• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Firewall rules and external proxy servers – How to prevent bypassing squid?

Scheduled Pinned Locked Moved Firewalling
3 Posts 3 Posters 5.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jaybird
    last edited by Feb 24, 2009, 2:07 PM

    Hi, I am running squid in transparent mode. It is listening on port 3128 of my pfSense-1.2.3-Router/Firewall-box at LAN-IP 192.168.1.1.

    I configured squidguard to deny access from my LAN clients to some shallalist-blacklisted internet sites. It works just fine.

    Now I am interested in some hints and advice regarding squid and content filtering related firewall rules.

    Is there a basic set of pfSense firewall rules that prevents bypassing my squid-proxy, that is, bypassing by manually configuring the clients' browsers to use external proxy servers, including those which use port 3128 (like my squid does too)?

    My aim here is to really force the lan clients to connect to squid for browsing the internet. Can it be done?

    How to setup the firewall via pfSense webGUI for this purpose…?

    I am not an expert in pfSense-firewalling, so I could use some detailed descriptions of any firewall rules which might be involved here. Thanks in advance.

    Regards,
    jaybird

    1 Reply Last reply Reply Quote 0
    • N
      nicolodeon
      last edited by Jun 13, 2009, 7:24 AM

      As the OP states, this information would be useful, I suppose STF is the way forward.

      1 Reply Last reply Reply Quote 0
      • B
        Bern
        last edited by Jun 13, 2009, 8:09 AM

        If you've got squid running in transparent mode, then the rules are applied AFTER the redirect takes place at the firewall - the same as incoming port forwarding.

        So you apply a rule that governs access to squid itself - see attached file.

        rules.png
        rules.png_thumb

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received