Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Transparent proxy
  •  
JonLarssen

Messages: 3
Karma: 0
Send a private message to this user
Hello,

I'm testdriving KWF, and so far I'm impressed. But, I have one question. Is it possible to have a transparent proxy for my users (no need for authenticate them) that uses a parent proxy?

The situation is this. I have a bunch of computers that I'd really like to avoid reconfiguring (including a couple of Linux machines). And I have an upstream proxy server that I'd like to use.

If I explicitly tell some LAN users to use the proxy at 3128 with KWF local users, and using the upstream proxy, it works great. However, I'd like to do that without telling the other guys that there's a proxy in between. Hmm, that's different layers, right? Layer 2 vs Layer 3?

Regards,
Jon.
  •  
Jeff Wadlow (Kerio)

Messages: 162
Karma: 6
Send a private message to this user
That should work but you will have to have the non-transparent proxy server enabled so that you can access the option to use a parent proxy.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
JonLarssen wrote on Tue, 23 March 2004 18:26

Hello,

I'm testdriving KWF, and so far I'm impressed. But, I have one question. Is it possible to have a transparent proxy for my users (no need for authenticate them) that uses a parent proxy?

The situation is this. I have a bunch of computers that I'd really like to avoid reconfiguring (including a couple of Linux machines). And I have an upstream proxy server that I'd like to use.

If I explicitly tell some LAN users to use the proxy at 3128 with KWF local users, and using the upstream proxy, it works great. However, I'd like to do that without telling the other guys that there's a proxy in between. Hmm, that's different layers, right? Layer 2 vs Layer 3?

Regards,
Jon.

Hi Jon,

well, I will try to keep you impressed by KWF also in future.
Yes, it is possible but the administrator should have good knowledge of Winroute settings.

Keep the settings on clients without change. In KWF define a new service with the destination port of proxy server you want to use. Set the protocol inspector to HTTP for that service.
By this every connection to this service (proxy server) will be handled by HTTP protocol inspector and you will be able to filter access to websites for users.
However, the proxy server often requires absolute URL while the HTTP protocol inspector converts the URL from absolute to relative by default. This conversion can be disabled in configuration file. To do this, stop Winroute, edit the winroute.cfg file and set
<variable name="RemoveHostFromURL">1</variable> to "0".
  •  
JonLarssen

Messages: 3
Karma: 0
Send a private message to this user
Quote:

Yes, it is possible but the administrator should have good knowledge of Winroute settings.


Well, to tell you the truth, I have extensive routing experience, mainly from a Cisco, Solaris and BSD training. This whole Windows routing is actually new for me.

Quote:

In KWF define a new service with the destination port of proxy server you want to use. Set the protocol inspector to HTTP for that service.


Like this?

http://forums.kerio.com/index.php?t=getfile&id=115

Quote:

To do this, stop Winroute, edit the winroute.cfg file and set <variable name="RemoveHostFromURL">1</variable> to "0".


Done.

So, what's a good traffic policy?

Thanks,
Jon.

  •  
JonLarssen

Messages: 3
Karma: 0
Send a private message to this user
The simplest thing I came up with is:

http://forums.kerio.com/index.php?t=getfile&id=116

which will not work for me. Somehow, traffic to port 80 (which shouldn't go there) is being serviced by the "regular" NAT rule. What I'd like is to the transparent proxy to catch it and forward it to the parent proxy (ISA Server).

Best regards,
Jon.

  • Attachment: policy.gif
    (Size: 12.93KB, Downloaded 1609 times)
Previous Topic: Problems running webserver on firewall host
Next Topic: Upgrade from WRP? What about DirecWay Support
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 17:24:07 CET 2017

Total time taken to generate the page: 0.00383 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.