Transparent Proxy

I can only get the HTTP proxy to work if I set my browser to proxy to port 8080 on the firewall... if I set the proxy and my browser I believe that proxy is not working beacuse I have added a domain to be blocked in the blacklist filter but yet I can still get to it. if I set my browser to port 8080 the I get denied to that blacklist as I would expect. I have added my 2 internal webservers to the Skip list as per earlier instructions. and that allows external client to see my web sites with the proxy enabled. But I still cant get filtering to work. I only have one packet filter. allow Any/Any any. for now

Dave P

Parents

0 Atrius over 20 years ago

my setup works:

PF rules = several, but the point here is that i do NOT allow HTTPS or HTTP.

HTTP Proxy ... I have this set on Standard (not Transparent, so that I can "filter" the httpS requests for Blacklist strings, i don't want to allow HTTPS annonymous proxy) ... anyway, my blacklist includes the string "privoxy.com" and it gets blocked this way. My browsers are configured with port 8080. Works like a charm.

So, perhaps it's a combination of you're trying to use the Port 80 (try 8080), when your post subject said you're trying to do Transparent proxy ... if you want transparent, don't configure the browser to use proxy ... if you want to use Standard, then configure the browser to use proxy AND get rid of the PF All/ANY/All rule (that's probably thwarting your Blocking ability)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Atrius over 20 years ago

my setup works:

PF rules = several, but the point here is that i do NOT allow HTTPS or HTTP.

HTTP Proxy ... I have this set on Standard (not Transparent, so that I can "filter" the httpS requests for Blacklist strings, i don't want to allow HTTPS annonymous proxy) ... anyway, my blacklist includes the string "privoxy.com" and it gets blocked this way. My browsers are configured with port 8080. Works like a charm.

So, perhaps it's a combination of you're trying to use the Port 80 (try 8080), when your post subject said you're trying to do Transparent proxy ... if you want transparent, don't configure the browser to use proxy ... if you want to use Standard, then configure the browser to use proxy AND get rid of the PF All/ANY/All rule (that's probably thwarting your Blocking ability)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Dave Packham over 20 years ago in reply to Atrius

let me clarify a bit
I would like to use transparent and it is setup as transparent..
but I cant get it to work unless I set my browser to use proxy on 8080

I can set it to standard and it works as I would think it would on 8080.

the question is that running transparent it doesnt capture port 80 and filter that. maybe a beta prob.

Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 mdallagi over 20 years ago in reply to Dave Packham

Hi,

Have you setup the gateway on the client interface?
Ensure also that you can resolve DNS query...
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Dave Packham over 20 years ago in reply to mdallagi

Yes that DHCP option for gateway and DNS servers are corrent. the port 80 IPtables traffic redirect does not appear to be working in this case. Ill look at the tables and see if I can see the port 80 capture and redirect (assuming that you are using iptables to capture the http port for the transparent proxy)

Dave P
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel