Is it possible to use content filter or web proxy running clearos with a device with one nic. From what I've seen iptable redirect should work right? How would I set the ip tables? Iptable -a incoming -p 80 -8080 redirect? And make sure clearos content filter is listing on port 8080? Then how does it know to go to the device or internet?
If I'm totally wrong let me know as wel. I though it would work for one nic as it does with raspberry I, but I would rather use clearos
If I'm totally wrong let me know as wel. I though it would work for one nic as it does with raspberry I, but I would rather use clearos
Share this post:
Responses (4)
-
Accepted Answer
-
Accepted Answer
If you are setting up a standard proxy server, single NIC implementations work just fine. You can specify the proxy server in the settings of the workstation in the following ways:
Configure the workstation's proxy settings manually in a browser
Setup a group policy to promulgate the proxy settings (AD, Samba Directory)
Setup WPAD using DHCP, DNS, or both
Specify a connection script in the web browser
The advantage of filtering proxy traffic as a bona fide proxy as opposed to filtering as a transparent proxy is that you can easily filter https traffic as well based on the domain name filtering rules that come with the content filter subscription.
If you are looking to do an inline proxy and use transparent methods then you will need to get a switch that is capable of doing VLANs and then create two virtual NICs in ClearOS on the same NIC and then setup your ClearOS server on both of the NICs on the VLAN in a bridge with one NIC on a tagged port that is able to talk to the gateway only and then another nic that is untagged that talks to the rest of the network. You will need to then unlock and use the 'trustedgateway' mode of ClearOS and assign a single IP address to ClearOS (necessary for the block pages). This method is NOT recommended. I know I can do it because I've done something similar in a lab before but it is super difficult unless you are already really adept at command line, VLANs, and bridging under ClearOS. Even a USB NIC is a simpler solution than trying a single NIC transparent filter.
Here's my notes on how to do this with a two NIC configuration:
https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_clearbox_as_a_transparent_inline_bridge -
Accepted Answer
It may if 192.168.137.111 is ClearOS, but you may also need to enable ipv4 forwarding. All your other LAN devices would need to be configured with ClearOS as the proxy and not your router. Your router should also be configured to stop any port 80 traffic except from ClearOS to stop people bypassing ClearOS. Try the rule at the command line first. If it works, put it in the custom firewall module but change "iptables" to "$IPTABLES".
What are you going to do about port 443 traffic? -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »