Re: [pfSense Support] Proxy Question
Op 5-10-2010 20:58, Anil Garg schreef: At my work, I have to enter: proxy.sucks.com:80 under the ToolsOptionsnetworkconnectionssettings I would suggest setting up a proxy wpad host at work that provides the clients with that information. Setup a wpad.sucks.com website that has a wpad.dat file with the javascript proxy configuration script. When you get home the site doesn't exist and it just works. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Proxy Question
Just a minor problem is that in my company they have 100,000 desktops/laptops and IT is high up in hierarchy. Anil Garg +1 408-221-7725 From: Seth Mos seth@dds.nl To: support@pfsense.com Sent: Wed, October 6, 2010 2:06:44 AM Subject: Re: [pfSense Support] Proxy Question Op 5-10-2010 20:58, Anil Garg schreef: At my work, I have to enter: proxy.sucks.com:80 under the ToolsOptionsnetworkconnectionssettings I would suggest setting up a proxy wpad host at work that provides the clients with that information. Setup a wpad.sucks.com website that has a wpad.dat file with the javascript proxy configuration script. When you get home the site doesn't exist and it just works. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Proxy Question
Thanks Dan. Appreciate it. I suppose the trick is in web interface to https... But what happens when I go to online bank and that uses https traffic?? 1. Should we change the web interface to some absurd port number? Only web admin of pfsense needs that. 2. It sounds like the Squid or no Squid, this solution proposed by you should work... Anil Garg +1 408-221-7725 From: Daniel Davis daniel.da...@lasseters.com.au To: support@pfsense.com support@pfsense.com Sent: Tue, October 5, 2010 3:54:39 PM Subject: RE: [pfSense Support] Proxy Question Yes, just put a DNS entry in the DNS forwarder for proxy.sucks.com pointing to your gateway IP address. You will also need to change the proxy port to port 80 (make sure that the pfsense web interface is set to HTTPS in advanced settings first). Regards, Daniel Davis From:Anil Garg [mailto:garg_art2...@yahoo.com] Sent: Wednesday, 6 October 2010 4:28 AM To: support@pfsense.com Subject: [pfSense Support] Proxy Question At my work, I have to enter:proxy.sucks.com:80 under the ToolsOptionsnetworkconnectionssettings When I get home, I have to invariably retrace my path. I have a vanilla pfsense 1.2.3 set up with no proxy or anything.. in the following way: LAN |--pfsense---DSLrouter---ISP is there a way for domain name proxy.sucks.com:80 to point to squid on pfsense? If so one can venture and install squid as a package for fun. Anil Garg +1 408-221-7725 -- This message has been scanned for viruses and dangerous content by mail.lasseters.com.au, and no infections were found.
RE: [pfSense Support] Proxy Question
Anil, This won't affect HTTPS traffic as it will still be proxied over port 80 (just remember, if Squid is listening on port 80, it is not necessarily for HTTP traffic only, it is just the port that the proxy is listening on. Squid can also proxy other types of traffic over the same port e.g. HTTPS, FTP, SOCKS) . You just need to make sure the web interface is not on port 80 so that the proxy service can bind to that port (only one service can be listening on a specific port at any one time). 1. You can do this, the only reason you would 'need' to is if you need another service to listen on port 443. Some people do this as a 'security' measure but I'm not a believer in security by obscurity. 2. This will only work with some kind of proxy running on your network at the proxy.sucks.com:80 address. If there is no proxy available (and it is set in your web browser) you will just get timeout messages for all your HTTP requests. Regards, Daniel Davis From: Anil Garg [mailto:garg_art2...@yahoo.com] Sent: Thursday, 7 October 2010 12:57 AM To: support@pfsense.com Subject: Re: [pfSense Support] Proxy Question Thanks Dan. Appreciate it. I suppose the trick is in web interface to https... But what happens when I go to online bank and that uses https traffic?? 1. Should we change the web interface to some absurd port number? Only web admin of pfsense needs that. 2. It sounds like the Squid or no Squid, this solution proposed by you should work... Anil Garg +1 408-221-7725 From: Daniel Davis daniel.da...@lasseters.com.au To: support@pfsense.com support@pfsense.com Sent: Tue, October 5, 2010 3:54:39 PM Subject: RE: [pfSense Support] Proxy Question Yes, just put a DNS entry in the DNS forwarder for proxy.sucks.comhttp://proxy.sucks.com pointing to your gateway IP address. You will also need to change the proxy port to port 80 (make sure that the pfsense web interface is set to HTTPS in advanced settings first). Regards, Daniel Davis From: Anil Garg [mailto:garg_art2...@yahoo.com] Sent: Wednesday, 6 October 2010 4:28 AM To: support@pfsense.com Subject: [pfSense Support] Proxy Question At my work, I have to enter:proxy.sucks.com:80 under the ToolsOptionsnetworkconnectionssettings When I get home, I have to invariably retrace my path. I have a vanilla pfsense 1.2.3 set up with no proxy or anything.. in the following way: LAN |--pfsense---DSLrouter---ISP is there a way for domain name proxy.sucks.com:80 to point to squid on pfsense? If so one can venture and install squid as a package for fun. Anil Garg +1 408-221-7725 -- This message has been scanned for viruses and dangerous content by MailScanner has detected a possible fraud attempt from spamalot.lasseters.com claiming to be mail.lasseters.com.auhttp://spamalot.lasseters.com/, and no infections were found. -- This message has been scanned for viruses and dangerous content by mail.lasseters.com.au, and no infections were found.
RE: [pfSense Support] Proxy Question
Yes, just put a DNS entry in the DNS forwarder for proxy.sucks.com pointing to your gateway IP address. You will also need to change the proxy port to port 80 (make sure that the pfsense web interface is set to HTTPS in advanced settings first). Regards, Daniel Davis From: Anil Garg [mailto:garg_art2...@yahoo.com] Sent: Wednesday, 6 October 2010 4:28 AM To: support@pfsense.com Subject: [pfSense Support] Proxy Question At my work, I have to enter:proxy.sucks.com:80 under the ToolsOptionsnetworkconnectionssettings When I get home, I have to invariably retrace my path. I have a vanilla pfsense 1.2.3 set up with no proxy or anything.. in the following way: LAN |--pfsense---DSLrouter---ISP is there a way for domain name proxy.sucks.com:80 to point to squid on pfsense? If so one can venture and install squid as a package for fun. Anil Garg +1 408-221-7725 -- This message has been scanned for viruses and dangerous content by mail.lasseters.com.auhttp://spamalot.lasseters.com/, and no infections were found.