Why isn't there an option for enabling TRANSPARENT proxy?

Discussion room for Proxy Server package
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
muok
I'm New!
I'm New!
Posts: 6
Joined: Wed Feb 19, 2014 9:35 am

Why isn't there an option for enabling TRANSPARENT proxy?

Postby muok » Fri Apr 17, 2015 7:59 am

Can you please enable the 'transparent' proxy option? It will make all our lives easier.

Thanks! :)
hazurr
I'm New!
I'm New!
Posts: 7
Joined: Mon Dec 31, 2012 11:31 pm

Re: Why isn't there an option for enabling TRANSPARENT proxy

Postby hazurr » Sun May 03, 2015 8:57 am

Transparent proxies need the server to be DHCP, you'll need to enable DHCP (Config->network->interface->edit) and make sure all devices you plan on making use of the proxy are slaved to it, be sure to disable the router's DHCP as well as two DHCP server can cause a mess.
Meruem
Apprentice
Apprentice
Posts: 96
Joined: Sun Jun 01, 2014 9:04 pm

Re: Why isn't there an option for enabling TRANSPARENT proxy

Postby Meruem » Thu May 14, 2015 11:42 pm

hazurr wrote:Transparent proxies need the server to be DHCP, you'll need to enable DHCP (Config->network->interface->edit) and make sure all devices you plan on making use of the proxy are slaved to it, be sure to disable the router's DHCP as well as two DHCP server can cause a mess.


That doesn't sound right
ismithers
Experienced
Experienced
Posts: 114
Joined: Mon Jun 03, 2013 9:56 am

Re: Why isn't there an option for enabling TRANSPARENT proxy

Postby ismithers » Mon Jul 06, 2015 2:59 am

There are different kinds of transparent proxies - really transparent just means that the end-users don't need knowledge of the proxy in order to use it, it will be used automatically behind the scenes.

The above user is correct in that if you wish to use the Proxy Server on your Synology (which is a customised version of Squid) then you need your NAS to be the authority in regards to distributing the network information because during that phase it will also provide clients with the proxy information (which is what the wpad.dat file contains).

Another type of transparent proxy setup would be using the Synology NAS as a device to just handle serving proxy traffic, and then setting up rules on your router to redirect the traffic to the Synology NAS, on the correct address and port. This is what I have set up recently for my home network, as I don't want the NAS responsible for DHCP/DNS.
htc2010
Rookie
Rookie
Posts: 30
Joined: Wed Jun 11, 2014 6:08 pm

Re: Why isn't there an option for enabling TRANSPARENT proxy

Postby htc2010 » Tue Jan 05, 2016 7:02 am

To add ...

This modified version of Squid that makes up the Synology Proxy Package appears to NOT support transparent mode when traffic is filtered directly at the router level to forward HTTP to the DS. What happens is that when the client believes it is not behind a proxy, it drops a portion of the HTTP header as described by this post from DD-WRT's forums:

I've got the proxy forwarding up and running on my router, but all of my HTTP requests gets rejected, and I've found that its due to the fact that my computer sends the request as "GET / HTTP/1.1" when it doesn't think its behind a proxy, and the squid proxy requires the full URL in the request header. Is there any way to get DD-WRT to convert the header, or what else can i do? I don't have access to configure the proxy server...


I can confirm this behavior. I used a squid proxy firewall script directly into my DD-WRT router to see if it would properly and transparently forward but all HTTP requests failed. And since HTTPS is not handled by proxy, those sites worked just fine. The best you can do in this scenario is to setup the DS as the DHCP server and dish out the DHCP options for the proxy or set the proxy options at the router level. But even in that case, you cannot force individual clients to use the proxy. Assuming default settings, a Windows PC will auto-detect a proxy and use WPAD without issue. But then a user could just turn off all proxy detection and you're back to just unfiltered traffic. Some users report that if you were using a full install of Squid, there is a transparent option. However, Synology's efforts to simplify the Linux/UNIX world for us has disabled this from their package.

But on the flip side, the nice thing is that at a minimum, most mobile devices on your network will be properly filtered. Static IP clients or DHCP clients who disable auto-proxy detection will of course, not be.

Return to “Proxy Server”

Who is online

Users browsing this forum: No registered users and 1 guest