Installing Problems

Discuss and get help to implement a CacheGuard Gateway into your networks
Tomek
Posts: 6
Joined: 30 Mar 2016 09:44

Installing Problems

Post by Tomek »

Hi
I'm trying to install CacheGuard deployed from OVA distribution.
Everything went OK untill I tried to see how it's work .
I did everything how instruction says but all the time from client side have error 1009 the remote domain is unreachable at this moment ; in web access log : status 503, peer:Hier Direct .
The only one thing which is not exactly like in the instruction is that external NIC is not in external network where is internet router.
But routing is OK and I ping external websites but downloading from them is impossible.
So I'm asking for help what I can check or do in another way ?

Best Regards
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Installing Problems

Post by david »

Dear Tomek

Could you please check if your other frontal appliances (router, firewall, proxy...) allow Web traffic from your CG to the Internet? They should allow DNS (UDP 53) and HTTP (TCP 80) at least. Did you ping an external IP address or a name?

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
Tomek
Posts: 6
Joined: 30 Mar 2016 09:44

Re: Installing Problems

Post by Tomek »

Hi
Network traffic through port 80 is allowed to network where is externel NIC . Of course not directly but through NAT. I even moved PC computer to this network and I can browse Internet freely .
UDP 53 is blocked. I use our internal DNS Servers.
I can ping external servers by address as well as by name.
I don't see any log where I can check transmission beetwen CG and external site .
Is it any possibility to increase what CG logs to check where is error in connection between CG and Internet ?

Best Regards
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Installing Problems

Post by david »

Hi

Could you please send me the result of the following commands:

Code: Select all

link bond
ip
ip route
dns
access web
Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Installing Problems

Post by david »

To examine CG logs in real time you can activate the Web auditing module and depending on your needs you can activate or deactivate different log types. To activate the Web auditing module, web access and firewall logging use the following commands:

Code: Select all

admin waudit on
log type web on
log type firewall on
apply
The Web auditing is then accessible at: https://<your-internal-ip>:8091
(8091 is the default port)

Are you trying to implement CG in transparent mode or in explicit mode (with your navigator using it's internal IP address as a Web proxy on port 8080)?
(8080 is the default Web proxy port)

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
Tomek
Posts: 6
Joined: 30 Mar 2016 09:44

Re: Installing Problems

Post by Tomek »

Hi
Searching through Web auditing doesn't say me anything what happens in communication beetwen squid and destination.
No info about why squid/CG can't download pages from internet.
I'm trying to implement CG in explicit mode and of course my IE has set web proxy on port 8080.
Output from command should I put on forum or send it to you ?

Best Regards
Tomek
User avatar
charles
Site Admin
Posts: 41
Joined: 06 Nov 2014 16:23
Location: Paris
Contact:

Re: Installing Problems

Post by charles »

Hi Tomek

It seems that you have a connectivity issue and CG never receives Web requests from your client. Could you please send us the result of commands that David asked?

Kind Regards,
Charles Tajvidi
IT Technical Architect
http://www.cacheguard.com
Tomek
Posts: 6
Joined: 30 Mar 2016 09:44

Re: Installing Problems

Post by Tomek »

Hi
Bellow are responses :

admin@cacheguard> link bond

bond internal eth0
bond external eth1
bond auxiliary <null>

admin@cacheguard> ip

ip internal 10.101.1.89 255.255.255.0
ip external 192.168.202.130 255.255.255.0
ip auxiliary 0.0.0.0 0.0.0.0
ip internal.0 0.0.0.0 0.0.0.0
ip internal.101 0.0.0.0 0.0.0.0

admin@cacheguard> ip route

ip route default 192.168.202.1

admin@cacheguard> dns

dns 10.101.1.15
10.101.1.17

admin@cacheguard> access web

access web <null>

Best Regards
Tom
User avatar
charles
Site Admin
Posts: 41
Joined: 06 Nov 2014 16:23
Location: Paris
Contact:

Re: Installing Problems

Post by charles »

Hi Tomek

Thank you for your inputs. I assume that your IE is configured to use 10.101.1.89:8080 proxy. Right?

I noticed that you created a tagged VLAN having the id 101. As no IP address is assigned to it could you confirm that the vlan mode is turned off by using the following command:

Code: Select all

mode vlan
Also in a previous post you mentioned that you use CG in a VM. I need to know what type of networks you use for CG (host only, bridged or NAT). Please give us that information for each CG interface (internal and external).

Best Regards,
Charles Tajvidi
IT Technical Architect
http://www.cacheguard.com
Tomek
Posts: 6
Joined: 30 Mar 2016 09:44

Re: Installing Problems

Post by Tomek »

Hi
Yes IE is configured to use 10.101.1..89:8080.
I've created VLAN fot testing purposes but no IP address is assigned to it.
mode vlan off
Both of CG interfaces are bridged .

Best Regards
Tomasz A.
Post Reply