3. Firewall / Squid and possible security related issue.

Firewall / Squid and possible security related issue.

  • J

    Hi Guys,

    I think I've run into another problem with Squid and the Firewall this time.

    With Squid enabled as transparent proxy, I went into Firewall Rules and changed the default LAN Net policy to "block" and ensured all protocols etc were set to "any". I am now assuming that no one on my Lan will be able to access the internet.

    However, I was still able to access the internet, etc without any problems…matter-of-fact, I am doing so now with the block any rule turned on!

    Now, when I turn off the squid service, revert the default LAN any rule to accept and then back to block, it works. I can no longer surf the internet and I get the Network Timeout error.

    I am assuming the firewall rules take precedent here. Please let me know your thoughts.

    Thanks

    Jits

    0
  • J

    I didn't Reset the Firewall State table after making such a change. Again, I'm assuming based on what I'm reading that I should have to effect changes a bit quicker than normal. Correct?

    0
  • C

    Its in your squid.inc that modifies the pf rules.

    You can edit your squid.inc in /usr/local/pkg/squid.inc and comment:
    $rules .= "#pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n";
    $rules .= "#pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n";

    to show your current pf rules

    pfctl -sr
    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy