Possible to bypass firewall using squid?

mcmullen · Jul 20, 2020, 2:47 AM

Will squid bypass my firewall? I have blocked some destination IP adresses (IPs of other vlans and public ips) and some ports on my lan interface by firewall rules. In addition I'm using snort.

If i setup squid transparent proxy. Can clients bypass my firewall rules using the proxy? Are the firewall rules evaluated before the traffic reaches the squid? omegle

Cybermaze · Jul 19, 2020, 8:19 AM

@mcmullen no, squid will not bypass your firewall rules. Squid resides on the inside of your network, usually on LAN or OPT networks, so WAN rules will still apply to whatever is trying to get out or in from the internet.

netblues · Jul 19, 2020, 11:02 AM

@Cybermaze While it is true for wan interface, clearly it is not the case with outbound.
Outbound connections are filtered as incoming at the lan level.
Transparent squid proxy is done by natting to squid proxy.
Since nat is done before firewall rules, outbound rules won't be evaluated.
Limiting nat target is probably the only way to go, and then what is offered by squidguard.