I fixed the problem. It was with a combination of ACLs and http allowed statements.

As an alternative solution, can you define both NIC's as LAN and add your own firewall rules to isolate the two LAN's? I am not sure what other firewall rules a HotLAN generates, but these can probably be done manually as well. My only concern would be that the proxy may allow you to bypass the firewall between the LAN's.

If you don't want users to need passwords, turn of authentication in the proxy settings.

I'm afraid I can't really help with the proxy setting as it is not an app I use. I don't think the proxy is meant to work with the HotLAN, but I assume you can manually configure it by copying the settings from the normal LAN. Also check the firewall, especially the nat table ("iptables -nvL -t nat"), in case you need anything there.

I don't actually want the users to authenticate. When I tried commenting out the line "acl password proxy_auth REQUIRED" Squid would not start.

Here is the squid.conf file:

cat squid.conf
#
# Authentication
#
include /etc/squid/squid_auth.conf

#
# Access control lists
#

# ClearOS LAN definitions (webconfig_lan and webconfig_to_lan) are generated automatically
include /etc/squid/squid_lans.conf

# ClearOS Web Access Control: access control lists
include /etc/squid/squid_acls.conf

acl SSL_ports port 443
acl SSL_ports port 81

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 81
acl Safe_ports port 82
acl Safe_ports port 83

acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain sls.microsoft.com
acl windowsupdate dstdomain productactivation.one.microsoft.com
acl windowsupdate dstdomain ntservicepack.microsoft.com

acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com

# County subnets permitted
acl guestnet src 10.4.120.0/22

acl password proxy_auth REQUIRED

#
# Access permissions
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# User-defined whitelists
include /etc/squid/squid_whitelists.conf

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports

# Access rules
http_access allow localhost

# County subnets permitted
http_access allow guestnet

# Windows update
http_access allow CONNECT wuCONNECT webconfig_lan
http_access allow windowsupdate webconfig_lan


# ClearOS Web Access Control: http_access settings
http_access allow webconfig_to_lan
include /etc/squid/squid_http_access.conf
http_access allow webconfig_lan

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
include /etc/squid/squid_http_port.conf
http_port 10.4.120.15:3128

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 10240 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

# Error handling
error_directory /var/clearos/web_proxy/errors

# Logging
access_log stdio:/var/log/squid/access.log squid

# X-Forwarding
follow_x_forwarded_for allow localhost
forwarded_for delete

# Shutdown time
shutdown_lifetime 10 seconds

# Sizes
maximum_object_size 512000 KB
reply_body_max_size none

# IPv4 only for now
dns_v4_first on

# eCAP configuration include
include /etc/squid/squid_ecap.conf

File not attached. If not too long it is probably better to paste the contents between code tags.

If you're using Windows, for File Management and editing, have a look at WinSCP and for a remote console, PuTTy. You can copy text from PuTTy just by selecting it with the mouse, and paste into it by right-clicking.

squid.conf file attached.

I found the http_port.conf file and it said:
# Created automatically based on network configuration
http_port localhost6:3128
http_port localhost4:3128
http_port 10.6.10.31:3128

I added http_port 10.4.120.15:3128 and changed my browser proxy settings to that port and I now get an error web page that says:

"Web Site Status Access denied" which is progress. I will work on it from that perspective. Apparently the ClearOS interface did not add add the necessary port setting for the ethernet interface.

I will attach my squid.conf file as soon as I can figure out how to download it. There does not seem to be an FTP client installed on ClearOS and I have not found one in the Marketplace.

I found the Squid config files and here are the contents of the squid_lans.conf file:

# Created automatically based on network configuration
acl webconfig_lan src 10.6.10.0/24
acl webconfig_to_lan dst 10.6.10.0/24

Do I have to add entries for the permitted client lans? I have not yet been able to find good examples for this file.

Yes, it is.

Does anyone know if the Web Proxy Server (2.3.4-1) is actually Squid?

Oh bother. You have a VM. I'm afraid that is not a set up I am familiar with or able to diagnose.

[root@clearos2 ~]# lspci -k | grep Eth -A 2
0b:00.0 Ethernet controller: VMware VMXNET3 Ethernet Controller (rev 01)
Subsystem: VMware VMXNET3 Ethernet Controller
Kernel driver in use: vmxnet3
Kernel modules: vmxnet3
13:00.0 Ethernet controller: VMware VMXNET3 Ethernet Controller (rev 01)
Subsystem: VMware VMXNET3 Ethernet Controller
Kernel driver in use: vmxnet3
Kernel modules: vmxnet3
1b:00.0 Ethernet controller: VMware VMXNET3 Ethernet Controller (rev 01)
Subsystem: VMware VMXNET3 Ethernet Controller
Kernel driver in use: vmxnet3
Kernel modules: vmxnet3

With a sideways jump, can you give the output to "lspci -k | grep Eth -A 2".