ClearFoundation

I also was having the same issue. Dansguardian is tricky that way from my experience. You will have to put a bypass rule into iptables to fix it.

wiki.squid-cache.org/KnowledgeBase/Trans...ProxySelectiveBypass

Thank you for the link but, that would seem to do the exact same thing as the line I previously mentioned does. It just adds a new table called 'BYPASS' instead.

However, in trying it, I did find the solution which my pee brain never thought of until now; allow port 80 to be opened on outgoing connections and then use the iptable line:



No one ever mentioned it though and I never thought of it because I assumed that by adding the iptables line to accept destination port 80, it would allow the outgoing traffic. (I'm no expert in iptables!)

However, i don't understand why adding the Xbox360's IP to the exempt list on the webconfig doesn't already invoke this line and open the port. Nonetheless, this is what works and I am now happy.


Thank you to everyone!

Prerouting is applied to traffic just before it leaves, and effectively permits your outbound packets to hop over the fence which prevents port 80 traffic leaving the LAN unless it goes through the proxy.

Hmm wwhen I first looked at this thread, the webconfig proxy bypass worked, and inserted the correct iptables prerouting rule to permit traffic to get round the proxy. Now it doesn't seem to work... i'll investigate!

EDIT: Nope still OK, if you add a host to the webconfig, you should notice a new rule in PREROUTING 'iptables -L -n -v -t nat'

Hmm... I do not observe any change in those particular chains unless I add the local IP to the web site bypass on the web proxy page. However, this is no use as this seems to only affect the destination (which would be a web site and not the local IP).

When adding the IP to the content filter's exempt list, those chains stay the exact same. However, I know the exempt list works because I have my laptop exempted from the content filter.

I am sorry if this seems to be a N00B question, but N00B I am!

I am having similar issues with my Xbox 360 not being able to access the marketplace. The easiest way to resolve this issue would simply be to add a 3rd NIC, designate it as a DMZ., then assign a static I.P. address to the Xbox and connect it directly to that NIC... correct?

If I understand how ClearOS works, anything connected to the DMZ NIC (either directly, or via a dedicated DMZ switch) will completely bypass the content filter, right? Will all other services by bypassed as well?

I just realized that the DMZ option will not work in my case, because I stream video from a desktop on my network to my xBox360 using a Xbox extender. Creating a DMZ would break that, if I understand the concept of a DMZ.

I tried to follow the tutorial on installing minupnp, but my x64 6.2 clearOS box tells me that wget is not a valid command.

Suggestions?

yum install miniupnpd

Note miniupnpd - has two 'i's - not one as in your append... typo I presume.

Know nothing re. Xbox so that's all from me...

NB You can install wget with

yum install wget

For the sake of simplicity, I would normaly go for miniupnpd, but I'm looking for a way to do this with out uPnP

We use Clear OS for LAN-parties, but consoles are always an issue. Unfortunately we can't be without the content filter and these days most Torrent clients and other p2p services uses uPnP... So in minutes we would have unwanted seeding from all the people forgetting that they have left their torrent client running..

So if i understood correctly, placing an xbox in a Hotlan could solve the issue, even though content filtering and proxy is enabled?

Thanks for the information Tony. That got me closer (and yes, that was a typo)

I was able to successfully install the newest x64 version of miniupnpd. Now I am having issues with the following code...

And again I apologize in advance for my lack of understanding. I am still trying to wrap up my knowledge base on working int he Linux environment

##
#MINIUPNPD required tables
##
IPTABLES=/sbin/iptables
#EXTIF= (not required as uses automagic to determine WAN, can be manually specified)
#adding the MINIUPNPD chain for nat
$IPTABLES -t nat -N MINIUPNPD
#adding the rule to MINIUPNPD
$IPTABLES -t nat -A PREROUTING -i $EXTIF -j MINIUPNPD

#adding the MINIUPNPD chain for filter
$IPTABLES -t filter -N MINIUPNPD
#adding the rule to MINIUPNPD
$IPTABLES -t filter -A FORWARD -i $EXTIF -o ! $EXTIF -j MINIUPNPD

I understand that the "#" indicates a REM statement. I also discovered by trial and error that the lines that start with $ actually need to be typed without the $

$IPTABLES -t nat -N MINIUPNPD completed successfully
$IPTABLES -t nat -A PREROUTING -i $EXTIF -j MINIUPNPD is not. I keep getting an error stating that the line cannot complete due to an invalid command.

Also, I don't suppose there is a way to access the command line via the web GUI interface is there? I am currently at work, but it is a slow day, and would like to spend some time working on this issue remotely.

Christer Jonassen wrote:
For the sake of simplicity, I would normaly go for miniupnpd, but I'm looking for a way to do this with out uPnP

We use Clear OS for LAN-parties, but consoles are always an issue. Unfortunately we can't be without the content filter and these days most Torrent clients and other p2p services uses uPnP... So in minutes we would have unwanted seeding from all the people forgetting that they have left their torrent client running..

So if i understood correctly, placing an xbox in a Hotlan could solve the issue, even though content filtering and proxy is enabled?

I believe that is correct but, you can also just add a iptables rule to allow the Xbox to bypass the proxy as previously mentioned. I documented what ended up working for me here:

csmartonline.com/blog/2012/01/23/clearos...filter-and-xboxlive/

I use a transparent proxy by the way and I'm assuming you are too. If you're not, I'm not sure if this works for you or not. Either way, be sure to check that your proxy is still working as expected before making the change permanent.