[Q] pfSense on Hyper-V 2012R2 - transparent mode - possible? {YES}
-
@johnpoz Because if all falls apart i just a cable away (putting it between SWitches or do some briging on the host)...and do it remotly...
And i am just one guy doing all this beside my office hours :-)) -
So your trying to set this all up remote? hehe dude you should be on site for such setup..
-
@johnpoz After i setup this on premises i will manage all remote like i have done for several years. But i need in case of FW failure to let people work with minimal disturbance and not wait for me to get there.
I really hope that i will be able to do the transparent proxy....right now i am stuck... -
You can't use Squid in transparent mode on a bridged firewall. The redirect rules do not function on bridged interfaces.
Or at least they did not last time I tested this:
https://redmine.pfsense.org/issues/1620You might also consider that the usefulness of a transparent proxy is limited anyway. Once encrypted SNI becomes widespread you will no longer be able to see or filter https traffic without full ssl intercept.
https://blog.cloudflare.com/encrypted-sni/Steve
-
@stephenw10 Thanks for answering!
I just wanted to make it work like untangle in transparent mode.
I will see what i can do....
The Freeradius part it is working...i hope squid will do to....but transparent.... -
Not if it's redirecting on a bridged interface. You can try the patch linked in that bug report. It's been a while since I tested it but I was never able to make it work despite trying every combination of things I could think of. Something may have changed since then.
Steve
-
@stephenw10 Yes, you are right...not working. I have tried everything that i can think off. I was hoping that fixing the problem i was having with Freeradius will also fix this, but no ( i had to manually add the name of the server in DNS overwrites) The patch seems to be merged since 2017...
What else could i try for transparent proxy to work on bridged interface?
Thanks. -
You could try a 2.5 snapshot. They are built on FreeBSD 12. Since this appears to be an upstream limitation in pf that may have been fixed.
Steve
-
@stephenw10 Can i update from 2.4.4_3 by simply changeing the sytem/update/systemupdate branch to 2.5? Thx.
-
Yes you can. Be sure to snapshot it if you need to go back though, you cannot downgrade in the same way.
Steve