Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Visualizacion de pagina web

    Scheduled Pinned Locked Moved Español
    56 Posts 5 Posters 11.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      huaressa
      last edited by

      si asi es.. la lan de la pfsense

      1 Reply Last reply Reply Quote 0
      • belleraB Offline
        bellera
        last edited by

        Comprueba los rdr (redirect) para la interfase donde esté puesto el modo transparente…

        pfctl -s nat

        https://forum.pfsense.org/index.php?topic=78261.msg428941#msg428941

        1 Reply Last reply Reply Quote 0
        • H Offline
          huaressa
          last edited by

          me lo puedes indicar como lo hago por favor

          1 Reply Last reply Reply Quote 0
          • H Offline
            huaressa
            last edited by

            Mrs. Bellera al ingresar la ip en la URL ya me funciona la pagina principal, al modificar el redirect pero sigo sin poder acceder a la subcarpeta.. que es la wordpress

            1 Reply Last reply Reply Quote 0
            • belleraB Offline
              bellera
              last edited by

              ¿Y al indicar por nombre también funciona la principal?

              Si no funciona, hay un problema de DNS a ajustar.

              En un equipo, el comando:

              nslookup www.xxx.com.py

              ¿da la IP de pfSense?

              1 Reply Last reply Reply Quote 0
              • H Offline
                huaressa
                last edited by

                si asi cuando le pones en la url www.xxx.com.py o la ip, me sale la pagina principal, al ponerle www.xxx.com.py/wordpress ahi ya no funciona el sitio en construccion es como si fuera que no encuentra la subcarpeta.. pero solo pasa si squidguard.

                1 Reply Last reply Reply Quote 0
                • belleraB Offline
                  bellera
                  last edited by

                  @huaressa:

                  pero solo pasa si squidguard

                  squid + squidGuard

                  o

                  squid

                  1 Reply Last reply Reply Quote 0
                  • H Offline
                    huaressa
                    last edited by

                    squid+squidguard

                    1 Reply Last reply Reply Quote 0
                    • belleraB Offline
                      bellera
                      last edited by

                      He puesto en marcha un pfSense 2.1.4 de pruebas que tengo con squid+squidGuard en modo transparente.

                      En consola he hecho lo siguiente:

                      cd /usr/local/www
mkdir prueba
cd prueba
echo Hola > index.html

                      Y yendo a 192.168.1.1/prueba

                      sale Hola sin problemas.

                      No tengo nada puesto en:

                      Bypass proxy for Private Address destination	 
Bypass proxy for these source IPs	 
Bypass proxy for these destination IPs

                      De hecho, para lo que quieres hacer esto no sirve, pues cuando se selecciona el modo transparente se envía todo al proxy EXCEPTO las peticiones que van a la interfase de pfSense. De esta forma la administración de pfSense no pasa NUNCA por el proxy.

                      1 Reply Last reply Reply Quote 0
                      • belleraB Offline
                        bellera
                        last edited by

                        @bellera:

                        Comprueba los rdr (redirect) para la interfase donde esté puesto el modo transparente…

                        pfctl -s nat

                        https://forum.pfsense.org/index.php?topic=78261.msg428941#msg428941

                        Insisto en esto, porque si sólo pasa cuando squid+squidGuard está funcionando… algo raro hay...

                        Puedes ejecutar el comando en Diagnostics: Command Prompt

                        Tiene que haber algo como:

                        rdr on em0 inet proto tcp from any to ! (em0) port = http -> 127.0.0.1 port 3128
rdr on em0 inet proto tcp from any to ! (em0) port = https -> 127.0.0.1 port 3129

                        donde se ve que el tráfico http/https es redireccionado al proxy, excepto para el tráfico con destino em0 (mi LAN).

                        1 Reply Last reply Reply Quote 0
                        • H Offline
                          huaressa
                          last edited by 

                          no nat proto carp all
nat-anchor "natearly/*" all
nat-anchor "natrules/*" all
nat on alc0_vlan38 inet from XXX.YYY.0.0/24 to any -> AAA.BBB.CCC.DDD port 1024:65535
nat on alc0_vlan38 inet from XXX.YYY.0.0/24 to any -> AAA.BBB.CCC.DDD port 1024:65535
nat on alc0_vlan38 inet from XXX.YYY.10.0/24 to any -> AAA.BBB.CCC.DDD port 1024:65535
nat on alc0_vlan38 inet from XXX.YYY.5.0/24 to any -> AAA.BBB.CCC.DDD port 1024:65535
nat on alc0_vlan38 inet from XXX.YYY.2.0/24 to any -> AAA.BBB.CCC.DDD port 1024:65535
nat on alc0_vlan38 inet from XXX.YYY.4.0/24 to any -> AAA.BBB.CCC.DDD port 1024:65535
nat on alc0_vlan38 inet from XXX.YYY.3.0/24 to any -> AAA.BBB.CCC.DDD port 1024:65535
no rdr proto carp all
rdr-anchor "relayd/*" all
rdr-anchor "tftp-proxy/*" all
rdr pass on re0 inet proto udp from any to any port = tftp -> 127.0.0.1 port 6969
rdr on alc0_vlan38 inet proto tcp from any to AAA.BBB.CCC.DDD port = http -> XXX.YYY.10.10
rdr on alc0_vlan38 inet proto udp from any to AAA.BBB.CCC.DDD port = http -> XXX.YYY.10.10
rdr on re0 inet proto tcp from any to AAA.BBB.CCC.DDD port = http tag PFREFLECT -> 127.0.0.1 port 19000
rdr on re0 inet proto udp from any to AAA.BBB.CCC.DDD port = http tag PFREFLECT -> 127.0.0.1 port 19000
rdr on re1 inet proto tcp from any to AAA.BBB.CCC.DDD port = http tag PFREFLECT -> 127.0.0.1 port 19000
rdr on re1 inet proto udp from any to AAA.BBB.CCC.DDD port = http tag PFREFLECT -> 127.0.0.1 port 19000
rdr on openvpn inet proto tcp from any to AAA.BBB.CCC.DDD port = http tag PFREFLECT -> 127.0.0.1 port 19000
rdr on openvpn inet proto udp from any to AAA.BBB.CCC.DDD port = http tag PFREFLECT -> 127.0.0.1 port 19000
rdr on alc0_vlan38 inet proto tcp from any to AAA.BBB.CCC.DDD port = smtp -> XXX.YYY.10.10
rdr on alc0_vlan38 inet proto udp from any to AAA.BBB.CCC.DDD port = smtp -> XXX.YYY.10.10
rdr on re0 inet proto tcp from any to AAA.BBB.CCC.DDD port = smtp tag PFREFLECT -> 127.0.0.1 port 19001
rdr on re0 inet proto udp from any to AAA.BBB.CCC.DDD port = smtp tag PFREFLECT -> 127.0.0.1 port 19001
rdr on re1 inet proto tcp from any to AAA.BBB.CCC.DDD port = smtp tag PFREFLECT -> 127.0.0.1 port 19001
rdr on re1 inet proto udp from any to AAA.BBB.CCC.DDD port = smtp tag PFREFLECT -> 127.0.0.1 port 19001
rdr on openvpn inet proto tcp from any to AAA.BBB.CCC.DDD port = smtp tag PFREFLECT -> 127.0.0.1 port 19001
rdr on openvpn inet proto udp from any to AAA.BBB.CCC.DDD port = smtp tag PFREFLECT -> 127.0.0.1 port 19001
rdr on alc0_vlan38 inet proto tcp from any to AAA.BBB.CCC.DDD port = pop3 -> XXX.YYY.10.10
rdr on alc0_vlan38 inet proto udp from any to AAA.BBB.CCC.DDD port = pop3 -> XXX.YYY.10.10
rdr on re0 inet proto tcp from any to AAA.BBB.CCC.DDD port = pop3 tag PFREFLECT -> 127.0.0.1 port 19002
rdr on re0 inet proto udp from any to AAA.BBB.CCC.DDD port = pop3 tag PFREFLECT -> 127.0.0.1 port 19002
rdr on re1 inet proto tcp from any to AAA.BBB.CCC.DDD port = pop3 tag PFREFLECT -> 127.0.0.1 port 19002
rdr on re1 inet proto udp from any to AAA.BBB.CCC.DDD port = pop3 tag PFREFLECT -> 127.0.0.1 port 19002
rdr on openvpn inet proto tcp from any to AAA.BBB.CCC.DDD port = pop3 tag PFREFLECT -> 127.0.0.1 port 19002
rdr on openvpn inet proto udp from any to AAA.BBB.CCC.DDD port = pop3 tag PFREFLECT -> 127.0.0.1 port 19002
rdr on alc0_vlan38 inet proto tcp from any to AAA.BBB.CCC.DDD port = imap -> XXX.YYY.10.10
rdr on alc0_vlan38 inet proto udp from any to AAA.BBB.CCC.DDD port = imap -> XXX.YYY.10.10
rdr on re0 inet proto tcp from any to AAA.BBB.CCC.DDD port = imap tag PFREFLECT -> 127.0.0.1 port 19003
rdr on re0 inet proto udp from any to AAA.BBB.CCC.DDD port = imap tag PFREFLECT -> 127.0.0.1 port 19003
rdr on re1 inet proto tcp from any to AAA.BBB.CCC.DDD port = imap tag PFREFLECT -> 127.0.0.1 port 19003
rdr on re1 inet proto udp from any to AAA.BBB.CCC.DDD port = imap tag PFREFLECT -> 127.0.0.1 port 19003
rdr on openvpn inet proto tcp from any to AAA.BBB.CCC.DDD port = imap tag PFREFLECT -> 127.0.0.1 port 19003
rdr on openvpn inet proto udp from any to AAA.BBB.CCC.DDD port = imap tag PFREFLECT -> 127.0.0.1 port 19003
rdr on alc0_vlan38 inet proto tcp from any to AAA.BBB.CCC.DDD port = domain -> XXX.YYY.10.10
rdr on alc0_vlan38 inet proto udp from any to AAA.BBB.CCC.DDD port = domain -> XXX.YYY.10.10
rdr on re0 inet proto tcp from any to AAA.BBB.CCC.DDD port = domain tag PFREFLECT -> 127.0.0.1 port 19004
rdr on re0 inet proto udp from any to AAA.BBB.CCC.DDD port = domain tag PFREFLECT -> 127.0.0.1 port 19004
rdr on re1 inet proto tcp from any to AAA.BBB.CCC.DDD port = domain tag PFREFLECT -> 127.0.0.1 port 19004
rdr on re1 inet proto udp from any to AAA.BBB.CCC.DDD port = domain tag PFREFLECT -> 127.0.0.1 port 19004
rdr on openvpn inet proto tcp from any to AAA.BBB.CCC.DDD port = domain tag PFREFLECT -> 127.0.0.1 port 19004
rdr on openvpn inet proto udp from any to AAA.BBB.CCC.DDD port = domain tag PFREFLECT -> 127.0.0.1 port 19004
rdr on alc0_vlan38 inet proto tcp from any to AAA.BBB.CCC.DDD port = imaps -> XXX.YYY.10.10
rdr on alc0_vlan38 inet proto udp from any to AAA.BBB.CCC.DDD port = imaps -> XXX.YYY.10.10
rdr on re0 inet proto tcp from any to AAA.BBB.CCC.DDD port = imaps tag PFREFLECT -> 127.0.0.1 port 19005
rdr on re0 inet proto udp from any to AAA.BBB.CCC.DDD port = imaps tag PFREFLECT -> 127.0.0.1 port 19005
rdr on re1 inet proto tcp from any to AAA.BBB.CCC.DDD port = imaps tag PFREFLECT -> 127.0.0.1 port 19005
rdr on re1 inet proto udp from any to AAA.BBB.CCC.DDD port = imaps tag PFREFLECT -> 127.0.0.1 port 19005
rdr on openvpn inet proto tcp from any to AAA.BBB.CCC.DDD port = imaps tag PFREFLECT -> 127.0.0.1 port 19005
rdr on openvpn inet proto udp from any to AAA.BBB.CCC.DDD port = imaps tag PFREFLECT -> 127.0.0.1 port 19005
rdr on alc0_vlan38 inet proto tcp from any to AAA.BBB.CCC.DDD port = pop3s -> XXX.YYY.10.10
rdr on alc0_vlan38 inet proto udp from any to AAA.BBB.CCC.DDD port = pop3s -> XXX.YYY.10.10
rdr on re0 inet proto tcp from any to AAA.BBB.CCC.DDD port = pop3s tag PFREFLECT -> 127.0.0.1 port 19006
rdr on re0 inet proto udp from any to AAA.BBB.CCC.DDD port = pop3s tag PFREFLECT -> 127.0.0.1 port 19006
rdr on re1 inet proto tcp from any to AAA.BBB.CCC.DDD port = pop3s tag PFREFLECT -> 127.0.0.1 port 19006
rdr on re1 inet proto udp from any to AAA.BBB.CCC.DDD port = pop3s tag PFREFLECT -> 127.0.0.1 port 19006
rdr on openvpn inet proto tcp from any to AAA.BBB.CCC.DDD port = pop3s tag PFREFLECT -> 127.0.0.1 port 19006
rdr on openvpn inet proto udp from any to AAA.BBB.CCC.DDD port = pop3s tag PFREFLECT -> 127.0.0.1 port 19006
rdr on alc0_vlan38 inet proto tcp from any to AAA.BBB.CCC.DDD port = smtps -> XXX.YYY.10.10
rdr on alc0_vlan38 inet proto udp from any to AAA.BBB.CCC.DDD port = smtps -> XXX.YYY.10.10
rdr on re0 inet proto tcp from any to AAA.BBB.CCC.DDD port = smtps tag PFREFLECT -> 127.0.0.1 port 19007
rdr on re0 inet proto udp from any to AAA.BBB.CCC.DDD port = smtps tag PFREFLECT -> 127.0.0.1 port 19007
rdr on re1 inet proto tcp from any to AAA.BBB.CCC.DDD port = smtps tag PFREFLECT -> 127.0.0.1 port 19007
rdr on re1 inet proto udp from any to AAA.BBB.CCC.DDD port = smtps tag PFREFLECT -> 127.0.0.1 port 19007
rdr on openvpn inet proto tcp from any to AAA.BBB.CCC.DDD port = smtps tag PFREFLECT -> 127.0.0.1 port 19007
rdr on openvpn inet proto udp from any to AAA.BBB.CCC.DDD port = smtps tag PFREFLECT -> 127.0.0.1 port 19007
rdr on alc0_vlan38 inet proto tcp from any to AAA.BBB.CCC.DDD port = https -> XXX.YYY.10.10
rdr on alc0_vlan38 inet proto udp from any to AAA.BBB.CCC.DDD port = https -> XXX.YYY.10.10
rdr on re0 inet proto tcp from any to AAA.BBB.CCC.DDD port = https tag PFREFLECT -> 127.0.0.1 port 19008
rdr on re0 inet proto udp from any to AAA.BBB.CCC.DDD port = https tag PFREFLECT -> 127.0.0.1 port 19008
rdr on re1 inet proto tcp from any to AAA.BBB.CCC.DDD port = https tag PFREFLECT -> 127.0.0.1 port 19008
rdr on re1 inet proto udp from any to AAA.BBB.CCC.DDD port = https tag PFREFLECT -> 127.0.0.1 port 19008
rdr on openvpn inet proto tcp from any to AAA.BBB.CCC.DDD port = https tag PFREFLECT -> 127.0.0.1 port 19008
rdr on openvpn inet proto udp from any to AAA.BBB.CCC.DDD port = https tag PFREFLECT -> 127.0.0.1 port 19008
rdr on alc0_vlan38 inet proto tcp from any to AAA.BBB.CCC.DDD port = 3389 -> XXX.YYY.2.11
rdr on alc0_vlan38 inet proto udp from any to AAA.BBB.CCC.DDD port = 3389 -> XXX.YYY.2.11
rdr on re0 inet proto tcp from any to AAA.BBB.CCC.DDD port = 3389 tag PFREFLECT -> 127.0.0.1 port 19009
rdr on re0 inet proto udp from any to AAA.BBB.CCC.DDD port = 3389 tag PFREFLECT -> 127.0.0.1 port 19009
rdr on re1 inet proto tcp from any to AAA.BBB.CCC.DDD port = 3389 tag PFREFLECT -> 127.0.0.1 port 19009
rdr on re1 inet proto udp from any to AAA.BBB.CCC.DDD port = 3389 tag PFREFLECT -> 127.0.0.1 port 19009
rdr on openvpn inet proto tcp from any to AAA.BBB.CCC.DDD port = 3389 tag PFREFLECT -> 127.0.0.1 port 19009
rdr on openvpn inet proto udp from any to AAA.BBB.CCC.DDD port = 3389 tag PFREFLECT -> 127.0.0.1 port 19009
rdr on alc0_vlan38 inet proto tcp from any to AAA.BBB.CCC.DDD port = http -> XXX.YYY.0.241
rdr on re0 inet proto tcp from any to AAA.BBB.CCC.DDD port = http tag PFREFLECT -> 127.0.0.1 port 19010
rdr on re1 inet proto tcp from any to AAA.BBB.CCC.DDD port = http tag PFREFLECT -> 127.0.0.1 port 19010
rdr on openvpn inet proto tcp from any to AAA.BBB.CCC.DDD port = http tag PFREFLECT -> 127.0.0.1 port 19010
rdr-anchor "miniupnpd" all

                          Esto es lo que me sale al poner la consulta indicada.

                          Moderador
                          Cambié tu IP pública por AAA.BBB.CCC.DDD. Y tus rangos privados por XXX.YYY Hay que procurar no postear datos "sensibles"

                          1 Reply Last reply Reply Quote 0
                          • belleraB Offline
                            bellera
                            last edited by

                            Estás usando NAT Reflection. Pienso que deberías deshabilitarlo y emplear DNS Split.

                            https://forum.pfsense.org/index.php?topic=25326.msg131662#msg131662

                            En Documentación tenemos:

                            Ver (con el mismo nombre) servidores publicados en Internet
                            System - Advanced - Firewall/NAT - Disable NAT Reflection (no si se superan 500 puertos o se usa NAT 1:1)
                            Services - DNS Forwarder - Host Overrides (método recomendado, split DNS)
                            https://forum.pfsense.org/index.php/topic,43113.msg223228.html#msg223228
                            https://forum.pfsense.org/index.php/topic,33289.msg173400.html#msg173400

                            Siempre uso DNS Split… Me parece mucho más claro y coherente. Podría ser este tu problema.

                            1 Reply Last reply Reply Quote 0
                            • belleraB Offline
                              bellera
                              last edited by

                              Quita también UDP de todos los NAT que tienes hechos. http, pop3, pop3s, smtp, rdp, imap, imaps… van siempre por TCP. Permitir UDP no tiene sentido y es menos confiable.

                              El único servicio de los que veo que va siempre por UDP es el puerto 53 (DNS), domain.

                              1 Reply Last reply Reply Quote 0
                              • belleraB Offline
                                bellera
                                last edited by

                                @bellera:

                                Tiene que haber algo como:

                                rdr on em0 inet proto tcp from any to ! (em0) port = http -> 127.0.0.1 port 3128

                                donde se ve que el tráfico http es redireccionado al proxy, excepto para el tráfico con destino em0 (mi LAN).

                                No veo nada en tus NAT semejante a esto. Aparece cuando squid está en modo transparente. Para cada interfase donde está actuando squid.

                                1 Reply Last reply Reply Quote 0
                                • H Offline
                                  huaressa
                                  last edited by

                                  http://aa.aa.aa.aa/crawler.php?type=i&advKeywords=adv&aid=57573&l=http://hhh.com.py/wordpress/&r= Request(marketingbritam/in-addr/-) marketing GET REDIRECT

                                  este es el log que me sale poner en la url la direccion de mi subcarpeta… que significa

                                  1 Reply Last reply Reply Quote 0
                                  • belleraB Offline
                                    bellera
                                    last edited by

                                    in-addr sirve en squidGuard para denegar (o permitir) URLs basadas en IP de destino:

                                    http://www.squidguard.org/Doc/Examples/06.conf

                                    GET REDIRECT al final indica que squidGuard deniega el acceso. Encontré un par de páginas donde se explica en castellano (ver al final de cada página) :

                                    http://tuxjm.net/docs/Manual_de_Instalacion_de_Servidor_Proxy_Web_con_Ubuntu_Server_y_Squid/html-multiples/ch05s08.html

                                    https://gist.github.com/VTacius/eea9e38f65adece88c76

                                    1 Reply Last reply Reply Quote 0
                                    • H Offline
                                      huaressa
                                      last edited by

                                      Buenas:
                                      [sg_redirector_base_url] Select redirector base url (301:http://www.vvv.com.py) alguien me puede ayudar que quiere decir esto, aun sigo sin poder ver mi pagina web cuando el usuario esta por el squidguard

                                      [sg_redirector_base_url] Select redirector base url (http://mail.vvv.com.py/&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u) esto que significa.?

                                      1 Reply Last reply Reply Quote 0
                                      • H Offline
                                        huaressa
                                        last edited by

                                        Sera que me pueden orientar no se como hacer ya probe de todo… :'(

                                        1 Reply Last reply Reply Quote 0
                                        • A Offline
                                          acriollo
                                          last edited by

                                          pregunta, si intentas accesar via la ip local del servidor , digamos http://192.168.0.3/wordpress funciona ?

                                          de esta manera no pasas por el squidguard.

                                          Si esto te funciona,

                                          podrias crear un dns overwrite directo en el pfsense y evitar el squid para el acceso local

                                          1 Reply Last reply Reply Quote 0
                                          • H Offline
                                            huaressa
                                            last edited by

                                            No funciona ingresando de la forma que me pusiste de ejemplo a travez de la ip local., como se seria el dns overwrite, ya que lo he intentado pero no se si lo hago bien, me puedes indicar tomando como ejemplo la ip 192.168.0.3? evidentemente el squidguard es el inconveniente que no encuentra el index o algo asi, por que sin el squidguard ingresa sin problema, el dominio no esta pudiendo encontrar sin embargo poniendo la ip del equipo ingresa pero tarda demasiado y muestra sin formato solo letras.
                                            Sds.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.