Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Firewall Rules for Proxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall Rules for Proxy (Read 3123 times)
spetrillo
Hero Member
Posts: 721
Karma: 8
Firewall Rules for Proxy
«
on:
December 15, 2020, 12:16:54 am »
Hello all,
I have setup my proxy firewall rules but wanted to make sure the order of my rules is correct. Do I need to move the default allow to the bottom?
Thanks,
Steve
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: Firewall Rules for Proxy
«
Reply #1 on:
December 15, 2020, 11:13:30 am »
Yes, otherwise your proxy rule won't be used.
Logged
„The S in IoT stands for Security!“
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: Firewall Rules for Proxy
«
Reply #2 on:
December 15, 2020, 06:43:55 pm »
Thanks...
Ok I have now added rules for transparent proxy capabilities. Here is a screenshot of the new rules layout. Am I ok in the order they are in now?
Logged
errored out
Full Member
Posts: 171
Karma: 3
Re: Firewall Rules for Proxy
«
Reply #3 on:
January 14, 2021, 11:39:11 pm »
That does not look like configurations for a transparent proxy.
https://docs.opnsense.org/manual/proxy.html
"The transparent mode means all requests will be diverted to the proxy without any configuration on your client."
Look into the ports you would need to change. Your configuration is using the default proxy ports which would not be correct for transparent.
Is there a particular reason for the first rule? I'm guessing you would have issues with your network.
Logged
Amr
Jr. Member
Posts: 78
Karma: 4
Re: Firewall Rules for Proxy
«
Reply #4 on:
January 18, 2021, 07:49:33 am »
Quote
Is there a particular reason for the first rule?
FW rule order is very important for the proxy to function correctly
https://docs.opnsense.org/manual/firewall.html#processing-order
, this is not clearly conveyed in the link you attached which normally causes confusion, to put it simply when there's more than one rule that deal with the same thing the first gets matched and the others discarded -that's the default action- (for example, let's say we have 2 rules 1- block connection to "proxy" and 2-Allow Connection to "proxy" if 1 comes before 2 -aka on top of it- then the connection to the proxy will be blocked).
how is this relevant to proxy config then? usually, when you use a proxy you don't want clients to skip it, so you need to make sure that they can only use the proxy, this is done by allowing connection to proxy ports (3128-9 default) and denying HTTP(S) ofc it doesn't have to be the first rules you can add rules that deal with other stuff (like DNS, VPN, etc) before it.
Also for a Transparent proxy to work you also need to config other stuff like port forward, but that's another topic.
Logged
Disclaimer: All advice presented is "AS IS", no warranties.
I'm not part of the opnsense team, just trying to help.
Amr
Jr. Member
Posts: 78
Karma: 4
Re: Firewall Rules for Proxy
«
Reply #5 on:
January 18, 2021, 07:56:40 am »
Ok I have now added rules for transparent proxy capabilities. Here is a screenshot of the new rules layout. Am I ok in the order they are in now?
I'd remove "the Default Allow all" so that users can only connect to the internet through the proxy only also you don't need to put the 3128-9 ports in separate rules a single one is enough.
Logged
Disclaimer: All advice presented is "AS IS", no warranties.
I'm not part of the opnsense team, just trying to help.
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Firewall Rules for Proxy