New to PFsense - Transparency mode
-
No problem. :)
To do that you should install pfSense as your network router.
Install the Squid web proxy package and get that working.
Install either the Squidguard or Dansguardian package to filter web content.By far the best source of pfSense information is the official book. A new book is due out shortly that will cover 2.0.x and 2.1 in more detail.
There is a lot of pages in the docs wiki that cover installation and Squid etc.
There's a lot of good step-by-step guiges at this site: http://pfsensesetup.com/ I don't believe that is related in any way to the dev team or any official source. Seems mostly correct though. :)Steve
-
Sir,
I'm confuse with the squid web proxy and squidguard? Is it 2 different package to install?
-
Sir,
Just to add to my previous post.
What is the difference of the squid web proxy and squidguard? What is the purpose of each?
What is the title of the book and the author?
-
Squid is a web proxy server: http://www.squid-cache.org
Squidguard is an addon for Squid to allow URL filtering: http://www.squidguard.org
Dansguardian is an alternative to Squidguard that has more flexibility and options: http://dansguardian.orgThe book is called 'pfSense: The Definitive Guide' it's written by the project developers and is available from Amazon: http://www.amazon.com/gp/product/0979034280?ie=UTF8&tag=pfsense-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0979034280
Steve
-
Sir,
Should I install the squid and squidguard? Which better to use between the squidguard and dansguardian?
-
Sir,
Please see below if my understanding is correct about the squid, squidguard and dansguardian
Squid
- its a proxy server that help to cache a website for a certain network
- help or improves internet browsing speed for the clients using the caching capability of squid
Squidguard
- its a add-on of squid
- use for blocking a website base on url only
- you can configure here for the exception on blocking a website or user who will you allow for the certain website
Dansguardian
- its a different or separate package from squid
- it can block a website using content filtering meaning it will check the whole website if will access it or block it.
These are my question
-> Is the statement above correct? Do I miss something? Kindly correct me or add if there is wrong about it and missing.
-> Is it a good practice(as a pfsense user) or is it a common practice to install the squid, squidguard and dansguardian?
-> What is squid3? Is it the same with squid?Thank you in advance
-
Dansguardian still requires a proxy to operate so it is also in addition to Squid. The advantage of Dansguardian (as far as I know!) is that you have things like keywords and phrase matching. This means that even a new website that is not on blacklists can be blocked.
There are two Squid packages 2.x and 3.x. Squid3 offers more features but is considered less stable, well tested, than older Squid 2 series.
I am not an expert in these things. I have run Dansguardian in the past but not with pfSense. There are a number of threads here on the forum and many, many other web pages discussing Dansguardian vs Squidguard. For example: http://www.theninjageek.co.za/blog/2013/07/02/pfsense-squid3-and-dansguardian-a-better-alternative-to-squidguard/
Steve
-
If you use dansguardian, stick with squid and not squid3 unless it has a feature you absolutely need.
The combo of dansguardian + squid3 was sort of painful for me.
-
Sir,
Are you suggesting to install dansguardian and squid? And these two are the best combination for control the accessing the websites?
-
No - What I'm suggesting is that IF you install dansguardian, squid might be less trouble than squid3. Thats all I'm saying.
dansguardian does work OK to limit access to porn and things like that. It doesn't help limit anything in HTTPS though.
Also, really smart kids will figure out that they can search images and see the images without actually going to a porn site.NOTHING works 100%
At best you can make it annoying to browse porn. Very difficult to stop it completely.
-
Sir,
Now i.understand what are you trying to say. Which.is better? Squidguard or dansguardian? -
I don't know - I've never ran squidguard. I'm sure lots of people have opinions on that issue.
You can ALSO control access to certain sites by using either OpenDNS or DynDNS.
Both of those will allow you to open an account and set up blocking preferences.Then you can have pfsense get its DNS from OpenDNS or DynDNS and you can have everything on your network get its DNS fro pfsense DNS forwarder. This work very well also either by its self or in combination with either dansguardian of squidguard.
Where are you located? I'd pick DNS service closest to you if you do that.
-
I'm from philippines
-
I REALLY miss that place :-[
Gotta get there again soon.Anyway - I'd use OpenDNS - They have 2 servers near(ish) to you.
DynDNS only has 1 sort of close. -
Sir,
I'm trying to configure the pfsense for web proxy cache and content filtering using squid 3 and dansguardian. Base on my web search one of the instruction is to configure in the firewall to redirect all the http request or port 80 to 8080. When I following there instruction I'm getting an error of SSL error and I cannot access the pfsense webconfiguration.
Below is the link what I follow for the configuration.
http://www.theninjageek.co.za/blog/2013/07/02/pfsense-squid3-and-dansguardian-a-better-alternative-to-squidguard/Kindly assist me with this.
Thank you
-
You can direct all of port 80 in and that will work, but not port 443. OK?
-
If you put in a firewall rule that redirects all traffic on port 80 that may include traffic for the webgui. Either change the port the webgui listens on or add a rule above the squid rule to allow traffic to the webgui without redirection.
Steve
-
I'm confuse. Is it necessary or mandatory to redirect the port? What us the purpose of doing it?
-
Redirecting port 80 is necessary in that configuration. It captures http requests from clients behind pfSense and sends them to Squid/Dansguardian.
Steve
-
Sir,
I was trying to follow the instruction on the link I gave in the last post. I'm getting a trouble accessing the pfsense webconfig. Now I'm really confuse and don't know what to do. Kindly assist me with this.
Thank you in advance.
