Block All Ports and Only Allow HTTP(S)
-
I want to block all ports and only allow port 80/443/53. I will open ports occasionally from my users when they have issues with yahoo instant messenger, aim, skype etc… I am in Afghanistan and I want to speed up browsing speeds, but not allow torrents, etc. I currently have squid configured and we seem to be using it in transparent mode. Can anyone help me out with this?
Thanks
-
Under Firewall => Rules => LAN, you should see a single rule called "Default LAN => any". Add 2 rules allowing outbound access to tcp/80 and tcp/443. Then delete the default rule. You shouldn't need a rule for DNS if your lan hosts are pointing at the pfsense itself, I don't believe, although if that turns out to be mistaken, you can then add tcp/53 and udp/53.
-
Okay, I made the change on the lan side. I tested a skype call and it still allowed it to go through. What kind I use to verify that all of the traffic is being routed through HTTP?
-
Skype falls back to using port 80 outbound if you block other ports.
-
Yes, after viewing the advanced options in skype I just realized this. I would like to view my squid cache logs. How do I view my logs to ensure that traffic is going through squid as well. I am able to view my squid lightreport though.