OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: yahoo1983 on October 05, 2017, 11:52:14 am
-
Hello,
I've been looking for option to bypass proxy for certain LAN IP's. However I cannot find this option anywhere. Is it missing ?
I would like all LAN to pass through Proxy and let few LAN IP's bypass it completely (for admins)
Thanks
JK
-
There is an option under Web Proxy -> Forward Proxy -> Access control Lists to Specify Unrestricted IP addresses
-
Yes, I have tried that. It only works on DESTINATION IPs.
I'm trying to bypass proxy base on LAN IPs
My current configuration on Dansguardian is that I specify adresses whichi bypass squid/dansguardian, so they do not get stuck on web filtering (for instalnce my address).
I just cant find that option in OPNsense
Example my LAN ip is 192.168.0.5. I do not want it to go through proxy
-
There is an option under Web Proxy -> Forward Proxy -> Access control Lists to Specify Unrestricted IP addresses
well, after all, it turned out the problem is that I'm an idiot.
Thank you for help.
Whole day clicking to turn out I didn't press ENTER after adding IP hence the config didn't save. I thought it was a problem because I didnt add destination address.
Now it's working lol
-
Hello,
I understand that this situation only ensures unrestricted access to the cache, i am correct ?
If the statement is true, how do i actually skip the proxy ?
Tks.
-
No, unrestricted means that no ACL in the proxy will block internet access. Please keep in mind that third party software still can (for example an AV engine).
-
I´m new to opnsense. i did use pfsense before.
I use transparent proxy.
Proxy is working perfect with the exception of all the IOS Devices.
On Pfsense there was a field called "BYPASS PROXY". So on pfsense i could manage the IOS Problem with this option.
On OPNsense, even if i put their IP´s to the Unrestricted IP addresses - List, all apps and some websites do not load the content. -> error on loading website/content
Is there any solution for this "IOS" problem?
Would be great !
thx
by the way -> in my opinion, opnsense has less problems then pfsense.
-
You can exclude IPs from the redirect by adding them to the "no rdr" option in a firewall rule (NAT)
-
ok.
do i have to create the rule before or after the default https and http rule ?
thx
-
ok.
do i have to create the rule before or after the default https and http rule ?
thx
I'm a bit overwhelmed. can you help me a little bit more detailed?
-
before the forward rule - it prevents that the rule forwards traffic to the proxy. It works but it should not be the recommended way to work (it would be better to know why the proxy fails to connect).
-
Hello!
I got the transparent proxy to work. I'm happy with it, but need to bypass some domains/networks. Some things like mobile devices have specific certificates that they will work with and not others. Anyway I filled out the hosts in Web Proxy -> Forward Proxy -> Access Control List in the Whitelist field. Example in the attachments. I've also tried adding the network (this is for www.apple.com for testing) as a no redirect rule. Example of this is in the attachments.
In both cases hosts in the "untrusted" pool of addresses still get proxied to www.apple.com. Any thoughts on what I'm missing here?
-
Little scared that I'm replying to my own posts. I opened a bug on the Git for the whitelist issue. It's definitely not working. The No Redirect DOES work, I was using a bad test methodology (apple.com is on Akamai and not in 17.0.0.0/8.) It does require state resets after changes often. I'll update more when I know it.
:D
-
It's vital for future reference to link to your ticket in the thread discussing it.
Thanks,
Franco