OPNsense Squid ClamAV: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→C-ICAP) |
|||
| (7 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 25: | Zeile 25: | ||
|} | |} | ||
| + | ==Update== | ||
| + | *System | ||
| + | **Firmware | ||
| + | ***Status | ||
| + | ***Check for updates | ||
==Plugins== | ==Plugins== | ||
*System | *System | ||
| Zeile 35: | Zeile 40: | ||
= Firewall = | = Firewall = | ||
| − | * | + | ;Destination NAT |
| − | * | + | *Firewall |
| − | + | **NAT | |
| − | + | ***Destination NAT | |
| − | + | {| class="wikitable" | |
| − | + | ! Interface !! Version !! Protocol !! Source !! Source Port !! Destination !! Destination Port !! Redirect Target IP !! Redirect Target Port !! Description | |
| + | |- | ||
| + | | INSIDE || IPv4 || TCP || * || * || * || https || 127.0.0.1 || 3129 || transparenter HTTPS | ||
| + | |- | ||
| + | | INSIDE || IPv4 || TCP || * || * || * || http || 127.0.0.1 || 3128 || transparenter HTTP | ||
| + | |} | ||
| + | ;Rules | ||
| + | *Firewall | ||
| + | **Rules | ||
| + | ***LAN | ||
| + | {| class="wikitable" | ||
| + | ! Action !! Protocol !! Source !! Source Port !! Destination !! Destination Port !! Gateway !! Schedule !! Description | ||
| + | |- | ||
| + | | IPv4 TCP || * || * || * || 127.0.0.1 || 3128 || * || * || transparenter HTTP | ||
| + | |- | ||
| + | | IPv4 TCP || * || * || * || 127.0.0.1 || 3129 || * || * || transparenter HTTPS | ||
| + | |} | ||
= Squid = | = Squid = | ||
| − | + | ;Aktivieren | |
| − | + | *Services | |
| − | + | **Squid Web Proxy | |
| − | + | ***Administration | |
| − | + | {| class="wikitable" | |
| − | [ | + | ! Bereich !! Einstellung !! Wert |
| + | |- | ||
| + | | General Proxy Settings || Enable proxy || aktiviert | ||
| + | |- | ||
| + | | General Proxy Settings || User error pages || Squid | ||
| + | |} | ||
| + | ;Grundeinstellung | ||
| + | *Services | ||
| + | **Squid Web Proxy | ||
| + | ***Administration | ||
| + | ****Forward Proxy | ||
| + | *****General Forward Settings | ||
| + | {| class="wikitable" | ||
| + | ! Bereich !! Einstellung !! Wert | ||
| + | |- | ||
| + | | General Proxy Settings || Proxy interfaces || INSIDE | ||
| + | |- | ||
| + | | General Proxy Settings || Proxy port || 3128 | ||
| + | |- | ||
| + | | General Proxy Settings || Enable Transparent HTTP proxy || aktiviert | ||
| + | |- | ||
| + | | General Proxy Settings || Enable SSL inspection || aktiviert | ||
| + | |- | ||
| + | | General Proxy Settings || Log SNI information only || deaktiviert | ||
| + | |- | ||
| + | | General Proxy Settings || SSL Proxy port || 3129 | ||
| + | |- | ||
| + | | General Proxy Settings || CA to use || SQUID-CA | ||
| + | |- | ||
| + | | General Proxy Settings || SSL no bump sites || - | ||
| + | |} | ||
| + | ;ICAP | ||
| + | *Services | ||
| + | **Squid Web Proxy | ||
| + | ***Administration | ||
| + | ****Forward Proxy | ||
| + | *****General Forward Settings | ||
| + | ******ICAP | ||
| + | Services: Squid Web Proxy: Administration | ||
| + | {| class="wikitable" | ||
| + | ! Bereich !! Einstellung !! Wert | ||
| + | |- | ||
| + | | General Proxy Settings || Enable ICAP || aktiviert | ||
| + | |- | ||
| + | | General Proxy Settings || Request Modify URL || icap://[:1]:1344/avscan | ||
| + | |- | ||
| + | | General Proxy Settings || Response Modify URL || icap://[:1]:1344/avscan | ||
| + | |- | ||
| + | | General Proxy Settings || Exclusion List || - | ||
| + | |} | ||
= C-ICAP = | = C-ICAP = | ||
| + | *Services | ||
| + | **C-ICAP | ||
| + | ***Configuration | ||
| + | ****General | ||
[[Datei:opnsense-squid-clam-06.png|1500px]] | [[Datei:opnsense-squid-clam-06.png|1500px]] | ||
Aktuelle Version vom 20. Februar 2026, 06:58 Uhr
Vorraussetzungen
Selbstsigniertes CA Zertifikat
- System
- Trust
- Authorities
- +
- Authorities
- Trust
| Bereich | Einstellung | Wert |
|---|---|---|
| Method | Create an internal Certificate Authority | – |
| Description | SQUID-CA | – |
| Key | Key type | RSA-2048 |
| Key | Digest Algorithm | SHA256 |
| Key | Issuer | self-signed |
| Key | Lifetime (days) | 825 |
| General | Country Code | Germany |
| General | Common Name | squid-ca |
Update
- System
- Firmware
- Status
- Check for updates
- Firmware
Plugins
- System
- Firmware
- Plugins
- Firmware
- Installieren
- os-squid
- os-c-icap
- os-clamav
Firewall
- Destination NAT
- Firewall
- NAT
- Destination NAT
- NAT
| Interface | Version | Protocol | Source | Source Port | Destination | Destination Port | Redirect Target IP | Redirect Target Port | Description |
|---|---|---|---|---|---|---|---|---|---|
| INSIDE | IPv4 | TCP | * | * | * | https | 127.0.0.1 | 3129 | transparenter HTTPS |
| INSIDE | IPv4 | TCP | * | * | * | http | 127.0.0.1 | 3128 | transparenter HTTP |
- Rules
- Firewall
- Rules
- LAN
- Rules
| Action | Protocol | Source | Source Port | Destination | Destination Port | Gateway | Schedule | Description |
|---|---|---|---|---|---|---|---|---|
| IPv4 TCP | * | * | * | 127.0.0.1 | 3128 | * | * | transparenter HTTP |
| IPv4 TCP | * | * | * | 127.0.0.1 | 3129 | * | * | transparenter HTTPS |
Squid
- Aktivieren
- Services
- Squid Web Proxy
- Administration
- Squid Web Proxy
| Bereich | Einstellung | Wert |
|---|---|---|
| General Proxy Settings | Enable proxy | aktiviert |
| General Proxy Settings | User error pages | Squid |
- Grundeinstellung
- Services
- Squid Web Proxy
- Administration
- Forward Proxy
- General Forward Settings
- Forward Proxy
- Administration
- Squid Web Proxy
| Bereich | Einstellung | Wert |
|---|---|---|
| General Proxy Settings | Proxy interfaces | INSIDE |
| General Proxy Settings | Proxy port | 3128 |
| General Proxy Settings | Enable Transparent HTTP proxy | aktiviert |
| General Proxy Settings | Enable SSL inspection | aktiviert |
| General Proxy Settings | Log SNI information only | deaktiviert |
| General Proxy Settings | SSL Proxy port | 3129 |
| General Proxy Settings | CA to use | SQUID-CA |
| General Proxy Settings | SSL no bump sites | - |
- ICAP
- Services
- Squid Web Proxy
- Administration
- Forward Proxy
- General Forward Settings
- ICAP
- General Forward Settings
- Forward Proxy
- Administration
- Squid Web Proxy
Services: Squid Web Proxy: Administration
| Bereich | Einstellung | Wert |
|---|---|---|
| General Proxy Settings | Enable ICAP | aktiviert |
| General Proxy Settings | Request Modify URL | icap://[:1]:1344/avscan |
| General Proxy Settings | Response Modify URL | icap://[:1]:1344/avscan |
| General Proxy Settings | Exclusion List | - |
C-ICAP
- Services
- C-ICAP
- Configuration
- General
- Configuration
- C-ICAP
ClamAV
- Im Moment funktioniert das Updaten der Datenbank nicht über die Weboberfläche
- auf der Kommandozeile muss der folgende Befehl manuell ausgeführt werden
- freshclam
- Danach sollten unter Services => ClamAV => Configuration => Versions die aktuellen Signaturen angezeigt werden
Test ob die Ports laufen
- sockstat -P tcp | egrep "squid|clamav|icap"
c_icap c-icap 79193 3 tcp6 *:1344 *:* c_icap c-icap 78528 3 tcp6 *:1344 *:* c_icap c-icap 78447 3 tcp6 *:1344 *:* c_icap c-icap 78447 9 tcp6 ::1:1344 ::1:6597 c_icap c-icap 78447 10 tcp6 ::1:1344 ::1:41124 c_icap c-icap 78152 3 tcp6 *:1344 *:* squid squid 31274 15 tcp6 ::1:6597 ::1:1344 squid squid 31274 19 tcp6 ::1:41124 ::1:1344 squid squid 31274 22 tcp4 127.0.0.1:3128 *:* squid squid 31274 23 tcp6 ::1:3128 *:* squid squid 31274 24 tcp4 127.0.0.1:3129 *:* squid squid 31274 25 tcp6 ::1:3129 *:* squid squid 31274 26 tcp4 172.17.213.1:3128 *:* clamav clamd 2247 4 tcp4 127.0.0.1:3310 *:*
Testen
Der Download aus dem LAN sollte für die Testviren auf eicar.org blockiert werden.