OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: im_etten on March 19, 2018, 07:53:24 pm
-
I am new to OPNSense and I am trying to do some setup/testing on the install.
I have a default install of 18.1.4. I have internet access and have setup DHCP. Everything works.
I then followed the user manual on how to setup web filtering. The last step is to disable the proxy bypass via a firewall rule. Once I do this I am no longer able to access the internet. If I disable the rule I gain access to the internet.
What else do I need to setup to get this to work?
My intent is to setup web filtering for all devices connected to the network. I don't want to setup any caching or authentication. If I log on to the network with a PC, I want the web filtering to block out any categories I select.
Thanks in advance.
-
Hi im_etten, just like you i'm a newbie and it happens that i tried the same today. I also did not have access to internet after inserting the firewall rules to deny proxy-bypassing.
In my case i found that i did not configure my browser to use the proxy (the IP address of the LAN port and port 3128 by default). Maybe this is also the case in your situation?
I found a screenshot (https://wiki.opnsense.org/manual/how-tos/cachingproxy.html (https://wiki.opnsense.org/manual/how-tos/cachingproxy.html)) in the howto about a caching proxy for Mozilla Firefox which depicts how you could configure Firefox. It is below the heading "Configure browser/Firefox". In Firefox you can find the setting going to "preferences", network proxy is at the bottom of the "general" settings page. After this, it should work, if not, restart Opnsense. After adding this setting and restarting Opnsense it worked fine for me!
-
Thank you guys for posting.
Apologies for resurrecting a dead thread.
I thought the idea of a transparent proxy was that we didn't have to modify the client side.
see here: https://www.expressvpn.com/blog/transparent-proxy/
I'm feeling pretty confident I've followed Web Url setup properly and haven't been able to filter as I want, yet.
-
Hi,
yes, transparent means the client doesn't see any configuration for this. In order to do this you would need:
1. a NAT rule which redirects your web traffic to your proxy (for example redirect port 80 to 3128)
2. a firewall rule which allows your client to connect to your transparent port (for example 3128)
Please post your rule setup.
Edit: also check this https://docs.opnsense.org/manual/how-tos/proxytransparent.html
BR,
NR
-
Hi,
I'm suffering from the same issue. I'm pretty ignorant on the matter. Have no prior experience and i don't have a good understanding of the network stuff. The topic has already been resurrected recently so I think you wouldn't mind.
I'm using an old computer via the live mode(Serial image flashed by Rufus).
It has half a gig ram, I'm only using it for testing and learning.
I just let it run without touching anything, I did nothing except this one: https://docs.opnsense.org/manual/how-tos/proxywebfilter.html
Didn't run wizard either. I wouldn't know what to do with it anyways.
Also using an old ethernet card with it.
Internet ==> Switch ==> Old ethernet card ==> Old computer (OPNsense live) onboard ethernet port ==> Wireless access point. When I switch ports on the old computer it no longer works, so I think LAN, WAN interfaces are set up correctly.
What is working:
- Can connect to the internet, no issue
- Firewall rules seem to work fine when I disabled rules no device was able to access the internet while they could access OPNsense.
- Downloaded ACL and fetched categories without issues. I applied but have no idea if it would work.
- Enabling proxy does display the green button.
What I want:
- Web filter, obviously. If there is a better alternative to achieve this pls do tell me. Like e2guardian, it's not possible on OPNsense, is it?
- Intended for large areas, the users should not have to set up anything on their devices.
-
Hi,
yes, transparent means the client doesn't see any configuration for this. In order to do this you would need:
1. a NAT rule which redirects your web traffic to your proxy (for example redirect port 80 to 3128)
2. a firewall rule which allows your client to connect to your transparent port (for example 3128)
Please post your rule setup.
Edit: also check this https://docs.opnsense.org/manual/how-tos/proxytransparent.html
BR,
NR
How can I redirect port 80 to 3128?
Do I need to disable rules from the OPNsense docs? Can redirection work while there is a block rule?
-
The help Text of the transparent port contains a link to generate the rule.
-
The help Text of the transparent port contains a link to generate the rule.
Sorry, I don't know what transparent proxy is, do I have to use it?
Edit: I set everything up but still can't connect when i enable firewall rules.
Edit2: Everything works except proxy bypass, urls in the list return access denied error.
Edit3: Download ACLs works only the first time for ut1. After first time i cannot fetch categories.
-
Oh, I misread that. I thought you want a transparent proxy because I read redirect port 80 traffic. For non transparent you only need to open 3128 TCP and 53 UDP when using the default configuration. But then you have to configure it on each client and maybe for every single software or use another helper technique like WPAD/PAC which is still not supported everywhere.
-
Late reply indeed, but I just came across this myself when playing with OPNSense and found the reason for mine not working after enabling the firewall block was that the rules that were created when enabling the transparent proxy didnt enable themselves by default. they were there, just not enabled. cheers,