LinkBack URL
About LinkBacks???this only works for HTTPS traffic for clients which support SNI.
what would be the point then if it wouldn't work for normal web stuff????
I'm just trying to get T'internet stuff to go via county filters and lan stuff (local webservers) not
Si
???this only works for HTTPS traffic for clients which support SNI.
what would be the point then if it wouldn't work for normal web stuff????
I'm just trying to get T'internet stuff to go via county filters and lan stuff (local webservers) not
Si
Tricky one. One option is to do it for all clients - those with a proxy set won't send ANY http(s) traffic, and as such won't see a difference. Other options are have your Access Points on a separate VLAN? Anyone think of any more cunning plans?Originally Posted by SimpleSi
There is another method, which requires a bridging device between your AP/the switch your APs are attached and the internet...
Sorry, I am being unclear - perhaps due to sometimes writing posts while on the phone
It *always* works for "regular http", sometimes it just doesn't play ball with https, in the case of smoothwall, it means that clients that DONT support SNI get blocked from accessing HTTPS, but everyone gets HTTP regardless.
I'd also go with separate VLAN, and if you are thinking along the lines of user/home equipment needing a transparent proxy then this is probably the best method as you can firewall this vlan from your internal network - which is what we do.
question I have now - suppose we set the default route (in the public WIFI VLAN DHCP) to one of our smoothwalls, then presumably traffic (such as DNS requests) from the internal LAN would not be sent back to the internal LAN if smoothwall is just sitting as a proxy in the DMZ (with core switch doing the routing, and Cisco doing the firewalling). So how would I get around this, using smoothwall?
DNS requests should go to your internal dns server in any case. For other stuf, the smoothie will send an ICMP reply that says "actually, the gateway's over there, but dont tell the web browser"
CyberNerd (20th September 2011)
If anyone has cisco kit knocking about WCCP is a great way to do transparent stuff
Yes the DNS does go to the internal DNS server, but the Smoothwall is in a DMZ - 192.168.x.x and the internal address is on a different subnet, so how will the DNS requests get to the the internal DNS server if the default route is that of a smoothwall server, rather than the firewall - I'm guessing DNS caching on smoothie, or will the ICMP reply deal with that. I have a sneaky it's going to be a bit of a headache to setup and I'll be building another smoothwall to get it working ok.DNS requests should go to your internal dns server in any case. For other stuf, the smoothie will send an ICMP reply that says "actually, the gateway's over there, but dont tell the web browser"
ok, I'll have a look at that.If anyone has cisco kit knocking about WCCP is a great way to do transparent stuff
Default route is the smoothie only for the clients, and they can still happily have a route that lets them get to the DNS server (which has a route to the "real" gw). WCCP is the shiz tho, as you can let the cisco do the heavy lifting, you just need the wccp device to be on the path that the clients you need to proxy are taking to the internets, then redirect 80/433 based on src ip, and bob's your mother's brother.
Unfortunately it carries the usual cisco learning curve (more of a learning cliff)
CyberNerd (20th September 2011)
I'm sneeking out the door - too complicated for me
Si
I'm sorted in my schools as I'd forgotton that the server that Espresso is loaded on is also a proxy server
So setting its address as the proxy server in the wi-fi settings means the default browser can be used for Internet and Espresso
Si
Got my tab working with proxy using this
How to use hidden Web Proxy settings on Android 3.0 Honeycomb Tablets
SimpleSi (5th October 2011)
What tab have you got?
Si
Hannspree Hannspad (1653 Model)
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
