Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
how to avoid some IP subnets to use transparent proxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: how to avoid some IP subnets to use transparent proxy (Read 2256 times)
hemin
Newbie
Posts: 10
Karma: 0
how to avoid some IP subnets to use transparent proxy
«
on:
January 01, 2022, 11:23:09 am »
Happy new Year!
I have problems with squid transparent proxy and telegram, telegram is working but I can't download any picture, so I want to avoid telegram subnets (I don't find any domain) to use squid.
Seems that bump list only support IPs and domais, but not subnets (or my be I'm doing something wrong).
One way is to configure NAT policy to NAT all but these ranges using inverse destination, the problem is i'm using this method to avoid some source IPs to go to the proxy, so I think that it's not possible use both methods at the same time because NAT redirection take effect on the first rule, and "bypass" the next policy in this case.
May be I have to use the NAT option "No RDR" with the SRC and DST aliases?
Regards
Logged
Cuffs
Newbie
Posts: 20
Karma: 2
Re: how to avoid some IP subnets to use transparent proxy
«
Reply #1 on:
January 02, 2022, 06:26:51 pm »
Hi
Why not include !NoDSTProxy on the first rule as well?
br
Christian
Logged
hemin
Newbie
Posts: 10
Karma: 0
Re: how to avoid some IP subnets to use transparent proxy
«
Reply #2 on:
January 02, 2022, 07:52:50 pm »
Hi,
Because the NAT policy act as a AND, so if I put as source !NoSCRProxy and destination !NoDSTProxy then it only will do NAT when source is different AND destination is different.
I'm testing with the option "No RDR" or "no redirect" and seems that this is the correct solution
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
how to avoid some IP subnets to use transparent proxy