Pfsense - SquidGuard

  • Hi,

    I was just asked in other forum why Do I have to Enable Proxy transparent mode to work with squidguard, because it's only works when I setting that,
    And they answered me :
    "squidguard works regardless of whether squid is explicit or transparent.  What you are seeing is that you don't have any tcp 80/443 blocks on LAN, so all your clients just go straight out without any filtering because a) they are not aware of your proxy and b) you don't block them from doing so."

    I understand from that I need to add some kind of New rule to the firewall that block these ports on LAN ?

  • Yes.  Below is an example.  The first rule under Squid Proxy Rules allows specified clients (the alias ExemptFromProxy) to go out direct without using the proxy.  The next rule allows all clients to access web services from the DMZ.  The last rule blocks all web access which forces all clients (except those exempt) to use the proxy if they want web access.

    Your next step will be to either manually configure all your clients to explicitly use the proxy, or configure WPAD so they can auto-discover it on their own.

  • Hi,
    Sorry for the late answer…

    In destination i dont see DMZ net...
    Do you know why is that?

    see below

  • Do you actually have a 3rd interface (after WAN and LAN) that you have labelled DMZ?  It isn't there for everyone by default.

Log in to reply