OPNsense Forum

English Forums => General Discussion => Topic started by: Noctur on November 17, 2017, 05:20:21 pm

Title: Setup ClamAV & c-ICAP How-To Difficulties
Post by: Noctur on November 17, 2017, 05:20:21 pm

I'm trying to get internal ClamAV / Transparent Proxy scanning going using the How-To on the Wiki (https://wiki.opnsense.org/manual/how-tos/proxyicapantivirusinternal.html). Following the instructions, right after I finish Step 1 on that page, Setup Caching Proxy, I apply and GUI access to the FW is locked out. That persists after reboot at the FW. I have to restore a previous config backup to get things running again.

My setup: 17.7.7_1 running the FreeBSD 11.1 OS from here: https://forum.opnsense.org/index.php?topic=6257.0
Suricata with IPS/IDS
OpenVPN with client operating
Anti-lockout rule is turned off
Standard LAN ports are open via FW rules (http, https, ssh, voip, various email, etc)

When setting up the Caching Proxy, I'm selecting both the LAN and OpenVPN interfaces, No Authentication, No ACL, No Remote BL, Yes on FW Rule no ByPass on LAN (not VPN). I have not completed the last step in that how-to to set up the browser as it will be set up as transparent in the next procedure. This is as far as I get.

What am I doing wrong? TIA for your help.

On a different note, would the devs consider implementing a feature when ClamAV and c-ICAP modules are installed and enabled on a system together that a proxy could also be created with settings automatically defaulted to a config that routes through the two modules for internal AV scanning? Expert users could then tweak default settings to suit more complex configs. This would only be triggered if both were installed. If ClamAV is installed and ICAP is not, it would be understood that the ICAP processor is an external system / separate VM.

Title: Re: Setup ClamAV & c-ICAP How-To Difficulties
Post by: fabian on November 17, 2017, 05:31:44 pm

Quote from: Noctur on November 17, 2017, 05:20:21 pm

I'm trying to get internal ClamAV / Transparent Proxy scanning going using the How-To on the Wiki (https://wiki.opnsense.org/manual/how-tos/proxyicapantivirusinternal.html). Following the instructions, right after I finish Step 1 on that page, Setup Caching Proxy, I apply and GUI access to the FW is locked out. That persists after reboot at the FW. I have to restore a previous config backup to get things running again.

Sounds like you are having issues with your firewall rule or the proxy. There are two likely reasons why t does not work:
* Your port forward is has the wrong target
* Your proxy is not running

For your problem: You can also stop any NAT for any traffic to the firewall itself.