How to block Squid on pfsense, direct WAN access?
-
In general on pfsense 2.0.1, if you remove the default rule of allow all on the LAN side, does the pfsense firewall also restrict web access for squid itself, running on the pfsense firewall?
Or does squid on pfsense always have full access to WAN ports regardless of pfsense's firewall config?
,
I am having a problem with squid apparently bypassing an upstream parent proxy and apparently instead getting pages direct off the web.
I say "apparently" because this may be a filtering problem with the upstream parent, too.
,
On many firewalls it often seems like the firewall settings only apply to external clients connecting through the firewalled LAN port. Services directly installed on the firewall host are not filtered from WAN access.
In such a situation it would be necessary to set up two pfsense in a string with firewall only on the first host, and squid on the second host attached to the first via a LAN port, for squid's WAN access to actually be blocked.
,
Even if you can block squid from accessing the web with the firewall, it's not clear to me how to allow/restrict squid's access to the WAN side, since the firewall box itself has both WAN and LAN ports assigned to it, and technically the software on the firewall straddles a middle ground between both of those ports.
-
In general on pfsense 2.0.1, if you remove the default rule of allow all on the LAN side, does the pfsense firewall also restrict web access for squid itself, running on the pfsense firewall?
Or does squid on pfsense always have full access to WAN ports regardless of pfsense's firewall config?
If you are using squid in transparent mode it will bypass interface rules.
