HTTP Proxy Transparent Proxy with Web Antivirus setup

Forums Network Management ZeroShell HTTP Proxy Transparent Proxy with Web Antivirus setup

  • This topic has 6 voices and 15 replies.
Viewing 15 posts - 1 through 15 (of 17 total)
  • Author
  • #42189


    Installed zeroshield 1.0 beta12
    Have 3 network cards.
    1 network card just for management.
    2 network cards to work as transparent in-path proxy.
    Under Network setup, I have setup new bridge and brigded those 2 network cards together.
    Put my laptop on inside and the other network card goes to outside switch.

    Works fine, passes traffic fine, once I turn on HTTP Capturing Rules, it stops working. Unable to browse outside, but I can ping outside and able to browse via other ports, like https and RDP, telnet etc works fine.

    Any suggestions or detailed documentation how to set it up?


    Have you ever changed the default policy of your OUTPUT chain to something different from ACCEPT and/or have restrictive rules there?

    This is an important thing to check as, without the proxy, your requests go though the ZS box, thus will be filtered by the FORWARD chain firewall rules. In the other hand, when you have the transparent proxy on, the requests will be received by the proxy at Zeroshell and then will be re-issued from there (as if the requests are originated on the ZS box). The bottom line is that these new re-issued requests will be subject to the rules in the OUTPUT chain, not the FORWARD chain.

    Hope it helps



    I have not configured anything under Firewall rules, left default.

    Basically all the setup I did was:

    1. Bridged 2 network cards together.
    2. Went into HTTP Proxy and Added HTTP Capturing Rule for BRIDGED interface.

    Everything is working fine if I dont add HTTP Capturing rule.

    The rule is very simple:
    Chain Proxy (1 references)
    pkts bytes target prot opt in out source destination
    5 260 REDIRECT tcp — BRIDGE00 * redir ports 8080


    Are you able to ping any of the URLs that you are trying to access from the Zeroshell shell prompt?

    Could you post here some screenshots:
    – Proxy capturing rules
    – Firewall INPUT and OUTPUT chains (even knowing you didn’t change anythin)



    @Marcelo wrote:

    Are you able to ping any of the URLs that you are trying to access from the Zeroshell shell prompt?

    Could you post here some screenshots:
    – Proxy capturing rules
    – Firewall INPUT and OUTPUT chains (even knowing you didn’t change anythin)

    Yes I am able to PING etc., I can even RDP to other machines, HTTPS works, FTP works, but HTTP does not.


    Hmmmm. Interesting, this is indeed very weird.

    I see though that you have items in your blacklist. Could you plz try clearing it (leave it with zero items), just for start, and confirm if the problem persists?
    Since you’re currently in a troubleshoot phase of your proxy configuration, I’d recomend that you only add items to the blacklist once you confirm you have a working configuration, just to make sure nothing else may be interfering with your investigation.

    I understand the router is forwarding the packets corectly (like accessing https, etc), pinging from the ZS box (not one of the machines it serves) was just to confirm you had no problems with the OUTPUT chain, not the FORWARD one.

    Let me know how it does after cleaning the blacklist.


    removed and disabled whitelisting and blacklisting.

    Very weird, seems to be easy config,

    maybe issue with the version that I am running?



    I don’t think this is related to the version you’re using, I use the transparent proxy on beta12 (same version as you) with no problems.

    What do you have in the proxy logs?

    Try enabling logging of every transaction (not just URLs with virus) and after one or two requests, post the logs here (remember to edit sensitive information like IPs and the like, if you care, before posting).


    esvabas try this: Add also the source IP range on the proxy configuration, not just the interface BRIDGE00


    what is funny that, when I enable HTTP Proxy on bridge, no http traffic passes from my laptop, but PROXY log shows at least connections me trying to access or or windows update, here is the log

    19:34:08 HEAD 200 292+0 OK
    19:34:30 GET 404 179+282 OK
    19:35:01 HEAD 200 384+0 OK
    19:35:22 GET 404 179+282 OK
    19:35:53 HEAD 200 384+0 OK
    19:37:53 GET 404 179+282 OK
    19:38:23 HEAD 200 384+0 OK
    19:38:44 GET 404 179+282 OK
    19:39:15 HEAD 200 384+0 OK
    19:39:36 GET 404 179+282 OK
    19:40:07 HEAD 200 278+0 OK
    19:40:28 GET 404 179+282 OK
    19:40:58 HEAD 200 278+0 OK
    19:41:18 GET 404 179+282 OK
    19:41:47 HEAD 200 278+0 OK
    19:42:09 GET 404 179+282 OK
    19:42:39 HEAD 200 278+0 OK
    19:43:06 GET 404 179+282 OK
    19:43:37 GET 404 237+1635 OK
    21:11:05 GET 200 246+5142 OK
    21:11:32 GET 301 302+219 OK
    21:12:24 GET 404 179+282 OK
    21:12:29 GET 302 310+135 OK
    21:12:37 GET 200 246+5721 OK
    21:12:38 GET 404 179+282 OK
    21:22:08 GET 301 185+141 OK


    Most likely the request is captured correctly, but the reply is also captured cause the BRIDGE interface is bidirectional.


    seem to be stuck, have tried various ways, and unable to make it work

    Once I turn on Capture traffic for interface or for source network traffic, unable to open any websites, but Logs shows traffic ok,

    11:01:48 GET 200 299+3447 OK
    11:02:00 GET 200 899+14225 OK
    11:02:06 GET 200 336+68 VIRUS ClamAV: Eicar-Test-Signature
    11:02:44 GET 304 240+0 OK
    11:02:52 GET 200 394+7104 OK
    11:03:05 GET 304 240+0 OK
    11:03:48 GET 200 349+124814 OK

    Log shows that I am accessing those sites.


    Same problem to me, but pinging the name of sites don’t work, but it’s working ping to ips.


    Sounds like a DNS problem. Make sure you have it configured and it is working. If in doubt use OpenDNS or GoogleDNS.

Viewing 15 posts - 1 through 15 (of 17 total)
  • You must be logged in to reply to this topic.