Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Squid] How is this possible?

    pfSense Packages
    3
    5
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jits
      last edited by

      Hello.

      Can someone please explain to me how I can still have access to the internet even after I have removed all LAN firewall rules. I am, ofcourse, assuming that when I do this, the default rule is to automatically block all, even if I have installed Squid.

      So far, I have tried to reset firewall states. No joy. I still have access. I have rebooted PFSense machine, still no joy, I am posting this right now with absolutely no LAN firewall rules in place.

      Thanks for your help.

      Jits

      1 Reply Last reply Reply Quote 0
      • K
        ktims
        last edited by

        The rules only apply to incoming traffic on the respective interface. If you have the Squid transparent proxy installed then it adds some not user visible rules to allow and transparent proxy web traffic. Then, since the squid traffic originates from the firewall (ie. it's never incoming traffic), it's allowed out.

        1 Reply Last reply Reply Quote 0
        • J
          jits
          last edited by

          Ok, I understand, but shouldn't the firewall rules dictate what passes and what doesn't?

          By installing Squid and using the transparent proxy, PFsense has just said, "who needs rules now. I will become servant (LAN) to Squid" when in my mind, all packages installed should be looking to the PfSense Firewall rules.

          Wow. This is certainly no easy task. I take my hat off to the developers.

          Is it then possible to have Squid refer to firewall rules before allowing traffic through, regardless of transparency or not?

          thanks
          Jits

          1 Reply Last reply Reply Quote 0
          • M
            mhab12
            last edited by

            This has been discussed before:
            http://forum.pfsense.org/index.php/topic,13018.0.html
            http://forum.pfsense.org/index.php/topic,14607.0.html
            http://forum.pfsense.org/index.php/topic,16585.0.html

            The bottom line is you'll need to create a block rule for port 80 on the LAN, this way the only way out will be through squid.  Then, configure squid as you see fit.  In 1.2.x and earlier, the packages are evaluated BEFORE the firewall rule sets, this changes in 2.x  Perhaps you would be better suited using one of the newer builds?  Best of luck.

            1 Reply Last reply Reply Quote 0
            • J
              jits
              last edited by

              Going bald is never fun. Now where do I scratch?? There is a workaround for what I want to do, but it's more configuration and not sure if it would have been possible with another firewall, big plus for PFsense here.

              thanks for the comments and the insights.

              Appreciated…Jits.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.