Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Possible to bypass firewall using squid?

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 3 Posters 501 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcmullen
      last edited by mcmullen

      Will squid bypass my firewall? I have blocked some destination IP adresses (IPs of other vlans and public ips) and some ports on my lan interface by firewall rules. In addition I'm using snort.

      If i setup squid transparent proxy. Can clients bypass my firewall rules using the proxy? Are the firewall rules evaluated before the traffic reaches the squid? omegle

      CybermazeC 1 Reply Last reply Reply Quote 0
      • CybermazeC
        Cybermaze @mcmullen
        last edited by

        @mcmullen no, squid will not bypass your firewall rules. Squid resides on the inside of your network, usually on LAN or OPT networks, so WAN rules will still apply to whatever is trying to get out or in from the internet.

        N 1 Reply Last reply Reply Quote 0
        • N
          netblues @Cybermaze
          last edited by

          @Cybermaze While it is true for wan interface, clearly it is not the case with outbound.
          Outbound connections are filtered as incoming at the lan level.
          Transparent squid proxy is done by natting to squid proxy.
          Since nat is done before firewall rules, outbound rules won't be evaluated.
          Limiting nat target is probably the only way to go, and then what is offered by squidguard.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.