Squidguard blocking LAN I.P adresses
-
Hi all,
This is my first post to this forum and I new to PfSense so if I sound like I am being a little stupid it's because I probably am…
I am experiencing an issue in squidgaurd which is presumably due to a misconfiguration on my part. Basically I have just switched from using squid in transparent mode to using it in non-transparent mode on port 3128 and I am experiencing an issue where SquidGaurd is blocking me from going to a local web server, for example my apache server which sits at 10.10.20.20 on port 80... I have already tried to whitelist 10.0.0.0/8 but it says its not a valid domain....? I just want to figure out how to stop blocking all the 10.0.0.0/8 destinations. I tried adding a LAN firewall rule but this did not help... I did not have this problem in transparent mode.Any help would be greatly appreciated
-
It's not actually blocking it, SQUID just has no way of looping back in to your network like that in most situations.
How are you telling machines to get the proxy information? WPAD? Explicit?
If you are telling the machines individually, there should be a setting to not use the proxy for local addresses. If using wpad, you can define your network there and your computers will direct connect to the server once again.
-
Also, do you have squidguard set to block the use of IP addresses that is used to get around domain filtering? What is the exact error your'e seeing?
-
It's not actually blocking it, SQUID just has no way of looping back in to your network like that in most situations.
How are you telling machines to get the proxy information? WPAD? Explicit?
If you are telling the machines individually, there should be a setting to not use the proxy for local addresses. If using wpad, you can define your network there and your computers will direct connect to the server once again.
@KOM:
Also, do you have squidguard set to block the use of IP addresses that is used to get around domain filtering? What is the exact error your'e seeing?
Thanks for responding guys, I really appreciate the support…. I'm currently using WPAD with the expectation of a few clients that do not pick up the wpad... and yes I block IP's to prevent bypassing the proxy I have since found the setting to bypass the proxy on clients that I have set the proxy for but I'm not sure of how to do this using WPAD... I redirect all errors to a custom domain so I can't tell you the exact error page.... but if it helps the squidgaurd block log reads:
31.12.2016 15:09:56
10.10.20.15/nickimacbook.nickijames.lan http://10.10.20.60/ Request(Admin_Devices/in-addr/-) - GET REDIRECT -
What does your WPAD file look like?
Should be somewhat similar to this for the basics… Mine's a little different from the most basic, but this works fine for me, even when I have the option to block by IP addresses in the URL set, since the connections aren't proxied and are connecting directly.
function FindProxyForURL(url,host) { if(isPlainHostName(host)) { return "DIRECT"; } if(isInNet(host,"127.0.0.1","255.255.255.0")) { return "DIRECT"; } if(isInNet(host,"192.168.0.0","255.255.255.0")) { return "DIRECT" } return "PROXY 192.168.1.1:3128"; }
