On 6/10/10 7:51 AM, Johnson, S wrote: > I’ve been working on an issue with Squid/Dansguardian/Shorewall > connecting to an OWA site outside of the network. I was originally > thinking it was squid that was causing the issue now I’m leaning towards > something towards the iptables/shorewall configuration. > > Squid is in transparent mode. > > (This also applies to the sharepoint server which uses the same auth as OWA) > > On two different networks that has a shorewall firewall I cannot connect > to the OWA. I get the login prompt to appear and in the case of IE, > after entering in my login ID/password the screen immediately goes to a > “Internet explorer cannot display the webpage”. In Chrome, the popup > auth window just keeps appearing and asks for the username/password over > and over. So my assumption is that I’m getting to the site but not > allowing the auth. I was originally thinking it was packet mangling but > I don’t have that configured in my shorewall.conf on the 2^nd shorewall > device. > > Keep in mind, from this same network I can access other OWA sites just > fine that do not use shorewall. So that’s why I’m thinking it’s a > shorewall/iptables configuration issue. > > I can access the OWA that was having issues just fine without the proxy > though which makes this hard to decipher where the issue is coming from. > > My rule is simple: > > Rules: > > ACCEPT net loc:10.1.1.3 tcp http # webmail > > Nat: > > # EMail server > > 999.999.999.999 eth2 10.1.1.3 > yes yes > > Does anyone have an idea on what is going on?
I re-read your report this morning and I realized that I mis-understood your configuration when I replied yesterday. I'm still not at all clear about it so let me see if I have it correct: a) The client is behind a Shorewall firewall that uses Squid for transparent proxy. b) The OWA server is behind a Shorewall firewall that uses 1:1 NAT for address translation. The only incoming rule for OWA is for port 80. If that is correct, then I'm fairly certain that you will need to also add https (port 443) on the server side; have you looked at the Shorewall log there do see if anything is logged when you try to access OWA or the Sharepoint? -TOM -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
