I am trying to use a proxy in OPNsense to capture traffic from the WAN to the internal DMZ in order to analyze Layer 7 (HTTP) logs. The logs provided by default only show Layer 4 logs, so I decided to use a proxy to route incoming traffic from the external network to the DMZ within the firewall, and then check the logs of that proxy to see the HTTP logs. However, while I can route outgoing traffic through the proxy from the internal network, I am unable to capture incoming traffic from the external network to the internal DMZ. I believe this might be due to a misconfiguration in the proxy interface settings. enter image description here enter image description here Out of these two images, one signifies that I am sending proxy logs to syslog, which is then forwarded to a PC on my internal network. The second image represents the proxy settings. If there are any mistakes in these settings, please point them out.
Lastly, the above image is the proxy configuration, where there is no WAN present, only LAN, DMZ, and loopback. I've read in other posts that I need to input a fixed IP, but I'm unsure how to do that. Thank you sincerely for reading this lengthy post. I would greatly appreciate any advice or suggestions you could provide to help me out. Additionally DMZ and LAN are using DHCP
I even tried turning off both DHCP servers just in case there might be an issue with DHCP, but it doesn't seem to resolve the problem. When I bind the LAN interface, logging works. Therefore, the proxy itself seems to be functioning. The final desired result is to receive layer 7 logs of all traffic approaching the DMZ.
