• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

I think I'm in the right direction, but not sure.

Scheduled Pinned Locked Moved General pfSense Questions
12 Posts 5 Posters 4.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M Offline
    Mad Professor
    last edited by Aug 20, 2010, 8:21 AM

    Sorry, I must be tired, I'm not following you. Clear it up for me?

    1 Reply Last reply Reply Quote 0
    • T Offline
      tommyboy180
      last edited by Aug 20, 2010, 8:36 AM Aug 20, 2010, 8:33 AM

      XIII is saying if you open port 80 then the SPAM bots might hijack that port as well.
      You have two options as I see it:
      a. Open port 80 and port 443 and chance a bot using port 80 or 443
      b. Run a web proxy like squid on a random port like 555.

      b seems like the best option you have to keep things safe and quarantined.

      Edit:
      Now that I think of it since you have squid running… Don't run squid in transparent mode. Also why don't you clean the systems before putting them on a network? If I were doing the work I would clean each system before putting them on a network to get updates and such.

      -Tom Schaefer
      SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

      Please support pfBlocker | File Browser | Strikeback

      1 Reply Last reply Reply Quote 0
      • M Offline
        Mad Professor
        last edited by Aug 20, 2010, 8:54 AM

        Because we're lazy to plug in and swap usb sticks. LOL! Frankly it simple to network and get everything we need from one computer then having to KVM between two machines.

        Anyways…

        Squid isn't really working, basically I must be missing something here. Nothing is being proxy, nothing is loading.

        I must have it setup wrong.

        1 Reply Last reply Reply Quote 0
        • T Offline
          tommyboy180
          last edited by Aug 20, 2010, 9:25 AM

          :)

          Make sure your browsers' proxy settings are set to your squid settings.

          -Tom Schaefer
          SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

          Please support pfBlocker | File Browser | Strikeback

          1 Reply Last reply Reply Quote 0
          • M Offline
            Mad Professor
            last edited by Aug 20, 2010, 10:32 AM

            I can't get proxy to work.

            No one has really told me what I'm doing wrong with squid and why nothing is loading, even after I set the browser to 10.10.10.1:3128

            Transparent enabled, disable, nothing is working. even tho squid is running.

            Pages load as untitled or blank or not at all.

            In "states" if I make a request for a website, I get
            127.0.0.1:80 <- 96.9.182.197:80 <- 10.10.10.150:9661

            But it shouldn't be doing this.

            What am I doing wrong?

            1 Reply Last reply Reply Quote 0
            • T Offline
              tommyboy180
              last edited by Aug 20, 2010, 10:56 AM

              This should help: http://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy

              I wouldn't do transparent mode but it's up to you.

              -Tom Schaefer
              SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

              Please support pfBlocker | File Browser | Strikeback

              1 Reply Last reply Reply Quote 0
              • M Offline
                Mad Professor
                last edited by Aug 20, 2010, 6:16 PM

                I just did that, does no one even read?

                forget it. I'm not getting much help here.

                I'll just do a firewall alias and block common ports, and take my chances.

                1 Reply Last reply Reply Quote 0
                • ? This user is from outside of this forum
                  Guest
                  last edited by Aug 21, 2010, 3:19 AM

                  So your plan is to be a jerk to someone who was trying to help you?  Great plan.

                  1 Reply Last reply Reply Quote 0
                  • E Offline
                    Efonnes
                    last edited by Aug 21, 2010, 7:30 AM Aug 21, 2010, 7:08 AM

                    I don't see that much of any help was really given.

                    Mad Professor: It is possible that since you are trying to block everything, you may even be blocking access to your proxy.  For the transparent mode, try adding a rule that allows access to 127.0.0.1:80 (based on that states entry you posted).  For non-transparent mode, you want a firewall rule allowing access to your proxy server port on the proxy's IP address.

                    Even in transparent mode, it will at least block outgoing connections on port 80 that are not HTTP traffic, though the alternate port idea might also be a good idea if it isn't too much of a burden and you remember to change the proxy settings back before you return the systems to their owners.  If you don't want to have to remember to do that, it would probably be best to just use the transparent mode.

                    As a precaution, I'd suggest having a network specifically for connecting those infected systems - one that you maybe even only connect one system at a time to it when you are connecting potentially infected systems.  If you need to be able to connect more than one potentially infected system (or mix infected with non-infected), you could use a managed switch to block communication between computers on the LAN, except to the port where your router is attached.  This way you can prevent potential cross-contamination.

                    1 Reply Last reply Reply Quote 0
                    • M Offline
                      Mad Professor
                      last edited by Aug 22, 2010, 8:05 AM

                      Thank you efonne, I've end up removing the sixth nic from my pfsense box, and when I did that, I broke pfsense completely. Couldn't do anything like get to shell locally or ssh into the box, something about 214 xml, even tho dhcpd was still working. Had to do a wipe and reload, I had configuration backup just before I started messing with it. I'll setup another pfsense box try your suggestion if it works, I'll implement it into my primary. If it doesn't work I'll get a managed switch.

                      1 Reply Last reply Reply Quote 0
                      12 out of 12
                      • First post
                        12/12
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received