How can we block specific sites? SOLVED. Thanks.

odods77 · Jun 4, 2009, 3:41 AM

I just installed my pfSense in my pc. I need guidance on how to block some specific sites like examples, youporn.com, and etc. Is it possible to block a particular website? or do we need the IP address of the website to block it?

Please help me.

Newbie here….

Thanks......

GruensFroeschli · Jun 4, 2009, 9:51 AM

If you want to block it via firewall you need the IP(s) of the destination.
Otherwise the packages squid and squidguard might interrest you.
See the packages subforum for this.

odods77 · Jun 4, 2009, 10:12 AM

@GruensFroeschli:

If you want to block it via firewall you need the IP(s) of the destination.
Otherwise the packaged squid and squidguard might interrest you.
See the packages subforum for this.

i already have the ip add of the website i want to blocked. But then, if i typed the domain name of the website, it will open, its not blocked.
How can i do it? i dont know what to do next. Help me..

GruensFroeschli · Jun 4, 2009, 11:11 AM

Are you sure this hostname doesnt have multiple IPs?
You can try to enable logging on the allow rules on your LAN interface and see which rule is triggered on an access to this domain.

Or another solution: If your clients all use the pfSense as DNS forwarder: override the resolved IP to something you define.
The following link is not about blocking something, but resolving certain names to something you specify.
(ignore the NAT reflection part).
http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

Cry Havok · Jun 4, 2009, 4:28 PM

Are you using Squid? Firewall rules for the LAN interface don't apply to Squid's outgoing traffic.

I'd suggest you look to using Squid and Squidguard (and blocking port 80) or use OpenDNS.

odods77 · Jun 4, 2009, 11:00 PM

@Cry:

Are you using Squid? Firewall rules for the LAN interface don't apply to Squid's outgoing traffic.

I'd suggest you look to using Squid and Squidguard (and blocking port 80) or use OpenDNS.

Here is the setup i want in my network:

Fileserver
v
internet –> DNS(server 2003) --> switch --> LAN1
--> pfSense --------> switch --> LAN2
^ ^
l l
active directory (server 2003) l
child domain (server2003 AD for LAN2)

Where can i insert the OpenDNS/squid? i want to secure my LAN2. I don't want it to access to some websites.

Cry Havok · Jun 5, 2009, 6:10 AM

You install the Squid package on pfSense.

You would use OpenDNS as the DNS forwarder for your entire network, so at your primary DNS server.

odods77 · Jun 8, 2009, 7:53 AM

@Cry:

You install the Squid package on pfSense.

You would use OpenDNS as the DNS forwarder for your entire network, so at your primary DNS server.

Im done installing squid in pfsense package. I don't know were to blocked a site.
Please help me…

Thanks....

Cry Havok · Jun 8, 2009, 8:06 AM

Now install SquidGuard (as I'd previously said).

Perry · Jun 8, 2009, 8:13 AM

http://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy
http://diskatel.narod.ru/sgquick.htm
http://diskatel.narod.ru/pfSense/doc/squidGuard/squidGuardQuick.htm

odods77 · Jun 8, 2009, 10:02 AM

In Proxy Content Filter SquidGuard –> General Settings.

What Blacklist URL am i gona type? I'm confused.

Thanks...

ColdFusion · Jun 8, 2009, 10:40 AM

Under Destinations tab hit the + key and name Blacklist.
Under domain fields add the site you want to Blacklist…......example youporn.com...do not add the http://www.

urls list..just what it says.

Redirect field...add error code or redirect to another website.

Read the previous links as stated above to the quick guides.

odods77 · Jun 9, 2009, 3:55 AM

im done following the instructions from those materials. Still in won't block sites. What am i gonna do? Please help.
Thanks…

Cry Havok · Jun 9, 2009, 5:54 AM

You have configured clients to use the proxy?

odods77 · Jun 9, 2009, 6:16 AM

@Cry:

You have configured clients to use the proxy?

i didnt configure proxy in clients side. Do we need to configure it in to proxy server, the ip address and port of the pfsense? Am I correct?

Cry Havok · Jun 9, 2009, 6:18 AM

Yes. The port if you haven't changed it is 3128.

Don't forget to create a firewall rule to block 80/TCP outbound to force people to use the proxy.

odods77 · Jun 9, 2009, 7:20 AM

Do i need to configure the LAN interface as Bridge with WAN?

Cry Havok · Jun 9, 2009, 7:55 AM

What gave you that impression? Nobody mentioned bridging in this thread.

No - don't bridge unless you know what you're doing.

odods77 · Jun 9, 2009, 8:25 AM

@Cry:

What gave you that impression? Nobody mentioned bridging in this thread.

No - don't bridge unless you know what you're doing.

Sorry i just saw it. okey i'll not enable bridge.
I'll try….
thanks.

odods77 · Jun 9, 2009, 10:39 AM

I'm done setting up client workstation proxy in internet browsers. In setting up proxy, it should be the LAN ip address of the pfsense and port is 3128? Am i right?

Still it won't work. :(

Did i miss some steps?

Thanks…