Wpad and proxy on dhcp issues

abzu · 25 May 2025 23:55

Hello people.

I’m facing a riddle and I cannot finish the proxy config so I can have the url filtering working.
More precise - the WPAD. After having finished the configuration in DHCP page for distributing the .pac/ .dat I was brutally knocked out, no way to acces ipfire through wui or ssh. Twice. I had to reinstall. I don’t understand what could have went that bad. The wiki is pretty scarce in that matter anyway, there are users in community talking their encounters with wpad, but none my case. After completing the wpad config following wiki and saving and reloading I was out few moments later.
It was a step more, to divert all traffic through proxy there’s need for a rule în firewall.

This proxy story is a bit more complicated then I appreciated. And it looks like ipfire adopted it in a not to explicit fashion, learning is steep. Having already firewall neat configured, the proxy rules are a pain in the but.
What I want to attain in the end is the little (or more?) extrasecurity that suricata offers - and the insight about LAN they bring in logs.

Any help would be appreciated.

bbitsch · 26 May 2025 10:36

To answer your question, we should know some additional informations.

How is your network defined?
How did you configure WPAD?
Can you show the contents of /srv/web/ipfire/html/wpad.dat?

abzu · 26 May 2025 16:29

OK, I guess I was a bit cross-eyed for the lack of knowledge and patience. Clearly it was not the wpad that let me outside as I stated - perhaps I ticked something in one of the filter lists, hard to tell. IPF is like a Mustang after a life in a Kia.
WPAD works if I manually add the proxy (non-transparent) in the clients machines - for simplification I chose this way to have it placed in hosts. Still there’s an android in blue (not a cabled access point), that refuses to behave, it doesn’t appear in SARG page. It will, I guess, as the proxy address is correct.
I don’t have permission to see the proxy.dat. But as it is not an emergency anymore, I rather move forward.

The IPS log says I have 0 lists activated - in reality I have Talos on. DNS is in DoT. I’m reading a comment that says the log is empty cause the TLS encryption. That could not be true in my case, the log says no lists activated (but one is fo sure).
And… youtube is blocked - and I have no Ideea where to look in logs to correct the infamy. An advice would be much appreciated.

Anyway, thank you for taking time to answer.