Hey, I am new to vyos v1.4 and I managed to set up permanent http/https proxy for certain subnets. I tried with firewall and policy route, but none of them works. Please help me.
Thanks.
for example,
192.168.42.0/24 --outbound http/https–> 192.168.254.10:1080,
other protocols remain unchanged
Hello,
Setting up an HTTP/HTTPS proxy for specific subnets in VyOS can be a bit tricky, but I can guide you through the process. Here’s a general approach you can take, using the Squid proxy service that comes with VyOS:
Define the ACL for your subnet: You’ll need to create an access control list (ACL) for the subnet that should use the proxy.
set service webproxy access-list name subnet-acl rule 10 source address ‘192.168.42.0/24’
Configure the proxy service: Set up the Squid proxy service to listen on the desired address and port.
set service webproxy listen-address ‘192.168.254.10’ port ‘1080’
Enable transparent proxy (optional): If you want the proxy to be transparent, you can enable this feature so that clients don’t need to configure their browsers to use the proxy.
set service webproxy transparent-proxy
Apply the ACL to the proxy service: Apply the previously defined ACL to the proxy service to ensure only the specified subnet is allowed to use the proxy.
set service webproxy access-list name subnet-acl rule 10 action ‘allow’
Configure NAT rules: Set up NAT rules to redirect HTTP and HTTPS traffic from the specified subnet to the proxy server.
set nat destination rule 100 destination port ‘80’
set nat destination rule 100 inbound-interface ‘ethX’ # replace with your interface
set nat destination rule 100 protocol ‘tcp’ Milestone Card
set nat destination rule 100 translation address ‘192.168.254.10’
set nat destination rule 100 translation port ‘1080’
set nat destination rule 101 destination port ‘443’
set nat destination rule 101 inbound-interface ‘ethX’ # replace with your interface
set nat destination rule 101 protocol ‘tcp’
set nat destination rule 101 translation address ‘192.168.254.10’
set nat destination rule 101 translation port ‘1080’
Commit and save the configuration: After configuring the proxy and NAT rules, commit the changes and save the configuration.
commit
save
Please replace ‘ethX’ with the actual interface name that your subnet uses to connect to the network. Also, ensure that the proxy server at ‘192.168.254.10:1080’ is configured to handle the traffic.
I hope the solution works for you.