OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of QQGOD »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - QQGOD

Pages: [1]
1
16.7 Legacy Series / Re: Opnsense Bridge with Squid transparent problem
« on: December 12, 2016, 10:35:16 am »
What "other products" can achieve this?

Now, only additional IPFW rules on the proxy and the server can achieve this: the server see the real clien ip address.

It seems the “divert-reply" option of pf can work for transparent proxy, but it does not work , maybe the kernel does not implement it.

Quote from: franco on November 30, 2016, 09:05:48 am
You said "Squid works in transparent mode." Then you said "client transparency". That's the same.

If you mean server transparency, you need to put your proxy behind NAT.

If you want your servers to see the clients and still do proxying, there are other products for this we cannot possibly support...


Cheers,
Franco

2
16.7 Legacy Series / Re: Opnsense Bridge with Squid transparent problem
« on: November 29, 2016, 07:25:33 am »
Thanks!

But how to achieve client transparency in this scenario?

3
16.7 Legacy Series / Opnsense Bridge with Squid transparent problem
« on: November 25, 2016, 01:40:35 pm »
Opnsense works in bridge mode.
Squid works in transparent mode.
The http request can be filtered by squid.

BUT there is a problem, the outside web server shows the request is from the opnsense bridge interface(ip1), not from the computer(ip2) behind the bridge.

webserver <--->opnsense bridge(ip1)<--->inner computer (ip2)

How to fix this?
Let webserver finds request from ip2, as opnsense bridge is totally transparent.

4
16.7 Legacy Series / Re: Can I choose loopback interface in Proxy server?
« on: November 25, 2016, 03:52:12 am »
Thanks, it works.
Clear "Proxy Interfaces" and Enable Transparent mode will enable it listen on loopback.

5
16.7 Legacy Series / [SOLVED] Can I choose loopback interface in Proxy server?
« on: November 23, 2016, 12:24:33 pm »
Only lan and wan are available. Loopback is not available.
In pfsense, loopback can be used.

6
16.7 Legacy Series / Re: 16.7.3 port forwarding
« on: November 14, 2016, 07:13:21 am »
There is an interesting thing about port forward.

Before check this, the outer port can only be accessed from Ubuntu 16.04.01.
The outer port cannot be accessed from macOS, the TCP ACK packet is sent from WAN interface, but macOS does not receive the TCP ACK packet.

After check this, the outer port can be accessed from all kind of OS.

Quote from: franco on September 21, 2016, 08:51:52 pm
Try Firewall: Settings: Advanced: check "Disable reply-to on WAN rules".


Cheers,
Franco

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2