Squid bypassing firewall rules?
-
Squid seems to be bypassing the firewall rules with transparent proxy?
Is there a way around this?
I tried searching online without much luck.
-
Squid seems to be bypassing the firewall rules with transparent proxy?
Is there a way around this?
I tried searching online without much luck.
It seems to bypass the firewall rules even without transparent proxy for me - I would also like to know if this is intentional. Any rule i create on WAN /LAN/ Floating is entirely ignored as far as i can tell
-
May be this will help - https://docs.diladele.com/tutorials/filtering_https_traffic_squid_pfsense/updates.html#enable-transparent-proxy
See a note about QUIC -
This issue is still affecting me.
This completely unrelated to the QUIC protocol.
The sites in question are being blocked by pfblockerng ip address lists. Which blocks everything to said sites except for port 80, which is routing through squid past the firewall and firewall rules.
Testing was done by putting the ip address of said site into the browser ex: http://1.2.3.4 and watching it return a response.
-
follow up:
In the end, the only way around this problem for me was to disable squid :(.
-
the only way around this problem for me was to disable squid :(.
Agreed. Anything that supersedes my set in stone authority gets two thumbs down from me, too.
-
In my case I noticed that if the firewall rules were ignored only if Enable SSL filtering / Splice All was activated. I still haven't found a solution to have both.
-
Normal LAN firewall rules are ignored for traffic that is passed to the proxy and for good reason.Tthe NAT redirect that is in place for the transparent proxy forces the traffic to the proxy by rewriting the destination address:port pair in the packets to 127.0.0.1:3128 (the usual set up) before they hit the LAN filter rules. This is why the modified traffic won't match your LAN filter rules.
Make sure you're not proxying too much with a too "wide" NAT rule, NAT only the traffic you want to be controlled by the proxy.