Firewall and squid
-
please i want to block ftp in my network but the problème i have squid listen in 3128, i'm explain the user browser is configure to listen on port 3128 =>>>>> all traffic are going in this port but in my rule i have just port ftp are 21/20.
my english not good excuse me.
-
Are want block port 21 from LAN access to outside world?
-
yas i want bolck FTP can use 3128 in my proxy but not 21/20
-
Delete the allow all rule.
Per default pfSense blocks everything. -
where i delete all rule in wan or Lan
-
The rules are always on the interface on which traffic comes in.
–> Traffic comming in on the LAN interface --> LAN tab.
--> Traffic comming in on the WAN interface --> WAN tab. -
when i put ftp 20 rule it doesn't block any thing, because all traffic are going in port proxy (3128),
-
Correct. You then need to change Squid's configuration to not allow connections to FTP servers - look in the Packages forum for details on changing the ports squid will allow you to connect to.
-
you are right Cry Havok i'am looking in squid configuration file squif.conf and i am delete port 21 !!! that's work but i have one problème when i roboot my pfsense the file configuration squid.conf returne ftp port. do you have any idea
-
Try the search function ;) This has been discussed many times and details can be found in the forum (hint, look for squid.inc).