Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Group ACL behaving strangely

    Firewalling
    2
    4
    767
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Vlee
      last edited by

      Hello all,

      I have 2 PC ips set in a group ACL. They both have the target rule to block webmail.
      One pc blocks webmail while the other does not.
      What could be the issue?
      Please advise.

      Thank you

      • Victoria
      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Questions about squid and squidguard should be directed to the Cache/Proxy forum.

        Without showing any of what you've done in the way of configuration or even if you're running in transparent or explicit mode, we can only guess:

        • the one PC's IP address is not in the Group ACL so your rule doesn't apply to it
        • the one PC is not set to use the proxy (explicit mode)
        • the one PC is in multiple ACLs, and one of them allows webmail and you have it sequenced before the one that denies

        That's off the top of my head.  Post some screenshots of what you've done and it might become more clear.

        1 Reply Last reply Reply Quote 0
        • V
          Vlee
          last edited by

          @KOM:

          Questions about squid and squidguard should be directed to the Cache/Proxy forum.

          Without showing any of what you've done in the way of configuration or even if you're running in transparent or explicit mode, we can only guess:

          • the one PC's IP address is not in the Group ACL so your rule doesn't apply to it
          • the one PC is not set to use the proxy (explicit mode)
          • the one PC is in multiple ACLs, and one of them allows webmail and you have it sequenced before the one that denies

          That's off the top of my head.  Post some screenshots of what you've done and it might become more clear.

          Hi,

          I will move this over to Cache/Proxy forum. But just to respond.

          1. Both PC Ips are set in the same exact Group ACL.
          2. I am not sure what this means but I will check it out. Thanks
          3. The one PC is not in multiple ACLS (I checked). All ACLs we have blocks webmail.

          • Victoria
          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            I am not sure what this means but I will check it out. Thanks

            Squid can run transparently or explicitly.  If explicit, then you must inform all clients about the proxy.  If transparent, the redirection to squid is invisible to the client.  In explicit mode, you must add firewall rules to deny access to ports 80/443 from LAN so that the client cannot get web access without going through the proxy.  If you do not have such rules in place and the client simply turns off proxy access then they are going out direct.  You do not want this.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post