Typically my firewall sits at the center of many local networks. Some of them should be accessible to clients, some of them not.
I can restrict that using the firewall.
But if I enable the web proxy, that circumvents the firewall? How to I prevent clients from accessing otherwise protected internal networks by using the proxy?
Via a custom ACL. That is AFAIK not available in the Gui
Hi,
i have exactly the same problem. As you mentioned custom acl are not available in the Gui, means to get this correct to work, i have also to tamper again within the squid.conf??
Thx!
Quote from: fabian on November 13, 2021, 06:16:19 PM
Via a custom ACL. That is AFAIK not available in the Gui
Much too complicated IMO
I do that via a FW alias list containing all the local subnets and use that in the NAT rule pointing to squid as inverted destination.
So the allowed source can access all the external adresses via squid, but is not NATed when the destination is a local LAN IP.
(I also put Firehol etc. block lists there)
br
Christian
It should then still be possible to use the proxy explicitly.
Yes
I believe the business edition also has a plugin for this.
Quote
I do that via a FW alias list containing all the local subnets and use that in the NAT rule pointing to squid as inverted destination.
Hi Christian,
do you just change the redirect traffic rules under NAT Portforward for this?
Thx!
Hi
Yes, the NAT rules that redirect to the proxy
Hi,
thanks will try this