IPCop 1.4.21 and Copplus can ping outside but cannot browse.
Greetings Experts,
I have been using IPCop and DansGaurdian as a proxy / filter at our school for the past 5 years. Last week the HD crashed on that box so I figured it was time to build a new box. I have 2 Dell Dimensions so I used one of them to install IPCop 1.4.21 and CopPlus 2.2 ( I belive ).. running DansGuardian 1.4.1 anyway.
All in all, everything appears to be working just fine on the new IP Cop, with 1 MAJOR problem, I can ping outside, FTP outside, TELNET outside, but cannot browse past the Green Interface. Squid is running on both Red and Green interfaces ( these are all I'm using ), Proxy is up and Transparent on Green. Content filter is running. Can ping google, but cannot browse to it using IE.
I've read and read and appears is either DNS or more likely a proxy issue. NO logs in the proxy and sites never even get as far as the content filter. After many unsuccessful "tweeks", I was convinced I needed a complete reinstall. After doing that, same results.
Today I tried a new approach... found another Dell Dimension 2400 PC and installed everything on it using same methods as before. Same results, all services appear to be running fine, can ping outside, can telnet outside, etc... just no browsing outside from behind the IPCop. Any ideas on what I could be missing ?
I have been using IPCop and DansGaurdian as a proxy / filter at our school for the past 5 years. Last week the HD crashed on that box so I figured it was time to build a new box. I have 2 Dell Dimensions so I used one of them to install IPCop 1.4.21 and CopPlus 2.2 ( I belive ).. running DansGuardian 1.4.1 anyway.
All in all, everything appears to be working just fine on the new IP Cop, with 1 MAJOR problem, I can ping outside, FTP outside, TELNET outside, but cannot browse past the Green Interface. Squid is running on both Red and Green interfaces ( these are all I'm using ), Proxy is up and Transparent on Green. Content filter is running. Can ping google, but cannot browse to it using IE.
I've read and read and appears is either DNS or more likely a proxy issue. NO logs in the proxy and sites never even get as far as the content filter. After many unsuccessful "tweeks", I was convinced I needed a complete reinstall. After doing that, same results.
Today I tried a new approach... found another Dell Dimension 2400 PC and installed everything on it using same methods as before. Same results, all services appear to be running fine, can ping outside, can telnet outside, etc... just no browsing outside from behind the IPCop. Any ideas on what I could be missing ?
Who is Participating?
You con exclude a DNS issue by pinging Google; I suppose obviously you ping Google by name, not only by its numerical IP address.
Check in Services > Proxy that you have enabled proxy on green, not only "transparent".
Check that you have enough RAM and enough disk space in System > Status. It once happened to me that Copplus wasn't working because of a lack of memory. If you have no room left over, clear cache in Services > Memory, and adapt the maximal size of the cache on the same page.
And tell me...
Alternative: install Squidguard or Urlfilter instead of Copplus. You will loose the control on heavy words contented on the pages, but generally, filtering only on domains and URLs give good results.
Check in Services > Proxy that you have enabled proxy on green, not only "transparent".
Check that you have enough RAM and enough disk space in System > Status. It once happened to me that Copplus wasn't working because of a lack of memory. If you have no room left over, clear cache in Services > Memory, and adapt the maximal size of the cache on the same page.
And tell me...
Alternative: install Squidguard or Urlfilter instead of Copplus. You will loose the control on heavy words contented on the pages, but generally, filtering only on domains and URLs give good results.
Thanks for the suggestion pfrancois, I had the same feeling about DNS but some of the literature I was reading kept referring back to that possibility. I was indeed pinging "google.com" and it all worked just fine. Proxy IS enabled as well as transparent. Both of these boxes have 1 Gb of RAM in them so I'd be surprised if any RAM issues or hd space. When I get a chance later today I will look at the interface and see how the RAM is utilized and how much disk is available and report back... I just forgot to turn on remote access on the second box last night and that is how I would have to access it from this room.
Regarding the alternative, I have considered trying a different path but I know that IPCop and Dans has been so successful for me in past experiences I would sure like to try to figure this out before I "jump ship" and use a different configuration. I'll post back when I get the usage info.
Regarding the alternative, I have considered trying a different path but I know that IPCop and Dans has been so successful for me in past experiences I would sure like to try to figure this out before I "jump ship" and use a different configuration. I'll post back when I get the usage info.
Ow! Something must be broken with Copplus
On one of my last configurations ramining with Copplus, I noticed blacklists were no longer updated, so that the updating of the blacklist is failing.The only blacklist still working seemed to be http://squidguard.mesd.k12.or.us/blacklists.tgz, to be updated in Services > Content filter (below on the page).
I downloaded that blacklist and since then, no more http traffic possible, like in your case. By chance, it is dinner time, so nobody saw the Internet was down. I removed the copplus addon. Now, I don't have filtering, but I still need to fix this asap.
I installed Cop+ 3 (previous version was 2.1b afair) and this seems to work.
On one of my last configurations ramining with Copplus, I noticed blacklists were no longer updated, so that the updating of the blacklist is failing.The only blacklist still working seemed to be http://squidguard.mesd.k12.or.us/blacklists.tgz, to be updated in Services > Content filter (below on the page).
I downloaded that blacklist and since then, no more http traffic possible, like in your case. By chance, it is dinner time, so nobody saw the Internet was down. I removed the copplus addon. Now, I don't have filtering, but I still need to fix this asap.
I installed Cop+ 3 (previous version was 2.1b afair) and this seems to work.
pfrancois,
I apologize for not getting back to this project until today. Too many irons in the fire. I did notice the same thing with the blacklists no longer working and I followed your same path to the hhttp://squidguard.mesd.k12.or.us/blacklists.tgz site. Sounds like the same issue as I too am running 2.1b. With Cop+ 3, do the blacklist updates work ?? If so, does it use Dan's or another filtering product ?? My hunch is that you are on the right track as it sounds too similar of an issue to not be worth a try. I am amazed that there isn't more "chatter" on their site or anywhere else for that matter about such a significant problem. I will keep you posted as I try this method.
I apologize for not getting back to this project until today. Too many irons in the fire. I did notice the same thing with the blacklists no longer working and I followed your same path to the hhttp://squidguard.mesd.k12.or.us/blacklists.tgz site. Sounds like the same issue as I too am running 2.1b. With Cop+ 3, do the blacklist updates work ?? If so, does it use Dan's or another filtering product ?? My hunch is that you are on the right track as it sounds too similar of an issue to not be worth a try. I am amazed that there isn't more "chatter" on their site or anywhere else for that matter about such a significant problem. I will keep you posted as I try this method.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
Since Cop+ 3 is not shipped as an addon, you will have to copy the tgz archive on IPCop, to untar it and to execute a script, but it worked right out of the box. The blacklists are also updating.
Very strange indeed that there was so few information available about that issue.