Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Restrictive LAN rules not working with squid as transparent proxy

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mdaniel
      last edited by

      Hi,

      I block traffic from my LAN but allow port 80, 443 and 53 (HTTP, HTTPS, DNS); this works fine.
      The rules set finishes with a block-all rule.

      When I install Squid and enable transparent proxying on my LAN interface, I can't surf the web any longer.
      If I now go ahead and allow in all packets from the LAN, squid works fine as a transparent proxy.

      Apparently squid does not generate some kind of firewall rule for its transparent redirection.

      Looking at the firewall block logs, I successfully created the following rule:
      pass in on LAN protocol TCP from LAN-net to 127.0.0.1 port 3128 (squids proxy port)

      Surfing works fine now, even though the firewalling on the LAN interface is quite strict.

      I used stock pfSense 2.0.1

      Maybe I'm the only one with this problem and maybe I broke things myself by importing the firewall rules via config.xml from another  2.0 pfSense but maybe this helps somebody with the same problem.

      Cheers,
          Marcus

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.