OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Web Proxy Filtering and Caching (Moderator: fabian) »
  • Transparent proxy traffic allowed but logged by 'Default deny'
« previous next »
  • Print
Pages: [1]

Author Topic: Transparent proxy traffic allowed but logged by 'Default deny'  (Read 3246 times)

hbc

  • Hero Member
  • *****
  • Posts: 501
  • Karma: 47
    • View Profile
Transparent proxy traffic allowed but logged by 'Default deny'
« on: October 24, 2019, 08:48:21 am »
I run a transparent squid proxy on 19.7.5_5 (80, 443 redirected to localhost 3128, 3129).

Everything is working: Traffic intercepted, redirected to localhost proxy, processed and clients browse without additional settings.

The only issue are the log entries which are generated and rise the impression that traffic is blocked which is actually not the case:

Log entry:
Code: [Select]
StudentsNet Oct 24 08:23:18 10.1.0.241:63039 127.0.0.1:3129 tcp Default deny rule

I tested traffic, ports and logs. Everything works and for users no problems, except these deny rules flooding logs.

Port forward:
Code: [Select]
GRPStudents TCP GRPStudents net Port_unprivileged  * 80 (HTTP) 127.0.0.1 3128 redirect traffic to local proxy
GRPStudents TCP GRPStudents net Port_unprivileged  * 443 (HTTPS) 127.0.0.1 3129 redirect traffic to local proxy
Associated rules:
Code: [Select]
IPv4 TCP GRPStudents net Port_unprivileged  127.0.0.1 3128 * * NAT redirect traffic to local proxy (IPv4)
IPv4 TCP GRPStudents net Port_unprivileged  127.0.0.1 3129 * * NAT redirect traffic to local proxy (IPv4)
GRPStudents is an interface group, consisting of three interfaces.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR

mimugmail

  • Hero Member
  • *****
  • Posts: 6767
  • Karma: 494
    • View Profile
Re: Transparent proxy traffic allowed but logged by 'Default deny'
« Reply #1 on: October 24, 2019, 10:30:20 am »
Can you grep the line from filter.log? Maybe it blocks some out of order RST packets from an already closed session. Also happens sometimes on Linux with iptables.
Logged
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

hbc

  • Hero Member
  • *****
  • Posts: 501
  • Karma: 47
    • View Profile
Re: Transparent proxy traffic allowed but logged by 'Default deny'
« Reply #2 on: October 24, 2019, 04:23:24 pm »
Well, that maybe possible. I have some blocklists active, so that proxy denies ad tracker and telemetry.

I will check whether a proxy deny correlates with the log entries and check filter.log

Update:

flags in filter.log are different.

127.0.0.1,36388,3129,24,PA,2989120169:2989120193,3146837101,911,,nop;nop;TS
127.0.0.1,36388,3129,0,FA,2989120193,3146837101,911,,nop;nop;TS
127.0.0.1,59012,3129,24,PA,425872857:425872881,1453957540,741,,nop;nop;TS
127.0.0.1,47393,3129,24,FPA,604622599:604622623,843939034,775,,nop;nop;TS
127.0.0.1,51150,3129,24,PA,2163678365:2163678389,1241170655,821,,nop;nop;TS
127.0.0.1,51150,3129,0,FA,2163678389,1241170655,821,,nop;nop;TS
« Last Edit: October 24, 2019, 04:31:44 pm by hbc »
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Web Proxy Filtering and Caching (Moderator: fabian) »
  • Transparent proxy traffic allowed but logged by 'Default deny'
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2