Unofficial E2guardian package for pfSense
-
Just an update,
My E2 Guardian has now been rock solid after the last update. However - HOST- shows dns error, not sure why because in my pfSense DHCP leases it shows the host name.
Also Marcello, I replied to the transparent proxy issue you reported on GitHub. Since Phillip will add the feature in V5 do you know if we can use pfSense to redirect the traffic for now? I've been successful in doing it for port 80 (HTTP) but not port 443 (HTTPS).
Thank you for bearing with me, and pushing out the necessary updates.
Did you tried this:
https://www.howtogeek.com/295048/how-to-configure-a-proxy-server-on-android/You hardcode the proxy values or enter the url of the PAC file.
-
Since Phillip will add the feature in V5 do you know if we can use pfSense to redirect the traffic for now? I've been successful in doing it for port 80 (HTTP) but not port 443 (HTTPS).
I'm using this way for transparent proxy with no MITM
https://forum.pfsense.org/index.php?topic=128116.msg730725#msg730725
For MITM clients I'm using WPAD.
-
Take a look or send a screenshot on the same field I've pushed on my last post.
Thank you Marcello.
Ok, I've only selected porn (pic8).
In config, it says this (txt).
There is something else weird: in include there are sections that are available in config. For example, spyware and hacking are available in include, but not in config (see pic9 and *.txt).
-
Since Phillip will add the feature in V5 do you know if we can use pfSense to redirect the traffic for now? I've been successful in doing it for port 80 (HTTP) but not port 443 (HTTPS).
I'm using this way for transparent proxy with no MITM
https://forum.pfsense.org/index.php?topic=128116.msg730725#msg730725
For MITM clients I'm using WPAD.
Hmm, without WPAD can you force clients to use E2Guardian proxy for HTTPS using pfSense rules? So for guest devices I don't MITM, but I still want them to go through proxy for URL based filtering + caching via squid. I don't want to solely rely on WPAD, because it only seems to work well on Windows, however on IOS it works hit and miss, and Android doesn't WPAD functionality at all.
It can be done for sure, but I just want to know if we can use pfSense rules as it is, since I'm only having luck with NAT redirecting port 80 traffic. -
@Mr.:
Ok, I've only selected porn (pic8).
In config, it says this (txt).
The GUI package does not include any .Include to text fields under ACL tab. All you see are default configuration for a stock e2guardian bsd binaries.
All you select under include combo will reflect on filtergroup file, that does not appears on GUI.
-
but I just want to know if we can use pfSense rules as it is, since I'm only having luck with NAT redirecting port 80 traffic.
You can try with 443 nat rule without MITM, but I use squid transparent SSL with SPLICE_ALL to send non configured clients to e2guradian acls.
-
@Mr.:
Ok, I've only selected porn (pic8).
In config, it says this (txt).
The GUI package does not include any .Include to text fields under ACL tab. All you see are default configuration for a stock e2guardian bsd binaries.
All you select under include combo will reflect on filtergroup file, that does not appears on GUI.
So what do I need to do to make it work?
-
@Mr.:
So what do I need to do to make it work?
What I suggested on one of the first topics. Check config on all tabs if you still are getting erros.
The selected itens on include are present on resulting config file under /usr/local/etc/e2guardian/
That adult/domains erros probably are uncomment on your site deny text field.
-
@Mr.:
So what do I need to do to make it work?
What I suggested on one of the first topics. Check config on all tabs if you still are getting erros.
Sorry, what you suggested I did multiple times in a row, Marcello.
I have uninstalled it and simply conclude it doesn't work.
-
@Mr.:
I have uninstalled it and simply conclude it doesn't work.
What erros do you get? Same as before? Did you tried to comment include acls that does not exists on file system?
-
hi marcelloc,
could you possible update your setup and configuration procedure so that it is up to date and tidy up.
On a clean install, just save setup on GUI and use.
With previous install, check error messages.I mean, could you include in your setup guide / instruction how to have it http and https filtering with wpad so we can make it successfully running.
-
I mean, could you include in your setup guide / instruction how to have it http and https filtering with wpad so we can make it successfully running.
Did you tried this?
https://forum.pfsense.org/index.php?topic=128116.msg731037#msg731037
-
@Mr.:
I have uninstalled it and simply conclude it doesn't work.
What erros do you get? Same as before? Did you tried to comment include acls that does not exists on file system?
Thank you for all your help, dear Marcello ;D
I have decided to let it rest for a while, wait until perhaps a good tutorial comes along (I understand you are busy too) and then try again some day. For now it simply doesn't work.
Viva Brasil ;)
-
@Mr.:
For now it simply doesn't work.
I disagree, it works really nice. Hope you can get it working some day.
bye :)
-
I mean, could you include in your setup guide / instruction how to have it http and https filtering with wpad so we can make it successfully running.
Did you tried this?
https://forum.pfsense.org/index.php?topic=128116.msg731037#msg731037
Marcelloc,
Yes, I read that and it is pointing to https://forum.pfsense.org/index.php?topic=128116.msg730725#msg730725.
It is somewhat hard to follow for novice like me. Which is why I requested if you could kindly make it more clear and easier to follow.
Its really hard to follow with all the discussions discussed here especially if the read cannot relate or follow to the setup or configuration being discussed.I have installed your unofficial e2guardian and wpad through the pfsense package manager in gui. but after that I cannot make it work with http and https filtering with wpad. I am not sure what to do with the configuration, additional firewall rules, etc.
-
If you are on i386 architecture, uninstall/reinstall the package or run pkg install openssl on console. The was missing and without it, e2guardian does not start.
If you know how to install from freebsd repo, the result will be the same.
-
Hi Marcelloc,
I just would like to clarify coz I am confused.
1. Is E2Guardian a replacement for squidguard or squid ?
2. Do I need to install Squid package if I use E2Guardian ?
3. If I need to install Squid package, do I need to enable the Transparent proxy and SSL MITM Filtering in Squid Proxy configuration ? -
1. Is E2Guardian a replacement for squidguard or squid ?
Full replacement for squidguard with more features.
2. Do I need to install Squid package if I use E2Guardian ?
If you do not need authentication or just ip authentication and no transparent proxy for ssl then you need only e2guardian package
l
3. If I need to install Squid package, do I need to enable the Transparent proxy and SSL MITM Filtering in Squid Proxy configuration ?If you plan to transparent proxy ssl, then you need to enable splice all and configure cache peer to send traffic to e2guardian.
-
Hi Marcelloc
I appreciate all the work you are doing with e2guardian. I have be playing for awhile and I finally got it working.
I am a novice with pfsense so it took me awhile to figure some things out. One thing I seemed to have a problem with is file permissions. Even when I install e2guardian on a fresh installed pfsense, there where file permission problems. One was the log file and the other was the directory where temp ssl certs where stored, not sure if I am saying this correctly or not. After I figured out how to change file and directory permissions I got everythinf to work. I am using MITM filtering by the way.
So for what ever it is worth. GREAT WORK MARCELLOC! :) -
Hey Marcello,
I'm sure you missed me. :P
Can you please look into caching content that E2Guardian has MITM'd? Using Squid directly doesn't seem to work due to them not using SAN on forged certificates. If you could add a workaround that would be amazing, for now and the future. Because for now even with MITM turned on, via E2Guardian, I have only been able to make Squid cache HTTP content, not HTTPS.
This makes caching slightly redundant as most websites have or are moving to HTTPS.
You you understand,
Thanks bro :)
PS: Be proud of urself, I am planning to deploy E2Guardian in a Charity Organisation! However… I am still waiting on that bug with blacklisted sites not showing category to be fixed. Thanks again for porting this over to pfSense, and keeping everything free, accessible and open source!