"
Hi there,
Can anyone help on this?
Doesn't seem like the filters are applied or treated correctly.
Can anyone help on this?
Doesn't seem like the filters are applied or treated correctly.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
18.1 Legacy Series / Re: Web Proxy - Inconsistent filtering and protocol mismatch
April 18, 2018, 01:48:21 PM #2
18.1 Legacy Series / Web Proxy - Inconsistent filtering and protocol mismatch
April 16, 2018, 10:24:32 AM
Hello all,
We would like to use a transparent Web proxy in order to block visitors from accessing undesirable Websites.
Here are some of the issues we are encountering:
* Websites that match one of the filtered category seem to be blocked. I.e.: www.ubs.com cannot be accessed even though the "bank" category is not blacklisted.
* When trying to access via HTTPS a Website that matches a filtered category that isn't white-listed, we receive an SSL error on the browser. A network capture shows Squid responding with an Access Denied message in plain-text HTTP, and not HTTPS.
The error that is reoccurring in the access logs is TCP_Denied, but we can't tell specifically what ACL we are hitting.
We are able to access some HTTPS Websites, it's only when the access is denied that we receive a response in HTTP, and we also cannot tell why it's being denied.
Other websites that don't work: www.youtube.com, ch.archive.ubuntu.com
What are your suggestions?
We would like to use a transparent Web proxy in order to block visitors from accessing undesirable Websites.
Here are some of the issues we are encountering:
* Websites that match one of the filtered category seem to be blocked. I.e.: www.ubs.com cannot be accessed even though the "bank" category is not blacklisted.
* When trying to access via HTTPS a Website that matches a filtered category that isn't white-listed, we receive an SSL error on the browser. A network capture shows Squid responding with an Access Denied message in plain-text HTTP, and not HTTPS.
The error that is reoccurring in the access logs is TCP_Denied, but we can't tell specifically what ACL we are hitting.
We are able to access some HTTPS Websites, it's only when the access is denied that we receive a response in HTTP, and we also cannot tell why it's being denied.
Other websites that don't work: www.youtube.com, ch.archive.ubuntu.com
What are your suggestions?
#3
18.1 Legacy Series / How to install Ngrep?
April 14, 2018, 06:47:08 PM
Hello!
Is there an easy way to install Ngrep? Seems there is no official port.
Thanks!
Is there an easy way to install Ngrep? Seems there is no official port.
Thanks!
#4
18.1 Legacy Series / Re: WiFi bridged with LAN - unusable if LAN is unplugged
April 14, 2018, 06:16:39 PM
This is solved.
The solution is to make the bridge Interface the authoritative one over the LAN interface. So disable IPv4 over LAN, assign IPv4 to the Bridge Interface, make sure DHCP listens over the bridge interface, and apply changes.
Lan can go up and down as it pleases, and the WiFi interface can still route, NAT, DHCP, as normal.
I'm still unclear to what the "lock" option does. What does Prevent Interface Removal mean?
The solution is to make the bridge Interface the authoritative one over the LAN interface. So disable IPv4 over LAN, assign IPv4 to the Bridge Interface, make sure DHCP listens over the bridge interface, and apply changes.
Lan can go up and down as it pleases, and the WiFi interface can still route, NAT, DHCP, as normal.
I'm still unclear to what the "lock" option does. What does Prevent Interface Removal mean?
#5
18.1 Legacy Series / [Solved] WiFi bridged with LAN - unusable if LAN is unplugged
April 14, 2018, 12:39:54 PM
Hello,
I bridge my WiFi Interface with LAN (Using an APU3 from PC Engines), and it somewhat works. I can connect to the WiFi AP and get a DHCP IP, and can browse the Internet with my client. However, if I unplug the cable behind NAT, which is in itself another client connected via cable, my WiFi interface goes down. I can still see the WiFi AP, but if I connect to it, I won't get an IP from the DHCP.
Basically, it looks to me as if the LAN is only usable if something is physically plugged to it. Given that my WiFi interface bridges with LAN, it also becomes unusable.
On the GUI, I checked the lock on the LAN and WiFi bridge to prevent the interface removal, to no effect.
What are your suggestions to solve this?
I'm running Opnsense 18.1.6.
Thanks!
I bridge my WiFi Interface with LAN (Using an APU3 from PC Engines), and it somewhat works. I can connect to the WiFi AP and get a DHCP IP, and can browse the Internet with my client. However, if I unplug the cable behind NAT, which is in itself another client connected via cable, my WiFi interface goes down. I can still see the WiFi AP, but if I connect to it, I won't get an IP from the DHCP.
Basically, it looks to me as if the LAN is only usable if something is physically plugged to it. Given that my WiFi interface bridges with LAN, it also becomes unusable.
On the GUI, I checked the lock on the LAN and WiFi bridge to prevent the interface removal, to no effect.
What are your suggestions to solve this?
I'm running Opnsense 18.1.6.
Thanks!
Pages1
