Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Web Proxy Hairpulling
« previous
next »
Print
Pages: [
1
]
Author
Topic: Web Proxy Hairpulling (Read 1520 times)
louiss3000
Newbie
Posts: 2
Karma: 0
Web Proxy Hairpulling
«
on:
November 08, 2021, 05:17:38 pm »
Hello All,
Having been through IPCop for some years, then IPFire until a HDD failure, and even a SonicWall for a while, PFSense looked interesting, but OPNSense seemed like a good fit for my SOHO type environment.
The setup on a Dell I3, 8gb, 120g SSD, WAN+LAN+OPT1 system went well, no issues. Set some basic rules all was well, set up an internal server on LAN. OPT1 is used for wireless, rules blocked from LAN.
Then, I went for web proxy to do some web filtering, and the hair pulling began. Caching worked fine, ICAP and ClamAV OK. Set up the NAT and firewall rules for the proxy, so far OK. I did not try transparent proxy yet.
All seemed well, some sites blocked by ACL, EICAR stopped. Yay!
But "foxnews.com" will not load, no message or errors, just no load. I backed off one option at a time, filtering, ICAP, Clam, caching, until the only checkmark was "enable proxy", no joy. Of course If I removed the proxy from the PC, all is well. As soon as I uncheck "enable proxy", fox works. I can find no other site that fails to load. I can ping "foxnews.com" OK.
I have checked Firefox, and Chrome the issue remains. I have stopped and restarted all services, removed all NATs and firewall rules, and started over.
The only rules added to the system are to block the connections from LAN to OPT1, and another that opens a port to my internal security camera server.
I suppose I could whitelist that one site, but that would be too easy. Sorry for the long description, but I'm trying to cover all the variables.
Can someone point out the error in my ways ??
LS
Logged
FullyBorked
Sr. Member
Posts: 345
Karma: 24
Re: Web Proxy Hairpulling
«
Reply #1 on:
November 08, 2021, 08:25:02 pm »
Web proxy might be an older school way of filtering web traffic. You would most likely have better luck with something like Zenarmor/Sensei. Would be a much simpler setup and depending on what you goals are might just overall be a better fit.
I went down the same path, I had a web filtering background (Barracuda/Sophos), so jumped right to web filtering in OPNsense. But quickly found that Zenarmor was the better solution for my needs, which were blocking by category, blocking malware, and reporting.
Logged
louiss3000
Newbie
Posts: 2
Karma: 0
Re: Web Proxy Hairpulling
«
Reply #2 on:
November 09, 2021, 01:02:54 am »
Thanks, I will certainly look into that options. The biggest issue right now is why is it just that one site? OPNsense is clearly overkill for my needs, but I love a challenge. I
will
find out why...
LS
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Web Proxy Hairpulling