CacheGuard Help

Hi
I'm trying to install CacheGuard deployed from OVA distribution.
Everything went OK untill I tried to see how it's work .
I did everything how instruction says but all the time from client side have error 1009 the remote domain is unreachable at this moment ; in web access log : status 503, peer:Hier Direct .
The only one thing which is not exactly like in the instruction is that external NIC is not in external network where is internet router.
But routing is OK and I ping external websites but downloading from them is impossible.
So I'm asking for help what I can check or do in another way ?

Best Regards

Dear Tomek

Could you please check if your other frontal appliances (router, firewall, proxy...) allow Web traffic from your CG to the Internet? They should allow DNS (UDP 53) and HTTP (TCP 80) at least. Did you ping an external IP address or a name?

Best Regards,

Hi
Network traffic through port 80 is allowed to network where is externel NIC . Of course not directly but through NAT. I even moved PC computer to this network and I can browse Internet freely .
UDP 53 is blocked. I use our internal DNS Servers.
I can ping external servers by address as well as by name.
I don't see any log where I can check transmission beetwen CG and external site .
Is it any possibility to increase what CG logs to check where is error in connection between CG and Internet ?

Best Regards

Hi

Could you please send me the result of the following commands: Best Regards,

To examine CG logs in real time you can activate the Web auditing module and depending on your needs you can activate or deactivate different log types. To activate the Web auditing module, web access and firewall logging use the following commands:
The Web auditing is then accessible at: https://<your-internal-ip>:8091
(8091 is the default port)

Are you trying to implement CG in transparent mode or in explicit mode (with your navigator using it's internal IP address as a Web proxy on port 8080)?
(8080 is the default Web proxy port)

Best Regards,

Hi
Searching through Web auditing doesn't say me anything what happens in communication beetwen squid and destination.
No info about why squid/CG can't download pages from internet.
I'm trying to implement CG in explicit mode and of course my IE has set web proxy on port 8080.
Output from command should I put on forum or send it to you ?

Best Regards
Tomek

Hi Tomek

It seems that you have a connectivity issue and CG never receives Web requests from your client. Could you please send us the result of commands that David asked?

Kind Regards,

Hi
Bellow are responses :

admin@cacheguard> link bond

bond internal eth0
bond external eth1
bond auxiliary <null>

admin@cacheguard> ip

ip internal 10.101.1.89 255.255.255.0
ip external 192.168.202.130 255.255.255.0
ip auxiliary 0.0.0.0 0.0.0.0
ip internal.0 0.0.0.0 0.0.0.0
ip internal.101 0.0.0.0 0.0.0.0

admin@cacheguard> ip route

ip route default 192.168.202.1

admin@cacheguard> dns

dns 10.101.1.15
10.101.1.17

admin@cacheguard> access web

access web <null>

Best Regards
Tom

Hi Tomek

Thank you for your inputs. I assume that your IE is configured to use 10.101.1.89:8080 proxy. Right?

I noticed that you created a tagged VLAN having the id 101. As no IP address is assigned to it could you confirm that the vlan mode is turned off by using the following command:
Also in a previous post you mentioned that you use CG in a VM. I need to know what type of networks you use for CG (host only, bridged or NAT). Please give us that information for each CG interface (internal and external).

Best Regards,

Hi
Yes IE is configured to use 10.101.1..89:8080.
I've created VLAN fot testing purposes but no IP address is assigned to it.
mode vlan off
Both of CG interfaces are bridged .

Best Regards
Tomasz A.