Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to reach WPAD web on a IIS HTTP server in other subnet

    Scheduled Pinned Locked Moved Cache/Proxy
    4 Posts 2 Posters 787 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • SipriusPTS
      SipriusPT
      last edited by SipriusPT

      Hello everyone,

      I am trying to migrate from a transparent proxy for HTTP and HTTPS to a explicit proxy on squid, using a HTTP server in one subnet to serve the WPAD files for another where squid is running, but if I disable both transparent proxy modes (Transparent HTTP Proxy and HTTPS/SSL Interception), I am unable to open that HTTP webpage through subdomain.

      From enduser machine I am able to resolve the subdomain name, but doesnt open the HTTP page.

      This is my actual layout (ex: subdomainB.local.lan is where the WPAD files are hosted):

      esquema_rede_proxy.png

      From 10.0.0.0/24, I am able to open the subdomainB.local.lan, and between both subnets there is no traffic being block or reject, it is allowed any traffic.

      I've added the subdomainB.local.lan on squid ACLs Whitelist, but still same outcame.

      Anyone knows how can I solve this?

      1xSG-4860-1U
      1xSG-3100
      2xpfSense Virtual Machines

      KOMK 1 Reply Last reply Reply Quote 0
      • KOMK
        KOM @SipriusPT
        last edited by

        @sipriuspt said in Unable to reach WPAD web on a IIS HTTP server in other subnet:

        What error do you get when 10.0.50.100 tries to fetch http://subdomainB.local.lan/wpad.dat?

        SipriusPTS 1 Reply Last reply Reply Quote 1
        • SipriusPTS
          SipriusPT @KOM
          last edited by

          @kom after several month, I made another attempt and discovered that the issue that I was having before was not letting those machines at 10.0.50.0/24, reach the default proxy port 3128 of the firewall.
          Allowing such destination, disabling transparent proxy for HTTP and HTTPS, and adding option 252 for each file in the IIS website, resolved the situation. From end users perspective, no Windows's machine notice what happeans, only MacOS, where the Auto proxy Discovery came disable by default, but I've only enable it for the ethernet port, and apply, and it start working.
          The only thing that I've notice is that a few remote websites gave the SSL's not valid, but dont know why some happear right and others not.

          Do you have an idea?

          1xSG-4860-1U
          1xSG-3100
          2xpfSense Virtual Machines

          KOMK 1 Reply Last reply Reply Quote 0
          • KOMK
            KOM @SipriusPT
            last edited by

            @sipriuspt Perhaps their certs really are invalid? A LetsEncrypt root cert expired a while back that caused such problems. Look at the details of the cert error and see what the problem is. That will help you decide if it's anything wrong on your end.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.