Apply firewall rules on squid
I hope somebody can help me with the following puzzle. I'm quite new to squid, so I'm probably asking something stupid. However half a day of googling and searching this forum didn't resolve it.
I installed Squid on my PFSense appliance. All works well, however when using the proxy firewall rules are bypassed.
I would like to use squid, however I would like to filter as well. Is there a way to make squid behave more like a normal client. Make it eg. use an interface so you I can firewall that interface? Or another way to apply firewall rules?
Stewart last edited by
Squid shouldn't bypass the firewall as it is a separate package. We use the two in tandem on all of our installations without problems. Can you give examples as to what makes it appear to be doing that?
Thanks for your reply. And great to learn I can use Squid in conjunction with firewall ruling.
I have squid on my PFSense box running on my server vlan interface. I configured proxy in browser : 192.168.20.1 port 3128.
All works well.
Now without proxy I just disabled a simple firewall rule allowing access to a webhosting control panel on port 2222. With this rule disabled I cannot access the control panel.
The moment I enable the proxy in my browser I am able to access the control panel. So squid is ignoring all rules set on the Server VLAN interface.
Squid realtime log:
Date IP Status Address User Destination
23.03.2017 11:46:24 192.168.20.18 TCP_REFRESH_MODIFIED/200 http://5.xx.xx.125:2222/favicon.ico - 5.xx.xx.125
23.03.2017 11:46:24 192.168.20.18 TCP_REFRESH_MODIFIED/200 http://5.xx.xx.125:2222/images/pass0input.gif - 5.xx.xx.125
23.03.2017 11:46:24 192.168.20.18 TCP_REFRESH_MODIFIED/200 http://5.xx.xx.125:2222/images/user0inout.gif - 5.xx.xx.125
23.03.2017 11:46:24 192.168.20.18 TCP_REFRESH_MODIFIED/200 http://5.xx.xx.125:2222/images/bg0main.gif - 5.xx.xx.125
23.03.2017 11:46:24 192.168.20.18 TCP_REFRESH_MODIFIED/200 http://5.xx.xx.125:2222/images/login0bt.gif - 5.xx.xx.125
23.03.2017 11:46:24 192.168.20.18 TCP_REFRESH_MODIFIED/200 http://5.xx.xx.125:2222/images/logo.gif - 5.xx.xx.125
Probably Squid isn't running on that interface, hence my question. How can I make Squid respect my firewall rules, or just configure firewall rules on it is fine with me as well.
Or do I need squidguard to acchieve filtering on squid proxy?
aGeekhere last edited by
if it helps for web filtering