mods next. I see that there is some conflict with these and transproxy. Is anyone using ALL of these mods together or in some combination? I would like to hear more if so.

Any help is appreciated

Allen

[Idris Llewellyn]

I have also done a clean 4.1.2 install and then changed some squid settings/installed squidgaurd.
i find that browsers are refused connections if they haven't got their browsers set proxy to port 3128.
this is brilliant.   exactly what i required.  wasn't like this with 4.1.1 i don't think.

[Allen Rapini]

Well, I am glad it's working for you, but I have the opposite situation.  Transproxy is NOT installed, but users have full internet access either way. The only difference is the logging.
The rpm query returns:
# rpm -q e-smith-transproxy
package e-smith-transproxy is not installed

But the logging occurs only when the proxy port is set. I haven't installed squidguard yet, but I will be. If that makes a difference, I will post it.

[Idris Llewellyn]

And now it doesn't work!

I somehow have the situation I described at home on my home server.
But I just installed 4.1.2 in work (to replace NT) and find the same problem as you.
I've installed squidGaurd and all its databases (but not transproxy) and yes you're right every little blighter can simply change their browser not to use the proxy and they can look at what they want and don't need to authenticate themselves.  @!#$.  
Now I'm in trouble if they find out.  There must be some way of blocking them?

[Idris]

i vaguely remember that i may have by mistake installed transproxy on my home server and found that it caused requests not to the proxy to be rejected.
doesn't sound sensible but i think that's what happened.
i will try again this weekend and post the results.  pain in the neck though this is.  what's the point of having a proxy with user authentication/block of unsuitable sites if they can just bypass it.  bloody hell.

[James]

This is a pain in the neck for me too.
I must stop users accessing hte internet if they don't go through squid.
but how?

[enigma01]

OK guys.....

Here may be a temporary solution to buya little time while you (!! and I !!) try to block unwanted/unauthenticated user access to the internet......

***** mind it will only work if you have no need to set a default gateway in your dhcp configuration / you do not use dhcp from the e-smith****

Quite simply give a default gateway address other than the esmith box and that way YOU HAVE TO USE THE PROXY SETTING or no internet access is capable......

Hope this helps buy a little time - best of luck fellas

enigma