Zeroconf behind proxy but still using captive portal?

[ppalias]

Umm this is not the way transparent proxy works. You must have at least 2 interfaces on ZS in order the traffic to pass through them to get to the internet, so that ZS will hijack the http traffic and send it over to the proxy instance.

[compguy030471]

I see so my setup with only 1 interface is the issue.

So if I changed the IP scheme to:

ZS 10.10.10.1 ETH00
DHCP 10.10.10.100-10.10.10.200
ETH01 172.22.31.9

Zeroshell

---

.SquidNt

---

Internet
10.10.10.1/172.22.31.9 172.22.31.10
Could this work?

[ppalias]

Yup this would work fine. However you could also leave only one network card on the ZS and add another IP on the interface. However your clients will be able to change their IP address and bypass the proxy. So technically the best solution is the scheme you proposed.

[compguy030471]

Excellent, I will give it a try today and test.

[compguy030471]

I have configured ZS with 2 interfaces but I still have not got the Transparent proxy to work. I was able to modify havp.config and the logs below show as such (Parent proxy:172.22.31.10;3128) Could I be configuring the capture rules wrong?

14:54:52 ClamAV: Using database directory: /var/register/system/ClamAV/db
14:54:54 ClamAV: Loaded 498364 signatures (engine 0.95.1)
14:54:54 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
14:54:54 — All scanners initialized
14:54:54 Process ID: 27903
14:58:46 === Starting HAVP Version: 0.90
14:58:46 Running as user: havp, group: havp
14:58:46 Use transparent proxy mode
14:58:46 — Initializing ClamAV Library Scanner
14:58:46 ClamAV: Using database directory: /var/register/system/ClamAV/db
14:58:51 ClamAV: Loaded 498364 signatures (engine 0.95.1)
14:58:51 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
14:58:51 — All scanners initialized
14:58:51 Process ID: 5102
15:02:55 192.168.0.100 GET 302 http://192.168.0.1/ 228+204 OK
15:03:13 192.168.0.100 GET 302 http://192.168.0.1/ 228+204 OK
15:09:39 192.168.0.100 GET 302 http://192.168.0.1/ 228+204 OK
15:17:42 192.168.0.100 GET 302 http://192.168.0.1/ 228+204 OK
15:17:49 192.168.0.100 GET 302 http://192.168.0.1/ 227+204 OK
15:42:35 192.168.0.100 GET 302 http://192.168.0.1/ 228+204 OK
15:42:40 192.168.0.100 GET 302 http://192.168.0.1/ 227+204 OK
15:56:28 === Starting HAVP Version: 0.90
15:56:28 Running as user: havp, group: havp
15:56:28 Use parent proxy: 172.22.31.10:3128
15:56:28 Use transparent proxy mode
15:56:28 — Initializing ClamAV Library Scanner
15:56:28 ClamAV: Using database directory: /var/register/system/ClamAV/db
15:56:31 ClamAV: Loaded 498364 signatures (engine 0.95.1)
15:56:31 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
15:56:31 — All scanners initialized
15:56:31 Process ID: 12572
[/img][/quote]

[ppalias]

Just add a rule to capture anything sourcing the interface where your clients are (10.10.10.1) and try to browse the internet (e.g http://www.google.com)

[compguy030471]

I made a capture rule:

Capture traffic
src:192.168.0.100-192.168.0.200 (DHCP)

I restarted the proxy service but I am still getting same issue.

[ppalias]

Show us the output of

iptables -L -v

iptables -t nat -L -v

from the shell.

[Author]

Posts