Topic: Proper Transparent Proxy Setup (server and gateway mode)

[ghorst352]

I am currently replacing one of our network SME Servers that plays the role of a Squid Proxy Server.  Currently this setup is dependent on the browser being configured to forward the http traffic -> to the squid proxy server and vice a versa.  This setup does work and works great however I want to take it up a notch and override any possibility of the end user tampering with the browser settings as this network does not have Active Directory nor am I interested in doing so since the network is very small.   

I have a brand new server that I installed 7.5.1 on with 2 Network Cards.  I chose the (server and gateway mode) as I followed the documentation provided on the sme site.  I cannot for the life of me figure out why I cannot get the external interface to see through the DSL modem?  Here is the setup and configuration below (CLICK THE LINK)

ftp://ftpaccess:ftpaccess@dixiemetals.net

[janet]

bhay3s

Remove the cisco router and let SME do the routing & gateway functions ie DHCP, DNS, Firewall etc. Configure SME with your ISP details. In bridged mode the modem passes everything through to SME server. That is how it is done in gateway server mode.
Log in as admin & select Configure this server.
In the modem setup ensure only bridged mode is selected and all other other functionality is disabled.

[ghorst352]

Mary,


I appreciate the response.  I actually attempted that config the first time and I could not see out.  So again I configured my setup as you pointed out and I cannot get through my external adapter, I can see my internal network all day long but I cannot get outside of my network.  I have sifted through every setting on my Zyxel 660 series DSL Modem and made sure every single firewall setting was disabled and yes the modem is in Bridged Mode.  I don't get it, as I can connect the Zyxel back to the Cisco Router and I can get out but when the SME server is connected directly to the Zyxel it ain't happening. 

[ghorst352]

I called Century Link and validated my settings and I also configured a laptop with the ISP settings and was able to get out.  Century Link cannot see me when I have it connected to the server nor can I see anything going out.  There has to be something in the server config blocking, so I would assume checking the iptables or something, my next guess.

[johnp]

I agree with Mary. I have seen some DSL routers that have 2 types of bridge modes and the one that seems to be the proper choice isn't the one that works.

[janet]

bhay3s

In gateway server mode with a Bridged modem, SME server also acts as your login client to the ISP. Are you sure that all the login details have been correctly configured in SME "Configure this server" screens ?
Is the type of service that your ISP provides supported by SME server ie ppoe ppoa cable ADSL  etc ? Tell us what protocol your ISP provides. IIRC ppoA is NOT directly supported & needs a different "Static IP DMZ" configuration.
Also are both your NIC's in SME server compatible with SME ? What models are they ?

If there is more than one bridged mode in your modem, maybe try the other.
Pls advise

[ghorst352]

UPDATE:

1) I contacted Century Link yesterday and validated that once you select bridged mode that ALL OTHERS SETTINGS ARE NULL AND VOID.  Bridged mode has been the only mode the modem has been in since it was installed. 

2) I was able to hook up a latpop directly to the modem and get out with no issues.  So at this point the issue is pointing at the server.

3) After testing both adapters I noticed the onboard realtek R81XX onboard chip was the non communicative nic.  I configured my 3COM nic with the external address and was able to get out so the issue has been found it has todo with the onboard Realtek R8XX Chip.  btw this is a brand new server.

4) Lo and behold just googling Dell Vostro 260 or Realtek R81XX shows hit after hit with compability issues with either the kernel or distro.  Whats funny is I did a /sbin/ethtool -i eth0 and the driver it shows is R8169.  Going to Realtek's website shows the only valid driver is R8168. 

5) Right now I am trying to validate the #4 claim by updating the driver.  Will get back with my results.

[janet]

bhay3s

As I suspected re incompatible NIC.
You will save yourself time, effort and frustration by replacing that NIC with something compatible eg Intel 1000
If the Realtek is built in to the motherboard, disable it in the BIOS and plug in a NIC card.
No more hassles then with drivers as and when server OS upgrades occur.

There is no guarantee the Realtek NIC you have will work anyway.

[ghorst352]

Just for Giggles I am installing SME SERVER 8 beta 7 to see if its compatible with the nic.  If this doesn't work then I am just going to buy another nic. 

[ghorst352]

UPDATE:

Unbelievable....  It works under SME Server 8 beta 7.  You guys might want to forward this maybe under bugs or something else.  I would think this would be helpful info for somebody else out there.    

Key Info:
base system: SME SERVER 7.5.1 vanilla install
network card (onboard): RTL81XX PCI-E
machine: Dell Vostro 260
**incompatible

base system: SME SERVER 8.0 beta 7 vanilla install
network card (onboard): RTL81XX PCI-E
machine: Dell Vostro 260
**compatible

[janet]

bhay3s

If you had done a search of these forums on Realtek R8169 you would have found many answers.
I suggest you do a search, link is at top of forums.
They seem to say it will not work on sme 7.5.1 based on Centos 4 but may work using the other driver mentioned.
They also say it will work on sme8 based on Centos 5

It's not the fault of or a bug in sme, it's just due to whether support exists for that chipset in the kernel. The newer kernel in Centos5 supports it, therefore it works in sme8b7

[ghorst352]

I stand corrected.  Thanks for your help. 

[Stefano]

UPDATE:

Unbelievable....  It works under SME Server 8 beta 7.  You guys might want to forward this maybe under bugs or something else.  I would think this would be helpful info for somebody else out there.    

Key Info:
base system: SME SERVER 7.5.1 vanilla install
network card (onboard): RTL81XX PCI-E
machine: Dell Vostro 260
**incompatible

base system: SME SERVER 8.0 beta 7 vanilla install
network card (onboard): RTL81XX PCI-E
machine: Dell Vostro 260
**compatible

BEFORE buying HW, you should ALWAYS check its compatibility versus RH4 (SME7.x) or RH5 (SME8.x)

the issue, as usual, is between keyboard and chair

[ghorst352]

It is compatible.  It's just the wrong driver is being pushed.

[Stefano]

It is compatible.  It's just the wrong driver is being pushed.

do you have any link to DELL's site?