OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of mirek186 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - mirek186

Pages: [1]
1
Web Proxy Filtering and Caching / tcpdump Squid traffic and|or port forwarding
« on: April 15, 2021, 01:00:23 pm »
Hi,

As in the subject is there a way you can see a whole packet journey using transparent squid with port forwarding, e.g.
client -> opnsense lan interface port 80 -> opnsense port forward 80-3128 -> squid receive packets -> squid making request
and then everything but in reverse.

I'm asking as I'm probably a bit of a control freak and want to see my packet step by step so while testing I can understand all the steps required.

So far I've tried to do tcpdump on lo0 and lan interface on 3128 but I can't see a thing. I can see the correct destination port on tcpdump lan interface port 80 but that's before port forwarding.

Thanks,
Mirek

2
General Discussion / LAN-OPT1 stefull IN rules and "let out anything from firewall host itself" OUT
« on: October 23, 2020, 07:52:14 am »
Hi,

I'm probably missing something here, could someone explain to me what is the reason behind floating "rule let out anything from firewall host itself" which you can't disable, please?
e.g. I have a rule
pass in log quick on LAN proto tcp from any to OPT1 port = ssh keep state
and in the Live View, I can see the IN rule is matched and then next entry is a match for "rule let out anything from firewall host itself", it's all working LAN host is allowed to ssh but I tought "keep state" should take care of the OUT rule and you shoudn't have to have a explict OUT any any rule from the firewal itself.
I did small test and removed automated rule from /usr/local/etc/inc/filter.lib.inc, rebooted, verified the floating rule is no longer there and my SSH rule is still working which I think confirm the staefull rule is working correctly.
Code: [Select]
    $fw->registerFilterRule(
        5,
        array('direction' => 'out', 'statetype' => 'keep', 'allowopts' => true,
        'quick' => false, "descr" => "let out anything from firewall host itself"),
        $defaults['pass']
    );
I'm pretty sure the rule is there for the reason, but I coudn't find in the documentation what that rule is for, could someone explain to me why it's there and why it's the one you can't disable. I think it does eat up few CPU cycles as you do keep IN rule state and you also match OUT rule, am I right.

Thanks

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2