Messages

CP =  Captive Portal = Portal Cautivo.

Eso requisitos, quien te los pide en un lugar publico?

Saludos.

Hola.

  A que te refieres sobre "la ley nos obligue"?

Es un servicio llamemoslo publico, entonces registrar las paginas, ¿quien se pondra de  ustedes a revisarlas? y si encuentran una que no les gustes, se van a poner a bloquearlas?

 Mis observaciones, lo unico que se me ocurre es habilitar el CP y Unbnound DNS Blacklist y por ejemplo habilitar bloqueo de paginas para adultos.

 Unbound te va a logear todo las consultas, pero tendras que sentarte a revisar toda esa info para que analices a que destinos estan llendo tus clientes.

 Saludos.

 Hola, les dejo la continuacion del web proxy transparente, ahora si entramos a la seccion mas interesante, las politicas de navegacion.

Saludos.

Hi.

Don't see the point, but you will need to do it manually, for example create a cron job to copy the access log to any other system(rsync not available) before log rotation(midnight) every day.

Leave log rotation locally.

PM.

Here is the error:

FATAL: Unable to find configuration file: /usr/local/etc/squid/pre-auth/*.conf: (13) Permission denied

Did you setup auth?

If you are new, I recommend to start over or remove anything you setup on auth and run squid -k parse until you don't see any fatal error.

Regards

If I not blind, their I can see the error...

ERROR: No forward-proxy ports configured.

Run on the console this command and read it carfully: squid -k parse

Regardas.

NOTE: AV, buy a bitdefender or other, open source AV cannot beat a comercial AV.

Por cierto, estoy trabajando un tutorial de como configurar un web proxy en modo transparente, por si les interesa, aqui esta la parte #1.

Saludos.

Tengo algo de tiempo usando squid, y ese segment fault es algo que ya aprendi a vivir con el.

El tema es que squid funciona, no tengo problemas con el.

Mas bien pienso que tienen alguna variable en el codigo que cuando compilaron el pkg dispara ese mensaje.

En tu caso, dejo de funcionar?

Saludos.

This is not Opnsense issue, this is how squid works since I know that squid exist on Unix and Linux.

If you want to have a Multiwan, Internet <-> isp's <-> Opnsense+Multiwan <-> opnsense+squid <-> LAN.

Regards.

For me, since I start using squid on opnsense, I always get segment fault, but doesn't mean squid won't work, is working.

Even if I just run on shell squid -k parse, I always get that error at the end.

Them, I start living with this.

On pfsense for example, is very strange to get that message with squid.

But you can go and disable the NAT and fw rules if you need to.

Currently, what is your status?

Regards.

Looks like I finally understand the logic of the plugin, the only issue is redis server, is a ram cookie monster, minimum we need horse power and 4GB RAM, less than this will suffer.

what about on a 100+ simultaneous users?

Regards.

I setup squid MITM, was working, no issue here.

Latter I decide to install OPNPROXY plugin and..here cames de issues.

Redis running.

No AUTH, is Transparent.

Maybe I forget something?

I setup a Global Rule, allow, select all the categories, username none, I don't have auth enable, source 192.168.9.0/24 or 192.168.9.50, Apply.

Results..no navigation on any page, just opnsense firewall.

I use the test feature and I see the error, I think meaning -> blocked.

Latter I add a custom rule to my laptop, type 2 domains only, apply..works only for this 2 domains.

If I test my 2 domanis I add on this custom tab it works.

Them, I forget something?

Running latest version.

Good question, I got the same...watching...

Hi Vilhonator.

I had found the logs about cron, those are on Unbound dns logs, whitelist clear as watter. Correct, looks like we don't have an option to exclude IPs from te BL stuff.

Thanks for your help.

Hi.

I have this questions related to blacklist feature:

1) If I detect a false positive, and whitelist that domain on the GUI, do I need to run a command or restart the service to apply my new whitelist?
2) If we enable cron to update the list(s), do we have a report/statusabout if the update(s) where a good or not?
3) Exist a why to override the blacklist for a specific IPs on my LAN, lest say I don't want the service to apply the blacklist for X lan IP?

Thanks.