I need your advice. I now have the following situation.
- proxy server (non transparent)
- block http and https traffice directly to the red interface. This means that no internetbrowsing is allowed without the proxy configured. (this works now)
However now apps on my phone are not working either (even if i set the proxy server on my iphone)
What woould be the best way to allow for example app store on my iphone to connect to the internet? i could allow the ipadresses subnets from apple but if i need to do this for every app i have a lot of work.
How did you all handled this?
I posted my fw rules here as an example how it works if you set up the clients correctly to use the proxy server: Why URL filter is not able to block mobile network?
If that doesn’t work for you, there is something wrong on the clients.
Also check the fw log for your client ip to find out what port it’s trying to use/connect to the internet and check it with the default port that’s used by the application.
Is there a clean way to monitor what ports a application is connecting to?
What logs do we need to check?
Only by watching the client. With Windows you can easely use the built in ressource monitor.
IPFire firewall log.