Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Apply firewall rules on squid

    Scheduled Pinned Locked Moved Cache/Proxy
    5 Posts 3 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mark81
      last edited by

      Hi,

      I hope somebody can help me with the following puzzle. I'm quite new to squid, so I'm probably asking something stupid. However half a day of googling and searching this forum didn't resolve it.

      I installed Squid on my PFSense appliance. All works well, however when using the proxy firewall rules are bypassed.

      I would like to use squid, however I would like to filter as well. Is there a way to make squid behave more like a normal client. Make it eg. use an interface so you I can firewall that interface? Or another way to apply firewall rules?

      Thanks,

      Mark

      1 Reply Last reply Reply Quote 0
      • S Offline
        Stewart
        last edited by

        Squid shouldn't bypass the firewall as it is a separate package.  We use the two in tandem on all of our installations without problems.  Can you give examples as to what makes it appear to be doing that?

        1 Reply Last reply Reply Quote 0
        • M Offline
          mark81
          last edited by

          Hi Stewart,

          Thanks for your reply. And great to learn I can use Squid in conjunction with firewall ruling.

          I have squid on my PFSense box running on my server vlan interface. I configured proxy in browser : 192.168.20.1 port 3128.
          All works well.

          Now without proxy I just disabled a simple firewall rule allowing access to a webhosting control panel on port 2222. With this rule disabled I cannot access the control panel.

          The moment I enable the proxy in my browser I am able to access the control panel. So squid is ignoring all rules set on the Server VLAN interface.

          Squid realtime log:

          Date IP Status Address User Destination
          23.03.2017 11:46:24 192.168.20.18 TCP_REFRESH_MODIFIED/200 http://5.xx.xx.125:2222/favicon.ico - 5.xx.xx.125
          23.03.2017 11:46:24 192.168.20.18 TCP_REFRESH_MODIFIED/200 http://5.xx.xx.125:2222/images/pass0input.gif - 5.xx.xx.125
          23.03.2017 11:46:24 192.168.20.18 TCP_REFRESH_MODIFIED/200 http://5.xx.xx.125:2222/images/user0inout.gif - 5.xx.xx.125
          23.03.2017 11:46:24 192.168.20.18 TCP_REFRESH_MODIFIED/200 http://5.xx.xx.125:2222/images/bg0main.gif - 5.xx.xx.125
          23.03.2017 11:46:24 192.168.20.18 TCP_REFRESH_MODIFIED/200 http://5.xx.xx.125:2222/images/login0bt.gif - 5.xx.xx.125
          23.03.2017 11:46:24 192.168.20.18 TCP_REFRESH_MODIFIED/200 http://5.xx.xx.125:2222/images/logo.gif - 5.xx.xx.125

          Probably Squid isn't running on that interface, hence my question. How can I make Squid respect my firewall rules, or just configure firewall rules on it is fine with me as well.

          Thanks

          Mark

          1 Reply Last reply Reply Quote 0
          • M Offline
            mark81
            last edited by

            Or do I need squidguard to acchieve filtering on squid proxy?

            1 Reply Last reply Reply Quote 0
            • A Offline
              aGeekhere
              last edited by

              if it helps for web filtering

              https://forum.pfsense.org/index.php?topic=112335.0

              Never Fear, A Geek is Here!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.