How can we block specific sites? SOLVED. Thanks.

Cry Havok

Are you using Squid?  Firewall rules for the LAN interface don't apply to Squid's outgoing traffic.

I'd suggest you look to using Squid and Squidguard (and blocking port 80) or use OpenDNS.

odods77

@Cry:

Are you using Squid?  Firewall rules for the LAN interface don't apply to Squid's outgoing traffic.

I'd suggest you look to using Squid and Squidguard (and blocking port 80) or use OpenDNS.

Here is the setup i want in my network:

Fileserver
                                                  v
internet –> DNS(server 2003) --> switch --> LAN1             
                                                        -->  pfSense --------> switch --> LAN2
                                                  ^                                      ^
                                                  l                                        l
                                  active directory (server 2003)                  l
                                                                            child domain (server2003 AD for LAN2)

Where can i insert the OpenDNS/squid?  i want to secure my LAN2.  I don't want it to access to some websites.

Cry Havok

You install the Squid package on pfSense.

You would use OpenDNS as the DNS forwarder for your entire network, so at your primary DNS server.

odods77

@Cry:

You install the Squid package on pfSense.

You would use OpenDNS as the DNS forwarder for your entire network, so at your primary DNS server.

Im done installing squid in pfsense package. I don't know were to blocked a site.
Please help me…

Thanks....

Cry Havok

Now install SquidGuard (as I'd previously said).

Perry

http://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy
http://diskatel.narod.ru/sgquick.htm
http://diskatel.narod.ru/pfSense/doc/squidGuard/squidGuardQuick.htm

odods77

In Proxy Content Filter SquidGuard –> General Settings.

What Blacklist URL am i gona type? I'm confused.

Thanks...

ColdFusion

Under Destinations tab hit the + key and name Blacklist.
Under domain fields add the site you want to Blacklist…......example youporn.com...do not add the http://www.

urls list..just what it says.

Redirect field...add error code or redirect to another website.

Read the previous links as stated above to the quick guides.

odods77

im done following the instructions from those materials.  Still in won't block sites.  What am i gonna do? Please help.
Thanks…

Cry Havok

You have configured clients to use the proxy?

odods77

@Cry:

You have configured clients to use the proxy?

i didnt configure proxy in clients side.  Do we need to configure it in to proxy server, the ip address and port of the pfsense?  Am I correct?

Cry Havok

Yes.  The port if you haven't changed it is 3128.

Don't forget to create a firewall rule to block 80/TCP outbound to force people to use the proxy.

odods77

Do i need to configure the LAN interface as Bridge with WAN?

Cry Havok

What gave you that impression?  Nobody mentioned bridging in this thread.

No - don't bridge unless you know what you're doing.

odods77

@Cry:

What gave you that impression?  Nobody mentioned bridging in this thread.

No - don't bridge unless you know what you're doing.

Sorry i just saw it.  okey i'll not enable bridge.
I'll try….
thanks.

odods77

I'm done setting up client workstation proxy in internet browsers. In setting up proxy, it should be the LAN ip address of the pfsense and port is 3128?  Am i right?

Still it won't work.  :(

Did i miss some steps?

Thanks…

Cry Havok

A good starting point would be what you mean when you say "it won't work".  Are you still able to access the sites you're trying to block, are you failing to reach the Internet at all, what?  We don't have a crystal ball or mind reading abilities.

odods77

i'm sorry.  i mean, the squidguard isn't working.  It won't blocked site. :(

odods77

THANK YOU SO MUCH GUYS! :)

It's working already.

Thanks…........