Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNS Forwarder - OWA (HTTP access internally)

    DHCP and DNS
    2
    3
    669
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      IanMcLachlan last edited by

      Hi Guys,

      Have what would appear to be a problem that should be an easy fix .. but for the life of me, I can't seem to crack it.

      Current Version:

      2.2.1-RELEASE (amd64)
      FreeBSD 10.1-RELEASE-p6

      Problem.

      Internal devices unable to access the mail.company.com OWA domain.
      External devices have no issues.

      Have setup, and enabled, a DNS forwarder on the inside interface with a host override pointing to the FQDN - mail.company.com local ip address.

      Proxy is set non-transparent

      Internally:

      If I set my browser to ignore proxy for local addresses it works fine.  If not, it doesn't work.  This is not great problem, for browsers.  However, it's more of an issue for ipads etc…  The proxy has to be set for them to have internet access, however there is no override setting for internal addresses.  I thought the override option on the PFsense box would work, but clearly not for proxy traffic.

      Inside rules are set  ...    Any to Any allow

      Tried the unbound service (DNS resolver) with the same results.  The traffic is SSL. (HTTPS)

      Anyone any ideas?

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        Web Proxy auto-discovery has a method for directing traffic through the proxy or not.  Read these:

        https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

        http://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_file_sample.aspx

        http://www.craigjconsulting.com/proxypac.html

        1 Reply Last reply Reply Quote 0
        • I
          IanMcLachlan last edited by

          Hi,

          Thanks for your suggestion.  It seems an extra headache to acheive my end goal.  This wasn't an issue a few updates ago.  I used to have reverse-proxy set for OWA, but because of the issue with usiing low ports etc, I had to ditch this and publish the traffic directly to the server.  I think thats when it stop working… however, I maybe wrong.  I know there is a way round this now by setting up a loopback listioner on a higher port.

          I was hoping a simple fix could be put in place.  In theory, I am not sure why this wouldn't work.  I might have to go down the WPAD route if all else fails, or possible put in the fix for the reverse proxy soltuion to see if that works.

          Again, thanks for your comments.

          Ian

          1 Reply Last reply Reply Quote 0
          • First post
            Last post