well lets start from 0...
it's wrong to use a 192.0.0.0/24 network as the rfc is 192.168.0.0/16
10.0.0.0/8 172... (dont remember thi 172 local mask)
i was wondering about your network address and mask from the logs.
in any case this connection is not suppose to work using the proxy
because the tunnel is on the local computer and the proxy cant access
this site.
you should start with a more complex wpad file and to set a DIRECT
directive on local networks such as 10.0.0.0/8 to make sure that the
browser will not use the proxy for the tunnel ip's http access.
in this link :
http://www.findproxyforurl.com/pac_file_examples.html
you can find examples for that.
Elizer
On 24/05/2012 17:22, Fosiul Alam wrote:
> Hi
>
> This domain : https://ameymdm.ameygroup.int/mobicontrol/
> this is not our domain, its not in our network.
>
> Bascially,
> "Jupiter Secuire Network Manager", is creating a tunnel from this pc
> to Clients Network
> Example :
> our network is : 192.0.0.0/24
>
> So its creating a a tunnel from this pc to Client Network
> the Ip of those tunnel is :
> 10.202.40.0/21
> 10.244.1.148
> 10.202.32.0/21
>
> and Internet exploer is using that tunnel to connect to that website ..
>
> Now When i am using a proxy setting by hand (no WPAD) , and trying
> to connect to the network, it does not work ..
>
> but my first question is :
> when I click on this link
> https://portal.amey.co.uk/dana/home/launch.cgi?url=https%3A%2F%2Fameymdm.ameygroup.int%2Fmobicontrol%2F
>
> it should take me to the website and ask for certifiate ...
> but why it does not do that ??
>
> about DNS : i am using proxy server's dns record .
>
> About the nslookup
>
> If i try from the pc where the tunnel is, from there if i run
> nslookup
> ameymdm.ameygroup.int
> it does not return anything ..
>
> i am so confused. dont understhand where to look for ..
>
>
>
>
>
>
> On Thu, May 24, 2012 at 2:50 PM, Eliezer Croitoru<eliezer_at_ngtech.co.il> wrote:
>> check what dns servers are used on the squid proxy machine.
>> how do you use squid? as a forward proxy server with wpad? manual browser
>> config? interception?
>> try to use nslookup tool from the local computer to the domain :
>> ameymdm.ameygroup.int
>>
>> next do it on the squid box and make sure they both work.
>>
>> if they do work from them both then make sure what dns servers are used in
>> squid.conf.
>>
>> another question: are you using the squid box as the network gateway?
>> network dhcp? network dns?
>>
>> Eliezer
>>
>>
>> On 24/05/2012 16:31, Fosiul Alam wrote:
>>>
>>> Hi
>>> Thanks for quick response
>>> yes, From external you cant access that link, i belived its internal
>>>
>>> let me tell you the steps
>>>
>>> a) We go to this website
>>> https://portal.amey.co.uk/supportproviders
>>> after providing username and password
>>> it will tell you to download juniper SEtup Client program.
>>> after the program installed , its created a tunnel from this pc to
>>> customer network
>>>
>>> b) then we go to anotehr page where we see a link which actually take us
>>> to
>>>
>>>
>>> https://portal.amey.co.uk/dana/home/launch.cgi?url=https%3A%2F%2Fameymdm.ameygroup.int%2Fmobicontrol%2F
>>>
>>> Now : if i dont use Squid, after click on that link it will give a
>>> Certificate error , then from their it will take you to
>>> https://ameymdm.ameygroup.int/mobicontrol/
>>>
>>> but From squid, when i click on bellow link
>>>
>>>
>>> https://portal.amey.co.uk/dana/home/launch.cgi?url=https%3A%2F%2Fameymdm.ameygroup.int%2Fmobicontrol%2F
>>>
>>> it will show a "The webpage cannot be found"
>>>
>>> so basically squid does not know how to go to that site
>>> dont why ..
>>>
>>> but when i try without squid,,
>>> same computer, same network its works perfectly ..
>>>
>>> Please give me light..
>>> fosiul
>>>
>>>
>>>
>>> On Thu, May 24, 2012 at 2:20 PM, Eliezer Croitoru<eliezer_at_ngtech.co.il>
>>> wrote:
>>>>
>>>> it seems like a dns problem.
>>>> this domain :ameymdm.ameygroup.int
>>>> is an internal one so squid should have access to this dns record.
>>>> you can try another solution by using exceptions in iptables for inside
>>>> ip's
>>>> servers.
>>>>
>>>> Eliezer
>>>>
>>>>
>>>> On 24/05/2012 16:11, Fosiul Alam wrote:
>>>>>
>>>>>
>>>>> Hi
>>>>> i am facing a wired behaviour from squid.
>>>>>
>>>>> we are trying to connect to via Jupiter windows secure application
>>>>> manager to a clients network via http( Soti Mobi Control)
>>>>>
>>>>> its works fine from outside of our network , even though from same
>>>>> internal network without squid proxy .. but when it try to go via
>>>>> squid, it does not able to resolve the address!!!
>>>>>
>>>>>
>>>>> example :
>>>>> after typing username and password , its goes to here
>>>>>
>>>>>
>>>>>
>>>>> https://portal.amey.co.uk/dana/home/launch.cgi?url=https%3A%2F%2Fameymdm.ameygroup.int%2Fmobicontrol%2F
>>>>>
>>>>> and it suppose to through a Certificate Error and from their it should
>>>>> go
>>>>> to
>>>>>
>>>>> https://ameymdm.ameygroup.int/mobicontrol/
>>>>> but it does not through any Certificate error not it goes to
>>>>>
>>>>> https://ameymdm.ameygroup.int/mobicontrol/
>>>>> instead of that its say :
>>>>>
>>>>> The webpage cannot be found
>>>>>
>>>>> i think its something to do with "https%3A%2F%2Fameymdm" which squid
>>>>> does not know how to parse.. there is not any deny in squid log.
>>>>> the log i get :
>>>>>
>>>>> 1337864980.578 33479 192.0.0.131 TCP_MISS/200 24512 CONNECT
>>>>> portal.amey.co.uk:443 - DIRECT/216.31.202.163 -
>>>>> 1337865025.716 0 192.0.0.131 TCP_MISS/404 0 CONNECT
>>>>> ameymdm.ameygroup.int:443 - DIRECT/- -
>>>>>
>>>>>
>>>>> Can any one help me to find out what happenning ...
>>>>>
>>>>> As i said, if i try without proxy, it works fine. but with proxy it does
>>>>> not ..
>>>>>
>>>>>
>>>>> Regards
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Eliezer Croitoru
>>>> https://www1.ngtech.co.il
>>>> IT consulting for Nonprofit organizations
>>>> eliezer<at> ngtech.co.il
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Eliezer Croitoru
>> https://www1.ngtech.co.il
>> IT consulting for Nonprofit organizations
>> eliezer<at> ngtech.co.il
>
>
>
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.ilReceived on Thu May 24 2012 - 17:22:35 MDT
This archive was generated by hypermail 2.2.0 : Fri May 25 2012 - 12:00:04 MDT