IPCop 1.4.21 and Copplus can ping outside but cannot browse.

Greetings Experts,
       I have been using IPCop and DansGaurdian as a proxy / filter at our school for the past 5 years.  Last week the HD crashed on that box so I figured it was time to build a new box.  I have 2 Dell Dimensions so I used one of them to install IPCop 1.4.21 and CopPlus 2.2 ( I belive ).. running DansGuardian 1.4.1 anyway.  
       All in all, everything appears to be working just fine on the new IP Cop, with 1 MAJOR problem, I can ping outside, FTP outside, TELNET outside, but cannot browse past the Green Interface.   Squid is running on both Red and Green interfaces ( these are all I'm using ), Proxy is up and Transparent on Green.   Content filter is running.   Can ping google, but cannot browse to it using IE.
       I've read and read and appears is either DNS or more likely a proxy issue.   NO logs in the proxy and sites never even get as far as the content filter.  After many unsuccessful "tweeks", I was convinced I needed a complete reinstall.   After doing that, same results.
        Today I tried a new approach... found another Dell Dimension 2400 PC and installed everything on it using same methods as before.   Same results, all services appear to be running fine, can ping outside, can telnet outside, etc... just no browsing outside from behind the IPCop.    Any ideas on what I could be missing ?
ruralsolutionsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pierre FrançoisSenior consultantCommented:
You con exclude a DNS issue by pinging Google; I suppose obviously you ping Google by name, not only by its numerical IP address.

Check in Services > Proxy that you have enabled proxy on green, not only "transparent".

Check that you have enough RAM and enough disk space in System > Status. It once happened to me that Copplus wasn't working because of a lack of memory. If you have no room left over, clear cache in Services > Memory, and adapt the maximal size of the cache on the same page.

And tell me...

Alternative: install Squidguard or Urlfilter instead of Copplus. You will loose the control on heavy words contented on the pages, but generally, filtering only on domains and URLs give good results.
0
ruralsolutionsAuthor Commented:
Thanks for the suggestion pfrancois, I had the same feeling about DNS but some of the literature I was reading kept referring back to that possibility.  I was indeed pinging "google.com" and it all worked just fine.   Proxy IS enabled as well as transparent.   Both of these boxes have 1 Gb of RAM in them so I'd be surprised if any RAM issues or hd space.  When I get a chance later today I will look at the interface and see how the RAM is utilized and how much disk is available and report back... I just forgot to turn on remote access on the second box last night and that is how I would have to access it from this room.

Regarding the alternative, I have considered trying a different path but I know that IPCop and Dans has been so successful for me in past experiences I would sure like to try to figure this out before I "jump ship" and use a different configuration.  I'll post back when I get the usage info.
0
Pierre FrançoisSenior consultantCommented:
Ow! Something must be broken with Copplus

On one of my last configurations ramining with Copplus, I noticed blacklists were no  longer updated, so that the updating of the blacklist is failing.The only blacklist still working seemed to be http://squidguard.mesd.k12.or.us/blacklists.tgz, to be updated in Services > Content filter (below on the page).

I downloaded that blacklist and since then, no more http traffic possible, like in your case. By chance, it is dinner time, so nobody saw the Internet was down. I removed the copplus addon. Now, I don't have filtering, but I still need to fix this asap.

I installed Cop+ 3 (previous version was 2.1b afair) and this seems to work.
0
ruralsolutionsAuthor Commented:
pfrancois,
     I apologize for not getting back to this project until today.  Too many irons in the fire.   I did notice the same thing with the blacklists no longer working and I followed your same path to the hhttp://squidguard.mesd.k12.or.us/blacklists.tgz site.   Sounds like the same issue as I too am running 2.1b.   With Cop+ 3, do the blacklist updates work ??   If so, does it use Dan's or another filtering product ??   My hunch is that you are on the right track as it sounds too similar of an issue to not be worth a try.   I am amazed that there isn't more "chatter" on their site or anywhere else for that matter about such a significant problem.  I will keep you posted as I try this method.
0
Pierre FrançoisSenior consultantCommented:
Indeed, in my case, the issue was fixed by upgrading to Cop+ 3. You will have to uninstall first Copplus 2.1 through the addon interface.

Since Cop+ 3 is not shipped as an addon, you will have to copy the tgz archive on IPCop, to untar it and to execute a script, but it worked right out of the box. The blacklists are also updating.

Very strange indeed that there was so few information available about that issue.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.