Proxy, i can ping any sites hostname but can't browse

m-c-ila

i have installed pfSense in a vmware esxi with two nic's. Now that i've installd squid (NOT transparent) and squidguard, configured proxy access on my laptop and deleted LAN rules any to any i can't brose. it looks like http and https error.

Proxy works when my laptop is directly connected to the server but when laptop and server are connected to the switch proxy doesn't work (i get access to internet only when rule
any to any is added)

internet - modem -- <wan> pfsense <lan> -- switch - PCS (from pfsense i can ping switch and my laptop )

I added rules to enable ICMP and DNS and now i can ping any websites from console

m-c-ila

@m-c-ila NO ONE HERE TO HELP :(

bmeeks

You need to go do some reading here: https://docs.netgate.com/pfsense/en/latest/firewall/index.html.

Your LAN rules don't make any sense. You are only allowing traffic to the specific IP address of the LAN interface itself. You have no rule to allow anything out to the Internet. It is clear from your rules that you do not understand how pfSense firewall rules should be written. Go read through the documentation I linked and you will find the solution to your issue (and you will learn how to use the firewall in pfSense) ... .

m-c-ila

@bmeeks said in Proxy, i can ping any sites hostname but can't browse:

You are only allowing traffic to the specific IP address of the LAN interface itself.

Yeah, thanks for pointing this out, i am new here, first time i'm using pfsense. I have ALIAS of all my VLANs interface, i added two rules for ICMP and DNS and wanted to add a rule to allow traffic to pass by proxy port.

When i connect my laptop directly to pfsense proxy works and i have internet connection without adding any rule. 8080 is my proxy port

However, feel free to correct me if I'm wrong. :)

chrismacmahon

@m-c-ila said in Proxy, i can ping any sites hostname but can't browse:

@m-c-ila NO ONE HERE TO HELP :(

@m-c-ila

The forum's are a place for people to provide support for free. We love our community; however, most of the people on here have other jobs, this is a hobby of theirs.

If you need assistance quickly you will need to have a support contract with our Global Support team.

KOM

This post is deleted!

m-c-ila

@chrismacmahon I know that. When I wrote my comment I was hoping someone can see and notice my post, since there are alot of people posting problems as well ... I am new here too :)

Thanks for the advice thou

bmeeks

@m-c-ila said in Proxy, i can ping any sites hostname but can't browse:

@bmeeks said in Proxy, i can ping any sites hostname but can't browse:

You are only allowing traffic to the specific IP address of the LAN interface itself.

Yeah, thanks for pointing this out, i am new here, first time i'm using pfsense. I have ALIAS of all my VLANs interface, i added two rules for ICMP and DNS and wanted to add a rule to allow traffic to pass by proxy port.

When i connect my laptop directly to pfsense proxy works and i have internet connection without adding any rule. 8080 is my proxy port

However, feel free to correct me if I'm wrong. :)

You could have any of several issues if you are using VLANs. Are you positive you have those configured correctly with necessary tagging at any switch ports?

And sorry, but I misread your initial post and did not notice the proxy stuff. Read it too fast and while multitasking with other stuff ... . So with the VLANs you mentioned, I suspect something may not be configured correctly there. This is bolstered by the fact you say things work when you bypass the switch (if I am understanding you correctly).

m-c-ila

@bmeeks Thank you for your reply. I did the inter-vlan on cisco switch L3 and created static routes on pfsense ... From pfsense LAN i can ping the switch and other hosts. I am using a computer from a vlan and i still can ping google.com and i can access Pfsense webgui and get internet without proxy. That means vlans config is correct right ?

I am having errors with https, and http pages it tells me it's not allowed to access these pages.

Is there a rule to force traffic to pass through Proxy ?

Ps: when i connect my laptop directly to pfsense everything works even proxy .