Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Transparent Proxy bypasses WAN reject rule
« previous
next »
Print
Pages: [
1
]
Author
Topic: Transparent Proxy bypasses WAN reject rule (Read 1957 times)
Cuffs
Newbie
Posts: 20
Karma: 2
Transparent Proxy bypasses WAN reject rule
«
on:
February 25, 2021, 09:26:52 pm »
Hi
I thought after using OPNSense for a year and being very happy with it I'll register here.
Maybe my post is of help/contribution, or maybe I'm just misunderstanding something..
I use Web Proxy in transparent mode - so far so good.
I also added a Rule to reject outgoing IPv4 TCP/UDP any to a Blocklist of DNS via HTTPS servers to port 443.
When doing telnet 9.9.9.9 443 on OPNSense itself the rule kicks in and blocks traffic.
But from a client via the proxy this works. So it seems Squid is bypassing outgoing rules on the WAN interface.
Is this as intended?
Thank you
Christian
Logged
smyers119
Newbie
Posts: 39
Karma: 2
Re: Transparent Proxy bypasses WAN reject rule
«
Reply #1 on:
February 26, 2021, 12:29:56 am »
It doesn't "bypass" it, It's never even evaluated because the proxy is not behind the LAN firewall.
If you make the destination the opnsense ip with the proxy port then it should work, because then the firewall rule is sitting between the enduser and the proxy.
Logged
Cuffs
Newbie
Posts: 20
Karma: 2
Re: Transparent Proxy bypasses WAN reject rule
«
Reply #2 on:
February 26, 2021, 09:00:43 pm »
I meant on the WAN side.
I would have imagined:
Client - NAT/Redirect - Proxy - WAN Rules - Internet
It seems to be:
Client - NAT/Redirect - Proxy - Internet
Logged
Cuffs
Newbie
Posts: 20
Karma: 2
Re: Transparent Proxy bypasses WAN reject rule
«
Reply #3 on:
March 06, 2021, 07:32:45 am »
Just to close this in case someone finds it via google.
False positive.
Our company's IT department implemented DAC via tunnel on our notebooks without me knowing.
That was why WAN block rules didn't seem to work on OPNSense - my laptop was using the company proxy.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Transparent Proxy bypasses WAN reject rule