Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Newbie Web Proxy Bypass Question
« previous
next »
Print
Pages: [
1
]
Author
Topic: Newbie Web Proxy Bypass Question (Read 2002 times)
GunShotResidue
Newbie
Posts: 1
Karma: 0
Newbie Web Proxy Bypass Question
«
on:
November 14, 2020, 12:19:57 pm »
Hi Folks,
I have a new installation complete with DNSCrypt, IDS and Virus Scanning / Web Proxy. Everything is working great except for one issue. I have configured and enabled transparent proxy for ad blocking and virus filtering and have no issue with sites that have been whitelisted to avoid the security certificate issue. But I have certain devices (Roku, SmartThings, etc...) that I would like to bypass completely as there are too many URL's that I am unfamiliar with to whitelist each one separately. I have read that this can be done by creating a no redirect rule prior to the proxy redirect rules using NAT and selecting a group of IP's (or even better hosts as I am using DHCP). The problem I have is that I'm more software developer, less network and need a step by step on how to do this. I've searched the documentation, forums and google to no avail. I've looked at the rule configuration, and groups/aliases for the IP's and it's not obvious to me on how to accomplish this.
Thank You.
Logged
Amr
Jr. Member
Posts: 78
Karma: 4
Re: Newbie Web Proxy Bypass Question
«
Reply #1 on:
November 16, 2020, 01:57:37 pm »
hello GunShotResidue,
Have you considered adding the devices to the "Unrestricted IP addresses" and accepting your certificate on each of them?
well anyway , to achieve what you want follow these steps:
1-give static IPs (through the DHCP) to the desired devices
2- Create an alias for these devices ( Firewall > Aliases) EX: "no-redirection" and add all of the devices IPs.
3-In port forward (Firewall > NAT) add the following rule:
Interface : LAN
Source / Invert : check this box (this is a logical NOT operator)
Source : no-redirection (the alias you made)
Destination : any
Destination port range : HTTP and HTTPS (you can add two rules one for HTTP and one HTTPS or create an alias for both)
Redirect target IP: the prxoy's IP
Redirect target port : the port that it listens to
Basically it tells the firewall to route traffic that does "NOT" come from the alias's ip range to the proxy
alternatively you can create an alias for all the ips that's going to be redirected and simply redirect it.
Logged
Disclaimer: All advice presented is "AS IS", no warranties.
I'm not part of the opnsense team, just trying to help.
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Newbie Web Proxy Bypass Question