One Option in OPNsense under Squid Proxy would be a good addition to NethServer, easy for the devs to implement and: makes sense!
Situation:
You’re using NethServer as a Proxy, but have a seperate PI-Hole as DNS.
I let my client machines use PI-Hole, but not my Linux Servers.
And that includes NethServer.
That means, that anyone using NethServer as a Proxy effectively bypasses the PI-Hole, and get’s Ads shown… Not what is intended.
OPNsense has the Option to let just the Proxy use different DNS (Like my PI-Hole at home).
This means, even users using the Proxy get PI-Hole cleaned websites displayed…
DNS within the Nethserver Cockpit: 1.1.1.1, 8.8.8.8
DNS provided bei DHCP for all clients: 192.168.3.3 (pihole)
DNS within my other servers: statically defined 1.1.1.1, 8.8.8.8
Pihole Configuration:
That’s what I had too, before the PI-Hole I was using the NethServer as Proxy (Squid).
I noticed as soon as a PC/Mac used the Proxy, Ads were displayed, when using the PI-Hole (alone) not. If they didn’t use the Proxy, the PI-Hole worked fine.
Then I noticed that nice feature in OPNsense, and I thought would be nice if I could get NethServer to do that, too…
At the moment it’s working using OPNsense + PI-Hole, where OPNsense is the Proxy, but also main DNS and DHCP.
This site is good for a quick testing of PI-Hole & Proxy: https://weather.com/ (On top is a banner Ad, not shown when PI-Hole is used…)
I’d like to be able to use this for some friends who only use Nethserver, without OPNsense. The PI-Hole are in almost all cases running as LXC in Proxmox, only one friend actually uses a Raspberry PI as PI-Hole…
@capote
I thought transparent proxy doesn’t work with SSL?
And… doesn’t transparent proxy require being running on the firewall?
This is not possible in most use cases for me.
At least that’s what reading this implies: https://docs.nethserver.org/en/v7/web_proxy.html
As GUI perspective
if DNS Blacklisting is installed there should be a combobox (DNS Blacklisting, custom DNS)
if DNS Blacklisting is not installed, the same combobox with the DNS Blacklisting not choosable.