Firewall rules to restrict any connection from lan clients to outside of local network but use squid to browse web
-
Hi to all.
I wanted to setup a firewall so a local machines can't send and receive anything except in LAN, but to allow them to browse web.My search thru this forum ended with plan to setup firewall rule to block everything and install squid and setup on all clients proxy settings in browser so they can surf the net thru squid.
If this idea is wrong please advice what to do. If is OK please let me describe what I did (because it;s not working right now)
I put firewall rules on Lan and wan to block as shown in pictures
when I started squid if there aren't any firewall rules i can see that traffic is going thru proxy, but when rules are on it is not possible to open any website. I tried also squid in transparent mode with no luck.
How to sort this out?
Thanks in advance -
Hi :)
Dude i can not understand what are you trying to achieve exactly... Are you sure you need proxy ? And also if there is no rule it is blocked by default... So you dont need to make new rule to block existing rules ;) Just disable "pass" rules :) You can tell pfSense wich PC you want to have internet by making rule for that instead of using a proxy...
P.S. As i remember there should be option in DHCP : "Deny unknown clientsOnly the clients defined below will get DHCP leases from this server." as well...Just my 2 cents :)
-
Hi, I wanted to keep workstation with static ip ( current state) because we use network rendering and etc, but to block all connection from these computers from lan to internet but than again to allow them to use browser to surf the net
So at the end everything is same as in these pictures above, just added rule to allow 3128 port for proxy and turned on proxy authentication.
So at the end only connection from these workstations are thru proxy which have to be Authenticated
Thanks for help