Transparent PFsense + Transparent Squid
-
I'm hoping someone out there can give me a quick answer on whether or not this is possible.
At the moment we have an ASA firewall that handles the internet connection and NAT into our network. i'd like to place a transparent PFsense box behind it and enable it as a web filter/logger. I was hoping to have the box only contain a management IP and just snag traffic destined for port 80 outbound so we can run analysis and block lists to restrict surfing.
I haven't got the facility to test this quickly. If anyone has tried and failed (or succeeded) Please let me know!
-
Just Install squid. If you like squidguard, Install it too. If you want to report all activity sites, Install lightsquid. Transparent squid works great. You can block sites too.
jigp
Davao City
1.2.2 -
It's over 12 months since I last did this but I don't think you can set squid as a transparent proxy when pfSense is in bridging mode.
If you're using active directory then you can create a policy to use (say) "proxy.domain.local:80" as a proxy, make squid listen on 80 and create an CNAME for "proxy.domain.local" to point to the pfSense box.
If/when you ever remove the pfSense box, change the CNAME to point to your ISA box and ensure that its proxy is enabled and listening on port 80 and you won't have to change your policy.
-
Thanks Burn. Where to find proxy.domain.local:80? I tried to search in the /var/squid but no luck there
jigp
Davao City
1.2.2