Linux behind ISA

Printable View

November 12th, 2002, 04:29 PM
t2k2

Linux behind ISA

In the spirit of technical discussion, I've got one for you guys. I have tried everything that comes to mind, but I cannot get my RH 7.2 machines to connect to the internet from behind an ISA server. I end up having to temporarily put it on the Firewall directly. Does anyone have any suggestions. I tried configuring the necessary information in Netscape for the proxy, but this still doesn't work. The connection is being dropped so it seems. Any help would be appreciated. I wasn't sure where to put this since it was behind an ISA server, but using a Linux box, so I put it in Misc. My search didn't turn up much here or on google.

Thanks,

t2k2
November 12th, 2002, 05:09 PM
iNViCTuS

I have done this in the past and haven't had any problems with it as long as all the proxy settings were correct. Have you tried connecting with a different type of box from behind the proxy, and also are you using any type of proxy authentication? Without more details, I don't know what else to suggest other than making sure all your browser settings are correct including the port number (are you using 8080?). Perhaps try telnetting to whatever port you are using and make sure it doesn't timeout

Give me some more info, and I will try to help some more
November 12th, 2002, 05:45 PM
t2k2

Yeah, sorry about that. I configured it to use 80, and I made sure that the ISA server's name/address was correct. Did you have to add anything special to the proxy server to accept requests from your Linux box?
November 12th, 2002, 05:53 PM
Sgt_B

You have to allow use of the proxy for the RH machine.
On the ISA, create a client address set using the RH's IP address. Then create Access Policy Rules (Protocol mainly) allowing http access, and apply it to the client set you created for your nix machine.
That should work just fine for you. Assuming this is in fact an ISA problem.
November 12th, 2002, 06:41 PM
Binary_01

Did you check your routes? Is the ISA your default Gateway? What about DNS? can you ping through it?
November 12th, 2002, 06:54 PM
Tigerdaz

In my limited experience with ISA server and ahving a bit of grief myself with some clients you said you had proxy on the client configured to port 80 my understanding is that ISA uses 8080 as its defualt have you tried that ? and do you have any filters set on the ISA server ?
November 12th, 2002, 07:05 PM
Tedob1

how is your ISA server configured ie, caching proxy, firewall only both

do you use dhcp on your network and if so is rh's dhcp client turned on

if not are your tcp/ip setting correct?
November 12th, 2002, 07:06 PM
iNViCTuS

if you are using the ISA as a proxy, then you should not even need a default gateway unless the ISA is on a different subnet from your box. If you are using it a firewall, then yes, you will need a gateway to be set. I am assuming you have tried the obvious, but I think Tigerdaz is correct in saying that the default is 8080. It has been a while, so I don't remember for sure though.

Have you tried it from a different machine yet, if that works, try that machine with the IP address of the linux box, you would then know immediately if it is a proxy issue or a client configuration issue. What was the result of the telnet to the proxy port?
November 12th, 2002, 10:20 PM
t2k2

This is the third machine I have tried it from. All of them are RH 7.2. We have configured the proxy for 80, even though 8080 may be the default. The current client address set that is defined includes the address that is assisgned to the RH boxes, and http, https, ...traffic is allowed. We are not using it as our firewall, so it doesn't need to be specified as the default GW. It's used mainly for caching and limiting Internet Access.
November 13th, 2002, 06:55 PM
iNViCTuS

hmmm...perhaps you should try a sniffer trace to find out what is going on. Is the traffic actually making it to the proxy, and if so, what the proxy doing with it.
November 13th, 2002, 09:45 PM
Sgt_B

Here's a simple question, but sometimes these things get overlooked. How is your browser set up on the clients? Are you specifying ISA as the proxy server?
I know...pretty obvious, but I had to ask.
:D
November 13th, 2002, 10:45 PM
t2k2

Yeah, I have set the proxy server in the preferences of Netscape. Also, I have checked the traffic from the the boxes in question, but there is nothing that points out an obvious explanation. Wait a minute, I just got an idea. I am going to try something and get back to you guys. I really appreciate the responses! :D