OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of AC »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - AC

Pages: [1]
1
17.7 Legacy Series / Gateway switching problems
« on: January 10, 2018, 08:43:26 am »
Hey Folks

i experience a strange behavior and I'm a little bit helpless with that.

I'm routing to different Networks with multi-wan. DNS is routed to two DSL connections AND a special Network where the parent DNS Server is in. I configured the three Interfaces as GatewayGroup_DNS.

Everything worked fine - but about once a day, only my DNS routing does stop working. I can't ping or lookup DNS Servernames but i can ping IP's in every net through every interface connected.

The strange thing is, when this happens, I also can't ping the opensenseFirewall Gateway but only from my DNS-Servers! Every Client can ping the Firewall! Also, when I'm using the parent DNS Server in my Client directly, DNS will work for that Client.

I'm not using any DNS Service from the Firewall - just routing DNS from my Servers to the GatewayGroup_DNS.

No IDS used! No DNS-Service from opnsense. DNS Server seem to get blocked after some hours!

Reboot helps...

2
Web Proxy Filtering and Caching / Parent Proxy Opnsense
« on: January 03, 2018, 09:35:17 am »
Update1: added URL Regex & destination IP

Hey folks,
I configured the Webproxy with a ParentProxy and I'm here to share my experiences with that.

The WebGui does not have an option to define a ParentProxy, so we need to dig deeper:

First of all, there are two directorys:
/usr/local/etc/squid/pre-auth
/usr/local/etc/squid/post-auth

Here I'm using the pre-auth folder. In that folder you need to create a file with .conf ending. Without that file ending the Proxy won't use the config.
I created a file namend ParentProxy.conf ; everything with qoutes needs to be set properly and without the quotes:

# cache_peer: here we set the ParentProxy as URL or IP
cache_peer "ExamplePeer" parent 8080 0 no-query default

#acl for destinationdomains to use our ParentProxy
# the point before the URL means, that every subdomain will also be sent to the ParentProxy
acl "NameOfACLdomain" dstdomain .com .org .local host1.any.domain
#ACL IP List
acl "NameOfACLIP" dst 10.193.100.5
#ACL urlregex
acl "NameOfACLregex" url_regex server1 http://server2.dings

#Now we define the Access, change the "ExamplePeer" to whatever you named your ParentProxy cache_peer
# the first line says: every URL in the defined ACL is going to the ParentProxy
# second line: everything else (not listed in ACL) will not go to the ParentProxy
cache_peer_access "ExamplePeer" allow "NameOfACLdomain"
cache_peer_access "ExamplePeer" allow "NameOfACLIP"
cache_peer_access "ExamplePeer" allow "NameOfACLregex"
cache_peer_access "ExamplePeer" deny !"NameOfACLdomain"
cache_peer_access "ExamplePeer" deny !"NameOfACLIP"
cache_peer_access "ExamplePeer" deny !"NameOfACLregex"

# I'm not sure if that is really needed:
# Here you can define which Domains should not go to the ParentProxy (I choosed our internal Domain)
cache_peer_domain !.internal.domain

#we need to use the never_direct allow directive:
never_direct allow "NameOfACLdomain"
never_direct allow "NameOfACLIP"
never_direct allow "NameOfACLregex"


Maybe that helps configuring a ParentProxy

AC

3
German - Deutsch / Benötige Interface Route - keine Gatewayroute
« on: December 04, 2017, 10:08:43 am »
Hallo zusammen,

ich bin zur Zeit den Einsatz der opnsense in unserem Firmennetz am testen. Wir haben aktuell eine Sophos im Einsatz. Dort gibt es eine Einstellung mit der man eine Interfaceroute schalten kann. Also so, dass alles was ins Netz 192.168.5.0/24 soll über das angegebene Interface geroutet wird - nicht über eine Gateway IP-Adresse. Siehe Bild.

In der Opnsense finde ich aber nur Gatewayrouten.

Hat jemand eine Idee oder Lösung?

4
17.7 Legacy Series / Different parent Proxys
« on: November 21, 2017, 10:42:49 am »
Hey Folks!

I'm planning to use Opnsense as Firewall, but i got a little bit stuck in the Proxy section.

I need to use a special parent proxy, but only for a few URL's. Im familiar with Sophos UTM and there is a possiblity to configure that in their GUI. I searched the Forum and found that https://forum.opnsense.org/index.php?topic=3345.0
It seems like the entries are made directly to the squid.conf which states "Do not edit this file manually".

So... any suggestions where to add the entries for the parent proxie?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2020 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2