Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - mirek186

Pages1
#1
Web Proxy Filtering and Caching / tcpdump Squid traffic and|or port forwarding
April 15, 2021, 01:00:23 PM
Hi,

As in the subject is there a way you can see a whole packet journey using transparent squid with port forwarding, e.g.
client -> opnsense lan interface port 80 -> opnsense port forward 80-3128 -> squid receive packets -> squid making request
and then everything but in reverse.

I'm asking as I'm probably a bit of a control freak and want to see my packet step by step so while testing I can understand all the steps required.

So far I've tried to do tcpdump on lo0 and lan interface on 3128 but I can't see a thing. I can see the correct destination port on tcpdump lan interface port 80 but that's before port forwarding.

Thanks,
Mirek
#2
General Discussion / LAN-OPT1 stefull IN rules and "let out anything from firewall host itself" OUT
October 23, 2020, 07:52:14 AM
Hi,

I'm probably missing something here, could someone explain to me what is the reason behind floating "rule let out anything from firewall host itself" which you can't disable, please?
e.g. I have a rule
pass in log quick on LAN proto tcp from any to OPT1 port = ssh keep state
and in the Live View, I can see the IN rule is matched and then next entry is a match for "rule let out anything from firewall host itself", it's all working LAN host is allowed to ssh but I tought "keep state" should take care of the OUT rule and you shoudn't have to have a explict OUT any any rule from the firewal itself.
I did small test and removed automated rule from /usr/local/etc/inc/filter.lib.inc, rebooted, verified the floating rule is no longer there and my SSH rule is still working which I think confirm the staefull rule is working correctly.
Code Select
    $fw->registerFilterRule(
        5,
        array('direction' => 'out', 'statetype' => 'keep', 'allowopts' => true,
        'quick' => false, "descr" => "let out anything from firewall host itself"),
        $defaults['pass']
    );

I'm pretty sure the rule is there for the reason, but I coudn't find in the documentation what that rule is for, could someone explain to me why it's there and why it's the one you can't disable. I think it does eat up few CPU cycles as you do keep IN rule state and you also match OUT rule, am I right.

Thanks
Pages1