Invalid URL error using NAT rule

discuss about artica with HTTP proxy products (Squid,squidguard, clamav...)

Invalid URL error using NAT rule

New postby alfasupport » Fri Apr 08, 2016 3:18 pm

Dear,
I am brand new in Artica Proxy and I need urgent help :)

I have implemented Artica Web Proxy in my network - how I did it you can see in attachment. So, there is one Ethernet port within Artica appliance connected to Mikrotik router.
I need to filter all port 80/443 traffic coming from LAN, and I don't want to mess with user's browsers (this solution with browsers is working anyway).
I've decided to redirect all 80/443 traffic from Mikrotik to Artica.
Tried with Mikrotik listeners provided by Artica - somehow it is not working - traffic is not redirected at all.
Now I am trying with simple dst-nat from Mikrotik to Artica's default listener port 3128. And - yes, traffic is forwarded but web pages are unreachable - I am getting error page from Artica informing me about invalid URL: domain part is missing!!!
I am very confused at this moment - and any help will be more than welcome!

Thank you in advance...

Predrag Milenkovic
Attachments
ArticaWebProxy.jpg
Artica proxy setup
ArticaWebProxy.jpg (22.7 KiB) Viewed 3410 times
alfasupport
 
Posts: 3
Joined: Fri Apr 08, 2016 3:00 pm
Location: Serbia
Artica servers number: 1
Linux System: Debian
Technical skills: Microsoft Windows skills

Re: Invalid URL error using NAT rule

New postby admin » Sat Apr 09, 2016 10:09 am

If you want to use NAT method, you should use this way

http://artica-proxy.com/tranparent-prox ... at-method/
User avatar
admin
Site Admin
 
Posts: 11942
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Invalid URL error using NAT rule

New postby alfasupport » Sun Apr 10, 2016 11:03 am

Dear,

I did it according your instructions (create Artica listen port with "Firewall NAT Compatibility" and set dst-nat rule in Mikrotik to send packages to this Artica port). It is working just fine now. Thanks for this!

What I see now in Artica Events is IP Address of Mikrotik - not of device sent the request. Is there any way to fix this?

Also, I've created simiral port with Firewall NAT Compatibility and Mikrotik rule for SSL traffic. Now I'm getting certification error instead of requested or Artica block page. What is wrong in my setup?

Best regards,

Predrag
alfasupport
 
Posts: 3
Joined: Fri Apr 08, 2016 3:00 pm
Location: Serbia
Artica servers number: 1
Linux System: Debian
Technical skills: Microsoft Windows skills

Re: Invalid URL error using NAT rule

New postby admin » Sun Apr 10, 2016 1:02 pm

Using NAT port, it is normal that the source IP address is the Firewall, there are no way for that.
According the SSL warning, this is normal too, your browser expect the real certificate but this is the proxy certificate sended.
You have to install the proxy certificate in browsers in order to avoid this issue.
Using the NAT method this is the only way to hook TCP connections and forward them to the proxy.

AN another method is to use full transparent but it require to use the proxy as the main gateway when using Internet.

Computers -> gateway -> Proxy gateway -> Internet router -> Internet

or
Computers -> proxy gateway -> router -> Internet.
User avatar
admin
Site Admin
 
Posts: 11942
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Invalid URL error using NAT rule

New postby alfasupport » Sun Apr 10, 2016 10:38 pm

I definitely need solution providing original source IP address - with mikrotik as a gateway for LAN PCs.
Will attached scenario do the job? If so, which of Artica's transparency options I need for this?
Attachments
ArticaWebProxy v2.jpg
v2
ArticaWebProxy v2.jpg (59.79 KiB) Viewed 3390 times
alfasupport
 
Posts: 3
Joined: Fri Apr 08, 2016 3:00 pm
Location: Serbia
Artica servers number: 1
Linux System: Debian
Technical skills: Microsoft Windows skills


Return to Squid & Web filtering

Who is online

Users browsing this forum: No registered users and 5 guests

cron