OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of yahoo1983 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - yahoo1983

Pages: [1]
1
General Discussion / Re: Opnsese icap + clamav
« on: October 10, 2017, 07:43:09 am »
Ok I narrowed down the problem to Intrusion Detection set to enabled. When I disabled the service everything started working fine.

2017-10-10T07:52:47.754432+0200   blocked   213.211.198.62 OPNsense test eicar virus
It's on port 80 and it's dropping all communication.

Can I make it display alert ?

edit. I disabled Intrusion Detection, downloaded rule sets, enabled service again and it's working fine now. The eicar virus test is working. Seems like something went wrong with initial config.

2
General Discussion / Re: Opnsese icap + clamav
« on: October 06, 2017, 12:00:18 pm »
This log doesn't say anything about the failed connections.
In access log I get:
For blocked:
192.168.100.2 TCP_MISS/403 839 GET http://rexswain.com/eicar2.zip - ORIGINAL_DST/206.130.113.68 text/html

For the one that doesn't get loaded even
192.168.100.2 TCP_MISS_ABORTED/000 0 GET http://rexswain.com/eicar.zip - ORIGINAL_DST/206.130.113.68 -

3
General Discussion / Re: Opnsese icap + clamav
« on: October 06, 2017, 11:53:19 am »
I just did that and the problem remains, no idea what it is. I'll try to check all the options again

4
General Discussion / Re: Opnsese icap + clamav
« on: October 06, 2017, 11:41:13 am »
I'm lost
https://support.kaspersky.com/downloads/eicar/eicar.zip BLOCKED AND MESSAGE DISPLAYED
https://secure.eicar.org/eicar.com.txt BLOCKED AND MESSAGE DISPLAYED
http://rexswain.com/eicar.html first com and zip GETS forever loading, last eicar2.zip BLOCKED AND MESSAGE DISPLAYED

no idea what is going on. Could you check if you get same results ? :)

5
General Discussion / Re: Opnsese icap + clamav
« on: October 06, 2017, 11:29:59 am »
Ok, I noticed how it works. For some reason the message is displayed:
HTTPS: YES
HTTP: nothing is going on besides firefox trying to load a page (forever)

Ok, I'm clueless. http://rexswain.com/eicar.html
First zip gets forever loading
the second one gets blocked
:)

6
General Discussion / Re: Opnsese icap + clamav
« on: October 06, 2017, 11:22:23 am »
I'm testing it on firefox version 56. I noticed it's always on when i donwnload txt, while weird stuff happenening when its zipped.

7
General Discussion / Opnsese icap + clamav
« on: October 06, 2017, 10:56:57 am »
Hello,
I've managed to setup a proxy with virus check. When I do Eicar test, I get:

VIRUS FOUND
You tried to upload/download a file that contains the virus: Eicar-Test-Signature
The Http location is: https://secure.eicar.org/eicar.com.txt

For more information contact your system administrator

This message generated by C-ICAP service: avscan?allow204=on&mode=simple
Antivirus engine: clamd-0992/23911

Which is fine. I was wondering though, whether once blocked address is stored somewhere. Because when I try to enter it again, I do not get warning about the virus. The webpage simply doesn't load. Is that normal behaviour or something is missing ?

Thanks

8
Web Proxy Filtering and Caching / Re: Proxy Bypass
« on: October 05, 2017, 05:59:06 pm »
Quote from: shan on October 05, 2017, 05:13:54 pm
There is an option under Web Proxy -> Forward Proxy -> Access control Lists to Specify Unrestricted IP addresses

well, after all, it turned out the problem is that I'm an idiot.
Thank you for help.

Whole day clicking to turn out I didn't press ENTER after adding IP hence the config didn't save. I thought it was a problem because I didnt add destination address.

Now it's working lol

9
Web Proxy Filtering and Caching / Re: Proxy Bypass
« on: October 05, 2017, 05:16:50 pm »
Yes, I have tried that. It only works on DESTINATION IPs.
I'm trying to bypass proxy base on LAN IPs
My current configuration on Dansguardian is that I specify adresses whichi bypass squid/dansguardian, so they do not get stuck on web filtering (for instalnce my address).
I just cant find that option in OPNsense

Example my LAN ip is 192.168.0.5. I do not want it to go through proxy

10
Web Proxy Filtering and Caching / Proxy Bypass
« on: October 05, 2017, 11:52:14 am »
Hello,
I've been looking for option to bypass proxy for certain LAN IP's. However I cannot find this option anywhere. Is it missing ?
I would like all LAN to pass through Proxy and let few LAN IP's bypass it completely (for admins)
Thanks
JK

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2