Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid non transparent proxy

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 6.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      bueno_contigo
      last edited by

      Hello guys,

      I'm using pfsense as non transparent proxy with squid package, I'm asking if it's possible to force users to change their browser's proxy settings to have access to the intrnet.

      I'm mean :

      If the proxy config in the browser's client refers to pfsense –> the client will have access to the internet
      Else, nobody can connect without changing the browser's config.

      Because I see that pfsense is acting as transparent and no transparent proxy at the same time, what shall I do please ?

      P.S I don't like to make authentication service nor captive portal.

      Thanks in advance and sorry for my bad english.

      1 Reply Last reply Reply Quote 0
      • N Offline
        Nachtfalke
        last edited by

        Hi,

        I do not know what you like to realize now.

        If squid is working TRANSPARENT mode, than the clients do NOT have to change anything in their browser. This ins TRANSPARENT mode and is ONLY working for port 80 (http).

        If you like to use squid in NON-TRANSPARENT mode, that the clients have to enter the proxy servers address in their browsers. If they didn't enter the proxy they cannot connect to the internet. NON-TRANSPARENT mode is working with port 80 (http), 443 (https) and 21 (ftp).

        Many browsers support "automatic proxy configuration". To realize that search for WPAD. There is a how-to for pfsense.
        This is for environments where you like to use NON-TRANSPARENT squid and would like to auto config the clients browsers.

        1 Reply Last reply Reply Quote 0
        • B Offline
          bueno_contigo
          last edited by

          @Nachtfalke:

          If they didn't enter the proxy they cannot connect to the internet.

          Thanks Nachtfalke for your prompt reply :)
          Well, this is my problem, they didn't change the browser's settings but they can connect to the internet. I'd like to prevent them from this.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            You need to modify your firewall rules to prevent outbound port 80 connections. By default all traffic on LAN is passed.

            Steve

            1 Reply Last reply Reply Quote 0
            • B Offline
              bueno_contigo
              last edited by

              mmmmm, thanks stephenw10, your solution sounds to be logic, i'll try this later, and I'll tell you about the result.

              good night :)

              1 Reply Last reply Reply Quote 0
              • B Offline
                bueno_contigo
                last edited by

                @stephenw10:

                You need to modify your firewall rules to prevent outbound port 80 connections. By default all traffic on LAN is passed.

                Steve

                WoW !!! Yes Steve, I got it, many thanks, I'm really greatful, you saved me from a lot of troubles ;)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.