Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Web Proxy traffic shaping question
« previous
next »
Print
Pages: [
1
]
Author
Topic: Web Proxy traffic shaping question (Read 1398 times)
ssonic
Newbie
Posts: 5
Karma: 0
Web Proxy traffic shaping question
«
on:
September 06, 2023, 06:05:14 pm »
Hi
Coming from pfsense, which I administered for years, relatively new to opnsense.
I have succesfully configured:
- shaper pipes - one for upload, one for download
- weighted queues
- shaper rules matching various traffic and allocating traffic to appropriate queues.
All of the above works as expected, I can see traffic in Friewall > Shaper > Status, and network tests confirm that it works.
I cannot for the life of me figure out how to shape traffic that comes from LAN to web proxy via NAT port forward (redirect to 127.0.0.1 and squid port)
Web proxy works as expected, but the traffic does not show in traffic shaper no matter how I set it up, which also screw up my whole QoS as there is a significant portion of traffic going via web proxy, which does not show in traffic shaper. This means that the shaper thinks there is no congestion and does not work correctly while web proxy traffic is consuming like 90% of bandwidth.
Proxy is configured for SNI inspection only if that matters (transparent proxy)
I have configured a special queue for web proxy.
I have tried the following rules under Firewall > shaper > Rules:
Interface Loopback, LAN and WAN, nothing catches the web proxy traffic even if this is the only rule present.
Various destination IP addresses, including loopback IP.
Normally LAN catches upload, and WAN download from what I figured so far.
In PFSense I could achieve this by adding queue to firewall rules that was allowing traffic to squid, but in case of OPNSense, this is done via rules in shaper section by the looks of it.
I am wondering if anyone knows the order the firewall is processing traffic, as to my understanding traffic from LAN in my case gets natted first (redirected to loopback IP of the firewall), so that port 443 turns into 3129 and destination addess into 127.0.0.1(loopback), Then firewall filter passes the traffic via bound firewall rule.
Then the proxy inspects the SNI and sources the traffic flow from firewall WAN interface (closest IP to destination address)
What am I missing here, how can I shape the web proxy traffic? There is traffic management under web proxy confgiuration, but that is too basic for my needs, as it doesn't cooperate with existing pipe queue system.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Web Proxy traffic shaping question