OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: hbc on October 24, 2019, 08:48:21 am
-
I run a transparent squid proxy on 19.7.5_5 (80, 443 redirected to localhost 3128, 3129).
Everything is working: Traffic intercepted, redirected to localhost proxy, processed and clients browse without additional settings.
The only issue are the log entries which are generated and rise the impression that traffic is blocked which is actually not the case:
Log entry:
StudentsNet Oct 24 08:23:18 10.1.0.241:63039 127.0.0.1:3129 tcp Default deny rule
I tested traffic, ports and logs. Everything works and for users no problems, except these deny rules flooding logs.
Port forward:
GRPStudents TCP GRPStudents net Port_unprivileged * 80 (HTTP) 127.0.0.1 3128 redirect traffic to local proxy
GRPStudents TCP GRPStudents net Port_unprivileged * 443 (HTTPS) 127.0.0.1 3129 redirect traffic to local proxy
Associated rules:
IPv4 TCP GRPStudents net Port_unprivileged 127.0.0.1 3128 * * NAT redirect traffic to local proxy (IPv4)
IPv4 TCP GRPStudents net Port_unprivileged 127.0.0.1 3129 * * NAT redirect traffic to local proxy (IPv4)
GRPStudents is an interface group, consisting of three interfaces.
-
Can you grep the line from filter.log? Maybe it blocks some out of order RST packets from an already closed session. Also happens sometimes on Linux with iptables.
-
Well, that maybe possible. I have some blocklists active, so that proxy denies ad tracker and telemetry.
I will check whether a proxy deny correlates with the log entries and check filter.log
Update:
flags in filter.log are different.
127.0.0.1,36388,3129,24,PA,2989120169:2989120193,3146837101,911,,nop;nop;TS
127.0.0.1,36388,3129,0,FA,2989120193,3146837101,911,,nop;nop;TS
127.0.0.1,59012,3129,24,PA,425872857:425872881,1453957540,741,,nop;nop;TS
127.0.0.1,47393,3129,24,FPA,604622599:604622623,843939034,775,,nop;nop;TS
127.0.0.1,51150,3129,24,PA,2163678365:2163678389,1241170655,821,,nop;nop;TS
127.0.0.1,51150,3129,0,FA,2163678389,1241170655,821,,nop;nop;TS