oh sorry, I think that I found answer to my question

acl HOST1 src 192.168.0.114/32
acl HOST2 src 192.168.0.115/32

tcp_outgoing_address 192.168.2.91 HOST1
tcp_outgoing_address 192.168.2.91 HOST2

:)

BUT is it possible to specific this just for one port ?
Thanks

Well, I'll try setting it up that way (the vlan) tonight and see if it works.

Use squidGuard in conjunction with a blacklist like Shallalist and you will catch a lot of the common sites.  For other sites, create your own Target Category and then load it with whatever domains, URLs and regex you want.

Ok Got that.

What if I want to allow a group of users to only certain websites?  Example…. Allow them access to google.com, yahoo.com and msn.com, but block all other websites.

Thanks,
Rick

Hi guys,

I cannot believe nobody can help me here or at least tell me that I have an error in my plan. Do I need the second NIC (so, is there a requierement for NAT)?

Regards
Johannes

Destination: WAN

What kind of dest is that?  It would be dest ANY? My bad on wording that wrong, why would dest be WAN is what I meant to say.

@KOM:

Why on Earth would you wait 2 months and then reply back in Spanish????

!!! :D

Is there a way to temporarily disable squidGuard?

Uncheck the Enable box?

HAVP update to 0.91_3 pkg v1.05_1 doesn't solve this problem, manual changes to havp.inc file must be done.

@omrom:

Hi,

I think there's just a misanderstanding on my words.  :D

As told in my PM, we can also discuss this in French if it helps (PM) and then revert back here once solved to provide feedback to community.

THANK YOU doktornotor.

I REMOVE IT BUT ITS NOT WORKING.

IM SEND  WITH ATTACHMENT USING GMAIL.ITS RECEIVED TO OUTLOOK AND TRY TO FORWARD TO SAME EMAIL ADDRESS.SAME ERROR.

:-[ :-[ :-[ :-[

Hi KOM,  :)

Many thanks to your reply and ill take note of that.

Cheers,
GiL

Restarting the process with squid -k reconfigure may do it by I have never tried.

There is no max users.  It's based on the available resources and load.

The CPU use scales with the network load.  The pfSense appliances come with Gigabit interfaces, so you are limited to that unless you're doing some virtual config with VMX3 NICs.  Supermule has a high bandwidth connection and may be able to give more information.

Dont go there.

They have 3G/4G on the phone and doesnt have to use your wifi.

Thereby having no control of the students. It doesnt have any effect.

Instead of shutting everything down, open it up and log the traffic. Much better using captive portal.

@hupernika0:

For the school, I want to blacklist everything and have a short whitelist so that students can't go surfing anywhere that hasn't been pre-approved.

For the guest wifi, the Pastor wants to just try out a guest wifi and see how it will work out, but he is justifiably afraid of it coming back and and biting him. So he'd like to start with the short whitelist.

Snort can block torrents, and perhaps pfBlockerNG from the great BB might be of use to you too.

@KOM:

I think the client blockers like ABP are better.  AV on the firewall makes it slow, and that's an area I would leave to the pros like Kaspersky or Eset.

I also think ABP is better because some sites don't work if you block the ad's and it's easier to temporarily disable ABP in your browser.
The reason for me to use ClamAV was that i want to protect devices where you can't install AV-Software or where i think AV-Software is to much - TVs, consoles, Android…
Everything today is connected to the web...

@darrenkdean:

What is your maximum object size?

My settings with 2GB RAM assigned to pfSense are:
Maximum object size: 4
Memory cache size: 512
Maximum object size in RAM: 128
Memory replacement policy: Heap GDSF

But i think it does not affect ClamAV?
I'm not interested in disk caching but use the RAM cache.
Still not sure if i can increase "Memory cache size" or "Maximum object size in RAM" cause i have problems interpreting this RRD Graph stuff (attachment).

I don't have the overall slowdowns anymore. Only sometimes if i download maybe a rar file.
I cues thats affected by "maxsize" in squidclamav.conf. If the file is bigger than it is not scanned…
The question is what is a good size here? Big files are scanned by the clients so from what small files comes risk that can affect TVs, consoles, Android, phones - if there any?

And the question still is i there is risk from files like pictures, videos, icons?

Does somebody use some of this settings:

# Do not scan images #abort ^.*\.(ico|gif|png|jpg)$ #abortcontent ^image\/.*$ # Do not scan text files #abort ^.*\.(css|xml|xsl|js|html|jsp)$ #abortcontent ^text\/.*$ #abortcontent ^application\/x-javascript$ # Do not scan streamed videos #abortcontent ^video\/x-flv$ #abortcontent ^video\/mp4$ # Do not scan flash files #abort ^.*\.swf$ #abortcontent ^application\/x-shockwave-flash$ # Do not scan sequence of framed Microsoft Media Server (MMS) data packets #abortcontent ^.*application\/x-mms-framed.*$ # White list some sites #whitelist .*\.clamav.net

I also realized i had a problem with the configuration page of one of my wlan access point until i put him to the whitelist.
Is local stuff from my ip range scanned/proxyd?

status_rrd_graph_img.png
status_rrd_graph_img.png_thumb