Ticket #644 (closed defect: worksforme)
|Reported by:||priyend@…||Owned by:||juruen@…|
I have the following set up with version 0.9.x.
HTTP proxy enabled and set to transparent with group policy to allow all.
When I try to go to the following site:
I get a time out.
The reason is that the port 2086 is non standard such as port 80 or 443.
I then use the web interface and go to Firewall->Packet Filter and choose
Configure rules under "Filtering Rules between internal networks"
I then add a simple rule to allow any port to any source and any destination. This would then mean that I will be able to go to the above site.
This does not work.
I log in as root and then type in :
iptables -A OUTPUT -j ACCEPT
Once this is done then I can easily go to the site above with no problems.
I know that it is not a good idea to simply allow any port to any source and destination. The above is just for simplicity.
Anyway after invesitgation I found that the web interface only adds a line to the "Chain ffwdrules" section which in turn only affects the "FORWARD" section of the iptables firewall.
The correct place to have put the rule is in the OUTPUT section but there is no way of doing that from the web interface.
On another note I also found that restarting the ebox firewall or ebox system, my iptables rule above dissapears. I have to log in and type it in manually.
The firewall packet rules need to be looked at. Some sites cannot be reached unless we write our own rules using the console.