Firewall omited when enabled transparent proxy

  • Hi,
    i set rule "allow any any to any 80,443 tcp out shedule time" (no other rule for that ports in firewall). So traffic is allowed only in specified time. (tested without proxy enabled)
    But it is not working, when i use also transparent proxy in splice all mode.
    How to set properly, so i can set time, when HTTP/S is working?
    PFSENSE 2.4.4 p2, AMD N54L, SQUID, SQUIDGUARD,....

    EDIT: for now i solved this problem by adding rule to block DNS (dont like this solution, because firewall rules for 80,443 not working). But i think, that also pfblocker IPv4 lists (in firewall rules) dont work with proxy in transparent mode.
    Also i see, some google applications (Google QUIC) is useing 443 UDP, this can be filtered in firewall but not in squid (but this is another problem).

  • Rebel Alliance Developer Netgate

    Transparent proxy bypasses firewall rules when it grabs traffic. You have to use something in the proxy itself to control traffic. There are schedules in squidGuard if you need them.

  • I thinking about disable proxy transparent mode and setup NAT rules from lan 80 to localhost 3128 and lan 443 to localhost 3129. If i setup that nat rules, pfblocker and other firewall rules can work?

  • Rebel Alliance Developer Netgate

    If you disable transparent mode, more things get changed than only the NAT rule. Maybe if you keep transparent mode enable, but exclude your local network from the automatic rules it might work.

  • Dear sir thx for your help.

    Can you pleas explain how to (for noob)?

    1. switch from "NAT/Outbound/mode automatic" to "NAT/Outbound/mode hybrid"
    2. all rules "interface WAN, source LAN, nat adress WAN" set to disabled?

Log in to reply