Installing SquidGuard 1.14_4 pfsense 2.3.2(amd64)



  • Hi ALL,

    Is there any Good Ideas here i need confirmation and ideas about the Squidguard config of my pfsense 2.3.2 x64.

    I am installing the Squidguard version 1.14_4 in my pfsense 2.3.2 x64 i have some restriction here please attach image.  And when i've set up in my pfsense that have a proxy and have a port also in my browser the pfsense will block the social media and others who listed in the Common ACL.

    Now my question is when i change the the LAN setting to Automatic detect settings they can now acces all the websites and even the social media? and also they have an internet? That was supposed to be no connection if you change the LAN settings to Automatic detect settings.? I use chrome incognito and safrebrowsing in firefox instead of explorer.

    papartsharingan,

    ![pfsense squidguard 1.png](/public/imported_attachments/1/pfsense squidguard 1.png)
    ![pfsense squidguard 1.png_thumb](/public/imported_attachments/1/pfsense squidguard 1.png_thumb)
    ![pfsense squidguard.png](/public/imported_attachments/1/pfsense squidguard.png)
    ![pfsense squidguard.png_thumb](/public/imported_attachments/1/pfsense squidguard.png_thumb)



  • Auto-detect relies on you having configured WPAD.  Have you done this?  Also, unless you add a block on LAN for tcp 80/443 then the users can easily get around your proxy.

    By the way, the proper forum for squid/squidguard is the Cache/Proxy forum.



  • Hi KOM,

    Yes, i set in the rules to block the port 80/443. Please see attache images. In matter of the WPAD i did not config here because i enable a transparent proxy in my squid. because i set my pfsense box into admin but i want a restriction and minimal browsing in the admin side.

    Thanks,
    papartsharingan

    ![pfsense squidguard3.png](/public/imported_attachments/1/pfsense squidguard3.png)
    ![pfsense squidguard3.png_thumb](/public/imported_attachments/1/pfsense squidguard3.png_thumb)



  • You don't show enough of your rules.  I have no idea where they are relative to other rules.  Rules are processed top-down.

    In matter of the WPAD i did not config here because i enable a transparent proxy in my squid.

    This detail would have been nice to know beforehand.  I don't use squid in transparent mode as it's a royal pain in the ass.  Use explicit mode along with WPAD and you will be able to use squidguard to filter HTTPS URLs.



  • Hi KOM,

    here is my firewall rules please attach image..

    And do you have any link to the correct config of WPAD?.

    Thanks,

    papartsharingan

    ![pfsense squidguard3.png](/public/imported_attachments/1/pfsense squidguard3.png)
    ![pfsense squidguard3.png_thumb](/public/imported_attachments/1/pfsense squidguard3.png_thumb)



  • All of your ALL IP rules are useless since that traffic is handled by the Default Allow LAN to Any rule at the bottom.  Get rid of all of those rules and then your users will not be able to go around the proxy.



  • Hi KOM,

    What do you mean by rid?

    you mean the default allow LAN to any rule will be transfer to top above the pfblocker?

    thanks,

    papartsharngan


  • Banned

    Please, avoid multiposts. https://forum.pfsense.org/index.php?topic=124567.0

    Additionally, both posted in wrong forum. :(



  • What do you mean by rid?

    rid = delete

    you mean the default allow LAN to any rule will be transfer to top above the pfblocker?

    No.  I didn't say anything about the pfBlocker rules.  I said delete all of your user rules contained within the ALL IP section because their functionality is already handled by the Default Allow rule.



  • Hi KOM,

    1 Last question here..

    No.  I didn't say anything about the pfBlocker rules.  I said delete all of your user rules contained within the ALL IP section because their functionality is already handled by the Default Allow rule.

    What if i will disabled the Default allow LAN to any rule?..is it ok?…

    because i cant't delete the ALL IP it is because in there i can adjust there bandwithd and other options in rules.

    thanks,

    papartsharingan



  • What if i will disabled the Default allow LAN to any rule?..is it ok?…

    If you do that then nothing on your network will have Internet access except for those users under ALL IP.

    because i cant't delete the ALL IP it is because in there i can adjust there bandwithd and other options in rules.

    There are better ways to use traffic shaping or limiters to manage bandwidth.  Having a hard cap per user usually isn't optimal as bandwidth above the cap doesn't get used.



  • Hi KOM,

    If you do that then nothing on your network will have Internet access except for those users under ALL IP.

    This is what i want..

    thanks KOM

    papartsharingan



  • There are better ways to use traffic shaping or limiters to manage bandwidth.  Having a hard cap per user usually isn't optimal as bandwidth above the cap doesn't get used.

    I don't have any config on that



  • Then head on over to the Traffic Shaping forum and start asking questions.



  • Thanks KOM



  • It seems the old known problem ( http://https* ) is still present on version 2.3.4
    Also, for some reason, when using HTTPS for pfsense console, Squidguard is not redirecting the error page for Https, but http.
    Still investigatin it here…


Log in to reply