Messages

@Aslansh

Tiene sentido lo que estas describiendo.

Cuando activas la restriccion de inicio de session en maquinas especificas para cada usuario. Estas efectivamente cambiando atributos de seguridad y autorizacion en Active Directory. Ciertamente las Politicas de Seguridad no tienen nada que ver con Squid.
Pero Active Directory esta haciendo lo que le has pedido hacer. Unicamente permitiendo que la session se inicie desde la maquina designada.
El directorio de LDAP requiere autorizacion para conectarse y buscar grupos y usuarios (iniciar una session para conectarse via LDAP)

https://learn.microsoft.com/es-es/windows/win32/ad/security-properties#userworkstations

Es posible que si instalas Squid en una maquina linux que sea miembro del dominio... que tal vez funcione como quieres. Pero hay que hacer la prueba.

I have configured an OPNsense firewall with the transparent proxy functionality, by following the documentation.
This is working as expected.
I was asked to disable proxy filtering based on a schedule. As they want to allow unfiltered access to the internet during lunch hours.

I have not been able to get this to work, by doing a manual filter rule association from the NAT Port-Forward rule used for the transparent proxy, with a firewall rule with a schedule.

It seems that the NAT rules are applied before the filter/regular rules. So in the logs I still see source IPs as 127.0.0.1 which is what the NAT port redirect rule is doing.

Are NAT rules applied before any other rules?
Is there a way to disable/enable NAT rules based on a schedule?
Am I missing something or misunderstanding how this is supposed to work?

Thanks in advance for any help.