How can we block specific sites? SOLVED. Thanks.

odods77

I just installed my pfSense in my pc.  I need guidance on how to block some specific sites like examples, youporn.com, and etc.  Is it possible to block a particular website? or do we need the IP address of the website to block it?

Please help me.

Newbie here….

Thanks......

GruensFroeschli

If you want to block it via firewall you need the IP(s) of the destination.
Otherwise the packages squid and squidguard might interrest you.
See the packages subforum for this.

odods77

@GruensFroeschli:

If you want to block it via firewall you need the IP(s) of the destination.
Otherwise the packaged squid and squidguard might interrest you.
See the packages subforum for this.

i already have the ip add of the website i want to blocked.  But then, if i typed the domain name of the website, it will open, its not blocked.
How can i do it? i dont know what to do next. Help me..

GruensFroeschli

Are you sure this hostname doesnt have multiple IPs?
You can try to enable logging on the allow rules on your LAN interface and see which rule is triggered on an access to this domain.

Or another solution: If your clients all use the pfSense as DNS forwarder: override the resolved IP to something you define.
The following link is not about blocking something, but resolving certain names to something you specify.
(ignore the NAT reflection part).
http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

Cry Havok

Are you using Squid?  Firewall rules for the LAN interface don't apply to Squid's outgoing traffic.

I'd suggest you look to using Squid and Squidguard (and blocking port 80) or use OpenDNS.

odods77

@Cry:

Are you using Squid?  Firewall rules for the LAN interface don't apply to Squid's outgoing traffic.

I'd suggest you look to using Squid and Squidguard (and blocking port 80) or use OpenDNS.

Here is the setup i want in my network:

Fileserver
                                                  v
internet –> DNS(server 2003) --> switch --> LAN1             
                                                        -->  pfSense --------> switch --> LAN2
                                                  ^                                      ^
                                                  l                                        l
                                  active directory (server 2003)                  l
                                                                            child domain (server2003 AD for LAN2)

Where can i insert the OpenDNS/squid?  i want to secure my LAN2.  I don't want it to access to some websites.

Cry Havok

You install the Squid package on pfSense.

You would use OpenDNS as the DNS forwarder for your entire network, so at your primary DNS server.

odods77

@Cry:

You install the Squid package on pfSense.

You would use OpenDNS as the DNS forwarder for your entire network, so at your primary DNS server.

Im done installing squid in pfsense package. I don't know were to blocked a site.
Please help me…

Thanks....

Cry Havok

Now install SquidGuard (as I'd previously said).

Perry

http://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy
http://diskatel.narod.ru/sgquick.htm
http://diskatel.narod.ru/pfSense/doc/squidGuard/squidGuardQuick.htm

odods77

In Proxy Content Filter SquidGuard –> General Settings.

What Blacklist URL am i gona type? I'm confused.

Thanks...

ColdFusion

Under Destinations tab hit the + key and name Blacklist.
Under domain fields add the site you want to Blacklist…......example youporn.com...do not add the http://www.

urls list..just what it says.

Redirect field...add error code or redirect to another website.

Read the previous links as stated above to the quick guides.

odods77

im done following the instructions from those materials.  Still in won't block sites.  What am i gonna do? Please help.
Thanks…

Cry Havok

You have configured clients to use the proxy?

odods77

@Cry:

You have configured clients to use the proxy?

i didnt configure proxy in clients side.  Do we need to configure it in to proxy server, the ip address and port of the pfsense?  Am I correct?

Cry Havok

Yes.  The port if you haven't changed it is 3128.

Don't forget to create a firewall rule to block 80/TCP outbound to force people to use the proxy.

odods77

Do i need to configure the LAN interface as Bridge with WAN?

Cry Havok

What gave you that impression?  Nobody mentioned bridging in this thread.

No - don't bridge unless you know what you're doing.

odods77

@Cry:

What gave you that impression?  Nobody mentioned bridging in this thread.

No - don't bridge unless you know what you're doing.

Sorry i just saw it.  okey i'll not enable bridge.
I'll try….
thanks.

odods77

I'm done setting up client workstation proxy in internet browsers. In setting up proxy, it should be the LAN ip address of the pfsense and port is 3128?  Am i right?

Still it won't work.  :(

Did i miss some steps?

Thanks…