NethServer deployment options

(Vhinz Sanchez) #1

Good day masters,

I would like to ask if it would be possible to deploy Nethserver in-line between firewall/router (pfsense) and the network? In this scenario, I would just be using the proxy to filter out unproductive (according to management) websites and the pfsense will still give out the IP address via DHCP.

This feature has been possible (I’m unsure on the present version) in Untangle, they called the deployment option “bridge.”

Thanks in advance,


(Vhinz Sanchez) #2

Let me see here, I think I got it again :grinning:.

From Network module, I created a new interface…
Role: Green
Type: Bridge
Select/tick network cards to be bridged (eth0 and eth1 in my case).
Click Next
Check the IP Address, Netmask, and Gateway (it should take-over 1 of the ethernet card’s config)
Click Next
Check the Summary configuration
Click on the New Interface

I’m now being able to get an IP from my LAN’s DHCP server.

Now on bridge mode, I just have another problem, the proxy (http/https) seems not to work anymore even if I configured the bridged ethernet’s gateway to itself. I may have to look at the client config as I’m now doing this in DHCP in the main network. But that’s a different story and I’m glad bridging worked.

(Giacomo Sanchietti) #3

You need another implementation for the proxy to work in bridged mode.
Is called Tproxy. We had it on and old implementation but we moved to DNAT.
You can find all commits here:

(Filippo Carletti) #4

@giacomo, do you think it could be possible for @vhinzsanchez to revert to an old version of nethserver squid and test the old tproxy implementation with the bridge?

We could think about merging the old and new to offer both options.

(Giacomo Sanchietti) #5

Probably the best way is to create some templates-custom from git commits.

Actually both implementations can’t leave together: you should remove all proxy bypasses to make tproxy work.

(Vhinz Sanchez) #6

Thanks for the info. As I test, I’m back to my earlier problem, but this time, the problem sticks whatever client configuration I am doing. However, https in IE is working with 1 caveat, IE bombards the user with a lot of certificate errors. Sadly, we are using Firefox.