Web Proxy and Web Filter with Nethserver without it being the DHCP server

onlitec · January 11, 2023, 12:43am

I need to deploy a Proxy and WebFilter in a network where the Nethserver is not the DHCP server, I can’t find a document that shows how to do this, is it possible? he needs to have two network cards for one to be LAN and the other WAN, I can do this because the server has two ports.

pike · January 11, 2023, 11:01am

Yes.
Consider to reconciliate the groups of IP that are allowed to access without restrictions and with restrictions among NethServer and DHCP server.

onlitec · January 14, 2023, 1:10pm

I want to configure the proxy server so that I can insert it into the machines that will be monitored

Like in this image where the proxy address was entered in the internet settings, In Windows LAN Local Area Network Settings

pike · January 14, 2023, 2:23pm

It is possible to configure “the proxy server” on Nethserver. However, the clients need to be configured to use it; manually or via DHCP server. To know how, you have to read documentation of your DHCP server application on how provide proxy server as configuration and how your clients should receive configuration and apply it.

Andy_Wismer · January 14, 2023, 5:41pm

For Windows there’s also the option of Group Policy using eg MS-RSAT…

Actually, the easiest for Windows clients is to use WPAD, as that is still the default setting in Windows, and NethServer provides a basic, working WPAD out of the box.

And yes, i have used WPAD on NethServer at my clients and at home.
I can confirm this works better than expected.

My 2 cents
Andy

onlitec · January 14, 2023, 9:02pm

Hello thanks for the reply , however in this client of mine I can not put the proxy in DHCP because not everyone will have their access monitored or controlled by the proxy , so I believe that the solution passed by Andy_Wismer is ideal

pike · January 14, 2023, 9:03pm

In which part of the first post you wrote that DHCP server would be a Windows DC?

Andy_Wismer · January 14, 2023, 11:21pm

@onlitec

It’s easily possible to change the standard wpad.dat file included in Nethserver, a very simple version.
WPAD has a lot of options, check out eg Google or wpad examples… (Wikipedia has good info).

My 2 cents
Andy

Example:

function FindProxyForURL(url, host) {
	if (isPlainHostName(host))
		return "DIRECT";
	else if (dnsDomainIs(host,".sunweb.ch")||dnsDomainIs(host,".cybernet.ch"))
		return "DIRECT";
	else if (!isResolvable(host))
		return "DIRECT";
	else if (isInNet(host, "192.168.0.0","255.255.0.0"))
		return "DIRECT";
	else
		return "PROXY cache-sh.cybernet.ch:8080; DIRECT";
}