DNS Forwarder - OWA (HTTP access internally)
-
Hi Guys,
Have what would appear to be a problem that should be an easy fix .. but for the life of me, I can't seem to crack it.
Current Version:
2.2.1-RELEASE (amd64)
FreeBSD 10.1-RELEASE-p6Problem.
Internal devices unable to access the mail.company.com OWA domain.
External devices have no issues.Have setup, and enabled, a DNS forwarder on the inside interface with a host override pointing to the FQDN - mail.company.com local ip address.
Proxy is set non-transparent
Internally:
If I set my browser to ignore proxy for local addresses it works fine. If not, it doesn't work. This is not great problem, for browsers. However, it's more of an issue for ipads etc… The proxy has to be set for them to have internet access, however there is no override setting for internal addresses. I thought the override option on the PFsense box would work, but clearly not for proxy traffic.
Inside rules are set ... Any to Any allow
Tried the unbound service (DNS resolver) with the same results. The traffic is SSL. (HTTPS)
Anyone any ideas?
-
Web Proxy auto-discovery has a method for directing traffic through the proxy or not. Read these:
https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid
http://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_file_sample.aspx
-
Hi,
Thanks for your suggestion. It seems an extra headache to acheive my end goal. This wasn't an issue a few updates ago. I used to have reverse-proxy set for OWA, but because of the issue with usiing low ports etc, I had to ditch this and publish the traffic directly to the server. I think thats when it stop working… however, I maybe wrong. I know there is a way round this now by setting up a loopback listioner on a higher port.
I was hoping a simple fix could be put in place. In theory, I am not sure why this wouldn't work. I might have to go down the WPAD route if all else fails, or possible put in the fix for the reverse proxy soltuion to see if that works.
Again, thanks for your comments.
Ian
