NXPROXY sobre usuário

[Marcel0]

Pessoal tenho uma dúvida.

Estou com problemas na filtragem sobre NXPROXY dentro de um usuário sem poderes administrativos. Eu reparo que, quando estou logado no mesmo PC com ADM, o NXPROXY filtra e pega tudo, já quando estou logado com usuário comum, sem poderes administradores, isso n acontece. Instalei as extensões no chrome sendo CXFOWARD E CXBLOCK, que é que estão me salvando dentro do perfil dos usuários pois, como o proxy não está funcionando direito, as extensões estão fazendo seu papel.

Pergunto, existe algum problema para o NXPROXY funcionar dentro de um usuário sem poderes administrativos? 

LEMBRANDO que mesmo dentro do usuário sem poderes administrativos, dando um ipconfig /all o dns que mostra é o loopback ou seja, o DNS correto para quem usa o NXPROXY, porém, não filtra direito. 

OBS - Este NXFILTER que estou usando, está na nuvem e não local. 

Uso sobre uma rede pequena que se conecta via internet através de um MIKROTIK onde, amarrei IP ao MAC em cada estação.

[Marcel0]

Só para entenderem o cenário acima, que é relativamente simples nesta rede, a mesma, possui um MIKROTIK com dois GATEWAYS separado por VLANS, e tendo a RB como principal router, sem POOL de DHCP e cada host sendo amarrado via IP E MAC.

EM DNS SETTINGS o DNS padrão da RB é o opendns, sendo este usado para somente a sub rede visitantes (WIFI)

EM DHCP SERVER, segue as fotos das duas sub redes conforme mencionei acima, sendo que na rede VLAN10 é a rede que destino o NXFILTER e não a sub rede de baixo:

E aqui abaixo, estão as regras de FW que forçam para que sempre as consultas de DNS tanto TCP/UDP no DST53, sejam redirecionada para o DNS local de cada sub rede conforme a print abaixo:

Decidi contextualizar de uma vez, afim de facilitar a compreensão e detectarmos onde está o problema se é que tem pois, como mencionei acima, o problema que estou tendo, está nos usuários sem perfil administrativos pois nos ADMs, o NXPROXY está rolando de boas. 

Alguma dica ? 

[Jahastech]

NxProxy tries to authenticate users with its system logged-in username. You may have that username without privilege on 'Logging > Request' with another policy.

Do you see any traffic log from the PC when you logged-in as 'Not Admin User'?

[Marcel0]

Eu so vejo logging se eu tiver com as extensões CXFOWARD e CXBLOCK instaladas nos usuários sem poderes administrativos. Em um administrador logado no mesmo computador, o logging mostra todas as páginas sem precisar das exntesões instaladas nos navegadores. 

------

I only see logging if I have the CXFOWARD and CXBLOCK extensions installed on users without administrative powers. In an administrator logged on the same computer, logging shows all the pages without needing the extensions installed in the browsers.

[Jahastech]

When you logged-in as the ordinary user, can you see NxProxy running on your taskmgr? Does it run as a service? And you may look into its log file. It's C:\Program Files (x86)\nxproxy\log\nxproxy.log.

[Marcel0]

The task manager is blocked, but I can release it to see if the service is running. I can open services.msc as a logged in user, and verify that NXPROXY is running, is that enough for your question?

[Marcel0]

Here is my friend.

[Jahastech]

And your DNS working with that user? Try this on your CMD,

nslookup block.nxfilter.org

And show me the result.

[Marcel0]

[Jahastech]

Did you set Silent Block on 'Config > Setup'?

Look into your NxProxy log file. Post it here. It's C:\Program Files (x86)\nxproxy\log\nxproxy.log.

And while you logged-in as that user do you see any log on 'Logging > Signal'?

[Marcel0]

And while you logged-in as that user do you see any log on 'Logging> Signal'? 

No, the option Silent Block is enable.  I see the accesses on this user. 

Tomorrow I will test it on another user and post it here. 

[Marcel0]

Here is the logging file

Em segunda-feira, 4 de janeiro de 2021 às 23:51:27 UTC-3, Jahastech escreveu:

[Jahastech]

You hava a connection problem with your server.

   INFO [01-05 16:48:34] - RequestHandler.xrun, We got nothing from URL = https://datacomex.treezap.com.br/resolve?name=datacomex.treezap.com.br&type=1&token=EZ1R3NZR&uname=Datacomex&replyFlag=true, We try UDP/53.

Try to use IP instead of your domain.

[Jahastech]

I guess we need to bypass that server address domain on NxProxy side. I will get you a new one for testing tomorrow.

[Jahastech]

Try this one,

  http://pub.nxfilter.org/imsi/nxproxy-1.0.7-win.exe

[Marcel0]

Do you want to tell me to use the IP address instead of the domain inside the NXProxy on each computer, is that it?

 Do you also want to tell me to test the new version of NXPROXY on each computer?

[Jahastech]

datacomex.treezap.com.br is your server address domain. Right? Just try the new one. We made it bypassing server address domain.

[Jahastech]

Don't need to test all your pc. Just the first one and test with ordinary user account. And tell us the result.

[Marcel0]

Ok I will test on just one computer (virtualized) before putting it into production, but I just want you to confirm the following: Do you want me to put the IP address without domain (datacomex.treezao.com.br) inside NXPROXY or to change this IP address of the server to a new one?

[Marcel0]

I installed version 1.0.7 of NXPROXY as you mentioned. I updated the NXPROXY on a test station (virtualized), and changed the domain inside the NXPROXY to the IP address, and performed some navigation tests. Follow the logging below:

See now if everything is right because if it is, I will apply in production exactly the same thing. 

Thanks

Em quarta-feira, 6 de janeiro de 2021 às 07:42:00 UTC-3, Jahastech escreveu:

[Marcel0]

Here is another log with more usage time with the last changes you gave me

[Jahastech]

v1.0.7 might be working with your server domain. We bypass it if it's a domain in 'Server Address'. Try with the domain not using IP.

[Marcel0]

Ok, I'm on version 1.0.7 and my NXPROXY has the domain instead of the IP address. Here below are the logs after a while of use.

[Marcel0]

Hi . I think everything is working fine with this version 1.0.7 and with the domain instead of the IP address in Server Address. What does it look like to you in the logs?

Em quarta-feira, 6 de janeiro de 2021 às 10:43:56 UTC-3, Jahastech escreveu:

[Jahastech]

It looks OK.

[Marcel0]

Okay, so I'm going to update the version of NXPROXY to 1.0.7 on all production computers, and I'm going to leave the domain instead of the IP address configured in Server Address.

Another question, regarding to force all the requests of the DNS default of my local network, would the logic of the rules below, be correct? My question is whether the IP address that I need to force on my router, be 127.0.0.1 or the default address of my Gateway (192.168.10.1)?

Remembering that none of the users are able to change the network settings of the computers, because of GPOs Windows.

Defined rules:

     "Block DNS LAN 10.x UDP" disabled = yes dst-port = 53 \

    protocol = udp src-address = 192.168.10.0 / 24 to-addresses = 192.168.10.1 \

    to-ports = 53 add action = dst-nat chain = dstnat comment = \

    "Block DNS LAN 10.x TCP" disabled = \

    yes dst-port = 53 protocol = tcp src-address = 192.168.10.0 / 24 to-addresses = \

    192.168.10.1 to-ports = 53 add action = redirect chain = dstnat comment = \

[Jahastech]

It's 127.0.0.1.  NxProxy will try to change DNS settings to point itself.

[Jahastech]

NxProxy itself is a DNS server and it listents on 127.0.0.1/53. It also changes system DNS settings. So I don't think your rule does anything with it.