OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: godfather007 on February 07, 2019, 10:45:00 am
-
Hi,
i'm trying to follow the webproxy setup.
Manually the webproxy works with manual settings to 3128 but now i want to change it to transparent.
My setup is:
client @ vlanX (10.80.24.0/24)
opnwebprxy @ vlanY (10.80.25.32)
Through opngateway (10.80.5.1) i try to create a NAT rule to forward http & https to that 10.80.25.32.
The squid answers:
The following error was encountered while trying to retrieve the URL: /
Invalid URL
Some aspect of the requested URL is incorrect.
Some possible problems are:
Missing or incorrect access protocol (should be http:// or similar)
Missing hostname
Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed.
"Transparent" is already enabled on squid.
I did not enable the CA yet but im first testing it with a non-ssl site.
So: @
interface vlanX
ipv4tcp
source: vlanXnet
source-range: any any
dest: any
dest-range: http http
redirect: 10.80.25.32
target-port: 3128
enable nat-reflection
rule NAT
Moved the rules on the top as i've read this somewhere.
Any idea what i could be missing?
Thanks
-
Transparent can only run on the device doing the redirect. You could run a local squid and configure an upstream proxy (also called parent in squid terms), which does the work.
-
I also had this issue when setting up transparent proxy for ipv6 (see some posts above).
The problem is that 'intercept' option is just set to 127.0.0.1.
Check your squid.conf for http_port 10.80.25.32:3128 and add intercept option.
http_port 10.80.25.32:3128 intercept
Then squid should recognize the request as redirected one.
-
Actually, i gave up on this.
Isn't there any other way to avoid those certificates?
I want to load some ready cloud-init images which do not have the certificate or even a browser.
-
Adjusted the cloud-init image to know about the manual proxy-server instead of transparant.