+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
Internet Related/Filtering/Firewall Thread, Setting up linux box to forward requests in Technical; We use RM for our internet, using SmartCache2 as a proxy. I have recently set up a new VLAN for ...
  1. #1
    BassTech's Avatar
    Join Date
    Nov 2008
    Location
    England
    Posts
    481
    Thank Post
    50
    Thanked 30 Times in 23 Posts
    Rep Power
    23

    Setting up linux box to forward requests

    We use RM for our internet, using SmartCache2 as a proxy.

    I have recently set up a new VLAN for our wireless devices on a new ip range (172.10.0.0/21) and want these to bypass the SmartCache2 proxy and connect directly to the internet. We have been trying to use a linux box to do this, but now we're a little stuck.
    We have Ubuntu installed with 2 NICS (one on VLAN1, one on VLAN2) - our main HP L2 switch does the routing between these and our DHCP server.

    We also have a CISCO firewall that acts as a default gateway to the internet.

    I've set up a new firewall rule to allow traffic to pass through 172.10.0.0/21 ip range, and can see that it's working ok, with packets being allowed through.

    The problem is that we keep getting "cannot connect to DNS" errors on the client end. We want to use OpenDNS for our BYOD, but even setting the DNS server settings manually on the clients doesn't work. I have set up forwarders on our local DNS server to forward requests from 192.168.3.108 (linux box ip) to OpenDNSs servers but still no luck.

    I believe we need to use iptables on the linux box to forward 172.10.0.0/21 traffic to our CISO firewall internet gateway, but not entirely sure.

  2. #2
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,478
    Thank Post
    515
    Thanked 287 Times in 263 Posts
    Rep Power
    81
    Have you tried setting the gateways on your VLANS to use the Cisco rather than the RM ?

  3. #3

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,921
    Thank Post
    1,626
    Thanked 1,893 Times in 1,407 Posts
    Blog Entries
    2
    Rep Power
    429
    blast, beat me too it. Why route through something when you can go direct?

  4. #4
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,478
    Thank Post
    515
    Thanked 287 Times in 263 Posts
    Rep Power
    81
    Quote Originally Posted by nephilim View Post
    blast, beat me too it. Why route through something when you can go direct?
    Great minds think a like Neph...

  5. #5
    BassTech's Avatar
    Join Date
    Nov 2008
    Location
    England
    Posts
    481
    Thank Post
    50
    Thanked 30 Times in 23 Posts
    Rep Power
    23
    Yes, but it seems to be that RM will only allow internet traffic through their SmartCache2 box. This is what's confusing me.
    SmartCache2 is just a squid server, with RMs software on it, which uses this upstream proxy: unfiltered.adslcache.rmplc.co.uk. This then passes through the CISCO, out to the internet.

    On both VLANs, the default gateway is already set as the CISCO firewall. In theory, I thought if I took out the proxy settings from the clients, it would just bypass the filtering and get unfiltered internet, but that's not the case.

  6. #6

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,921
    Thank Post
    1,626
    Thanked 1,893 Times in 1,407 Posts
    Blog Entries
    2
    Rep Power
    429
    Your best bet then in that case is to speak to RM. They should be able to give you a viable way to do what you are asking.

  7. #7
    BassTech's Avatar
    Join Date
    Nov 2008
    Location
    England
    Posts
    481
    Thank Post
    50
    Thanked 30 Times in 23 Posts
    Rep Power
    23
    Quote Originally Posted by nephilim View Post
    Your best bet then in that case is to speak to RM. They should be able to give you a viable way to do what you are asking.
    I did, they suggested buying their SafetyNet+ with transparent filtering. I did back in November, only to find out that I had to contact RM to enable the transparent part.
    Contacted RM to do this, costs extra of course.. So I thought I'd bite the bullet and pay.
    Then it turns out that RM haven't released transparent filtering in the West Midlands area yet and that "It's on their roadmap" (I assume its the same roadmap that IE10 is on, as that hasn't been re-released by RM yet.)

  8. #8

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,921
    Thank Post
    1,626
    Thanked 1,893 Times in 1,407 Posts
    Blog Entries
    2
    Rep Power
    429
    In that case, demand a refund, you purchased something with the express intention (and was told) that it could do something you require, as it cannot, it is not fit for purpose.

  9. #9
    BassTech's Avatar
    Join Date
    Nov 2008
    Location
    England
    Posts
    481
    Thank Post
    50
    Thanked 30 Times in 23 Posts
    Rep Power
    23
    ** Forgot to mention I did get a refund, only got it yesterday though after much dispute.
    Now we're left with a cr*p old smartcache box that doesn't do what we want. Solutions like SmoothWall are too costly for us

    Just trying to find the easiest and most affordable solution for transparent BYOD filtering.

  10. #10

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,921
    Thank Post
    1,626
    Thanked 1,893 Times in 1,407 Posts
    Blog Entries
    2
    Rep Power
    429
    You wouldnt need a UTM device with smoothwall. I think they have software which you can put onto a machine (I think). @tom_newton can you clarify in case I am going crazy please?

  11. #11
    BassTech's Avatar
    Join Date
    Nov 2008
    Location
    England
    Posts
    481
    Thank Post
    50
    Thanked 30 Times in 23 Posts
    Rep Power
    23
    Quote Originally Posted by nephilim View Post
    You wouldnt need a UTM device with smoothwall. I think they have software which you can put onto a machine (I think). @tom_newton can you clarify in case I am going crazy please?
    Oh ok, I didn't know that - have requested a free trial from them, see what they can offer.

  12. #12
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,478
    Thank Post
    515
    Thanked 287 Times in 263 Posts
    Rep Power
    81
    OR get rid of the SmartCache 2 and use the linux server and install Dansguardian/Squid anyway!! therefore alleviating you of the stresses of a smartcahe!

    Plenty of guides to do so,

    All you do then is allow your IP Range for BYOD in the exceptions rule and they wont get filtered.

  13. #13
    BassTech's Avatar
    Join Date
    Nov 2008
    Location
    England
    Posts
    481
    Thank Post
    50
    Thanked 30 Times in 23 Posts
    Rep Power
    23
    Quote Originally Posted by cpjitservices View Post
    OR get rid of the SmartCache 2 and use the linux server and install Dansguardian/Squid anyway!! therefore alleviating you of the stresses of a smartcahe!

    Plenty of guides to do so,

    All you do then is allow your IP Range for BYOD in the exceptions rule and they wont get filtered.
    I am trying to do this, but Linux isn't my forte - I follow the guides word for word and Linux does something completely different every time :/

  14. #14

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,921
    Thank Post
    1,626
    Thanked 1,893 Times in 1,407 Posts
    Blog Entries
    2
    Rep Power
    429
    No chance. Linux is quite straight forward if you follow the guides. It could be that you are using a different flavour of linux than listed in the guide which is where it could be causing issues. Otherwise it is solid as a rock.

  15. #15
    BassTech's Avatar
    Join Date
    Nov 2008
    Location
    England
    Posts
    481
    Thank Post
    50
    Thanked 30 Times in 23 Posts
    Rep Power
    23
    Quote Originally Posted by nephilim View Post
    No chance. Linux is quite straight forward if you follow the guides. It could be that you are using a different flavour of linux than listed in the guide which is where it could be causing issues. Otherwise it is solid as a rock.
    Must be the guide then. I'm using the exact same version and some of the commands listed won't even run.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Exchange 2007 - Setting up mobile access to email
    By Iain.Faulkner in forum Windows Server 2008
    Replies: 9
    Last Post: 21st May 2012, 02:12 PM
  2. Has anyone set up a email to bt text message gateway?
    By robk in forum Netbooks, PDA and Phones
    Replies: 6
    Last Post: 20th October 2008, 01:29 PM
  3. Setting up remote access to staff user accounts
    By firefox_2006 in forum How do you do....it?
    Replies: 9
    Last Post: 19th May 2008, 12:30 PM
  4. Replies: 27
    Last Post: 27th December 2006, 11:54 PM
  5. Replies: 3
    Last Post: 16th February 2006, 12:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •