• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[Squid] How is this possible?

Scheduled Pinned Locked Moved pfSense Packages
5 Posts 3 Posters 2.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jits
    last edited by Jun 25, 2009, 11:57 PM

    Hello.

    Can someone please explain to me how I can still have access to the internet even after I have removed all LAN firewall rules. I am, ofcourse, assuming that when I do this, the default rule is to automatically block all, even if I have installed Squid.

    So far, I have tried to reset firewall states. No joy. I still have access. I have rebooted PFSense machine, still no joy, I am posting this right now with absolutely no LAN firewall rules in place.

    Thanks for your help.

    Jits

    1 Reply Last reply Reply Quote 0
    • K
      ktims
      last edited by Jun 26, 2009, 12:06 AM

      The rules only apply to incoming traffic on the respective interface. If you have the Squid transparent proxy installed then it adds some not user visible rules to allow and transparent proxy web traffic. Then, since the squid traffic originates from the firewall (ie. it's never incoming traffic), it's allowed out.

      1 Reply Last reply Reply Quote 0
      • J
        jits
        last edited by Jun 26, 2009, 12:21 AM

        Ok, I understand, but shouldn't the firewall rules dictate what passes and what doesn't?

        By installing Squid and using the transparent proxy, PFsense has just said, "who needs rules now. I will become servant (LAN) to Squid" when in my mind, all packages installed should be looking to the PfSense Firewall rules.

        Wow. This is certainly no easy task. I take my hat off to the developers.

        Is it then possible to have Squid refer to firewall rules before allowing traffic through, regardless of transparency or not?

        thanks
        Jits

        1 Reply Last reply Reply Quote 0
        • M
          mhab12
          last edited by Jun 26, 2009, 2:01 PM

          This has been discussed before:
          http://forum.pfsense.org/index.php/topic,13018.0.html
          http://forum.pfsense.org/index.php/topic,14607.0.html
          http://forum.pfsense.org/index.php/topic,16585.0.html

          The bottom line is you'll need to create a block rule for port 80 on the LAN, this way the only way out will be through squid.  Then, configure squid as you see fit.  In 1.2.x and earlier, the packages are evaluated BEFORE the firewall rule sets, this changes in 2.x  Perhaps you would be better suited using one of the newer builds?  Best of luck.

          1 Reply Last reply Reply Quote 0
          • J
            jits
            last edited by Jun 26, 2009, 2:22 PM

            Going bald is never fun. Now where do I scratch?? There is a workaround for what I want to do, but it's more configuration and not sure if it would have been possible with another firewall, big plus for PFsense here.

            thanks for the comments and the insights.

            Appreciated…Jits.

            1 Reply Last reply Reply Quote 0
            4 out of 5
            • First post
              4/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received