Squid and firewall rules
-
Hey everybody!
I have an alix 2d13 with a cf card (pfSense 2.0.1),a hdd (for the squid logfiles) and a wlan-card (interface in pfsense is called WIFI) in it. This should become a hotspot.
At the moment i am logging the wlan IPs(DHCP) with squid. Everything works fine, but this should become a save system and therfore I have to define firewall rules.
But the Problem is, that the port 80 rules for the WIFI interface dont work because everything goes over the proxy.
What can I do ? Below you can see my rules for the WIFI interface.Proto Source Port Destination Port Gateway Queue Description
TCP/UDP WIFI net * * 135 * none NetBios Block
TCP/UDP WIFI net * * 137 - 139 * none NetBios Block
TCP/UDP WIFI net * * 445 (MS DS) * none NetBios Block
TCP WIFI net * WIFI address 80 (HTTP) * none Web GUI Block
TCP WIFI net * WAN address * * none WAN address Block- WIFI net * WAN net * * none WAN Subnet Block
- WIFI net * ! LAN net * * none WIFI to Any other than LAN
Thank you!!
Greets -
Setup access lists,safe ports,black lists,squidguard,etc on squid to filter http.
If you enable WAP/PAC using dns/dhcp you can also filter https urls.
-
But I want to block for example the connection from the WLAN to the LAN. Is there no possibility to use firewall rules with squid?
I think access control of squid can not realise this or am I wrong? -
I think access control of squid can not realise this or am I wrong?
Apply the same ip range/CIDR you would apply on firewall rules.
-
Ahhh, got it :)
Thank you!
