OPNsense behind Proxy

Started by thomas-hn, January 17, 2023, 09:52:17 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 17, 2023, 09:52:17 AM
Hello,

if OPNsense is installed behind a proxy server, is there any way to make Internet access possible to clients behind OPNsense without using proxy settings on them?
I am thinking about simply configuring the IP address of OPNsense as DNS server and Gateway to those clients network configuration and OPNsense redirects all those requests coming from the clients via the proxy to the Internet (also including authentification at the proxy done by OPNsense).
I'm aware of the fact, that this would not allow "full" Internet access, but only limited to HTTP traffic (or whatever the proxy allows).

Can this be done with OPNsense? If so, any hints?

Thanks a lot in advance,

Thomas
January 17, 2023, 11:34:46 AM #1
You're talking about a transparent web proxy, where any traffic to 80/443 is forwarded to the proxy on its port (e.g. 8080). You may be able to configure that in Firewall, NAT, Outbound

However, this breaks HTTP in fun and interesting ways unlikely to play nice with modern AJAX sites :)

What about hosting a pac file and sending your clients to that? DHCP option 252 may help.

Bart...
January 17, 2023, 12:53:28 PM #2
Thanks for this hint. This helps me definitely :)
Is OPNsense also able to authenticate itself against a proxy?
January 17, 2023, 06:27:03 PM #3
Sorry Thomas, I'm not sure - the proxy documentation doesn't mention authenticating against an upstream proxy: https://docs.opnsense.org/manual/proxy.html

Bart...
Print
Go Up Pages1
User actions