Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Proxy allows everything..?

    Scheduled Pinned Locked Moved pfSense Packages
    14 Posts 7 Posters 5.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Supermule Banned
      last edited by

      Could the FTP rules be ahead of the Proxy ones??

      1 Reply Last reply Reply Quote 0
      • T
        thunder8911
        last edited by

        They shouldnt be, because the Traffic basically (should atleast) goes to the proxy
        and then the proxy either blocks it or passes it to the firewall..

        1 Reply Last reply Reply Quote 0
        • S
          Supermule Banned
          last edited by

          I know…:)

          1 Reply Last reply Reply Quote 0
          • Cry HavokC
            Cry Havok
            last edited by

            I'm confused - you say that you're allowing FTP in your firewall rules, so why wouldn't you expect an FTP connection to work, bypassing the proxy?

            Remember too that in pfSense the firewall rules apply to traffic inbound on that interface.  Any traffic that uses the proxy server can only be limited by the proxy server itself, since the client is only communicating with the proxy.

            1 Reply Last reply Reply Quote 0
            • M
              mhab12
              last edited by

              Isn't the Squid package in pfSense configured to only proxy http traffic?

              1 Reply Last reply Reply Quote 0
              • Y
                yellowhat89
                last edited by

                @mhab12:

                Isn't the Squid package in pfSense configured to only proxy http traffic?

                No, squid allow ftp proxy too…

                Stay hungry, Stay Foolish

                1 Reply Last reply Reply Quote 0
                • T
                  tommyboy180
                  last edited by

                  Unless you have redirected port 21 to the squid service, FTP isn't being passed through squid.  It is instead using the FTP proxy that is written into pfsense.

                  -Tom Schaefer
                  SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                  Please support pfBlocker | File Browser | Strikeback

                  1 Reply Last reply Reply Quote 0
                  • Cry HavokC
                    Cry Havok
                    last edited by

                    It wouldn't matter if Squid only proxied HTTP traffic.  Because you allow outbound FTP any FTP client can connect to an FTP server on the Internet.  If you don't want that then you have to block the traffic (or better yet, block all traffic and only allow what you need).

                    1 Reply Last reply Reply Quote 0
                    • T
                      thunder8911
                      last edited by

                      Actually the firewall should block everything except the traffic that get's passed to it by the proxy
                      So if people (For instance, again) want to use ICQ, Teamviewer or something like that, they'd have
                      to use the Proxy. So do i have to reject everything except the things i want to work? (would be http
                      for proxy, ping to other interfaces, etc)

                      Regards,
                      Stefan

                      1 Reply Last reply Reply Quote 0
                      • Cry HavokC
                        Cry Havok
                        last edited by

                        There is, unless you've disabled it, a default rule on the LAN interface to allow all traffic.  The only sane way to configure a firewall is to block by default and then allow the ports and protocols you require (as I've already said).

                        1 Reply Last reply Reply Quote 0
                        • T
                          thunder8911
                          last edited by

                          Okay, I think I got it working by setting up the LAN Rules now.
                          Thanks everyone who helped me :)

                          Regards,
                          Stefan

                          1 Reply Last reply Reply Quote 0
                          • N
                            Nickos
                            last edited by

                            stephan sorry- dono if im allowed to do this but i have he opposite prob.

                            i cant close the ftp port no matter what i do?????
                            ive checked the ftp boxes, unchecked them etc etc etc

                            any help greatly appreciated! pleaseoverlook my stupidity

                            1 Reply Last reply Reply Quote 0
                            • Cry HavokC
                              Cry Havok
                              last edited by

                              Usually better to start a fresh thread, particularly if you know that your problem is different.

                              Are you running Squid?  Is your FTP client using Squid?

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.