Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED]Wireless Ap is not filtered by Squid/Squidguard/Havp (D-link -> OPT1)

    Scheduled Pinned Locked Moved Wireless
    1 Posts 1 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      korgh
      last edited by

      Hi,
      I'm confused about how to set up my OPT1 interface to be filtered by squid+squidguard like LAN interface does.
      After some work, i put a DLink DWL-7100 AP connected to OP1 ( em1: Intel(R) PRO/1000 Network Connection 6.9.6 ) w/ captive portal and all is working fine, but all traffic is not handled by squid ( bypass the rules ).
      In other way, all traffic from LAN interface is ok and squid+squidguard+havp do the job very well.
      What's wrong? Firewall rules?
      This is my current pfsense configuration:

      Distro Name: pfSense-1.2.3-RELEASE-LiveCD-Installer ( installed to hdd )

      D-Link DWL-7100AP
      Ethernet Get IP From: Manual
      IP address:  192.168.5.2
      Subnet Mask: 255.255.255.0
      Gateway:  192.168.5.1
      Wireless (802.11g)
      SSID: ertcp-mbv
      Channel: 6
      Super Mode:Disabled
      Rate: Auto
      Security Level: WPA / Encryption Enabled

      –----------------------------------------------------------------------------

      OPT1 ( Interface to connect D-Link )
      Enable Optional 1 interface: checked ( of course  :) )

      General configuration
      Type: static

      IP configuration
      Bridge with: none
      IP address:  192.168.5.1 /24
      Gateway:  ( blank )

      Firewall: Rules
      Action: pass
      Interface: OPT1
      Protocol: Any
      Source: OPT1 Subnet
      Destination: any
      Log packets that are handled by this rule ( checked )
      Gateway: default
      Description: OPT1 subnet

      Proxy server: General settings
      Proxy interface: LAN and OPT1 (both selected)
      Allow users on interface: checked
      Transparent proxy: not checked ( working w/ HPAV)
      Enabled logging: checked
      Proxy port: 3128
      What to do with requests that have whitespace characters in the URI: strip

      All the rest tabs was left as default

      Proxy filter SquidGuard: General settings Tab
      Enable: checked
      Blacklist: checked
      Blacklist URL: /tmp/shallalist.tar.gz

      Default Tab:
      Destination ruleset: configured (ACCESS: 'white' - always pass; 'deny' - block; 'allow' - pass, if not blocked.)
      Not to allow IP addresses in URL: checked
      Redirect info: http://www.google.com/tisp/notfound.html
      Enable log: checked

      All the rest tabs was left as default
      Squid.conf

      Do not edit manually !

      http_port 192.168.1.1:3128
      http_port 192.168.5.1:3128
      icp_port 0

      pid_filename /var/run/squid.pid
      cache_effective_user proxy
      cache_effective_group proxy
      error_directory /usr/local/etc/squid/errors/English
      icon_directory /usr/local/etc/squid/icons
      visible_hostname localhost
      cache_mgr
      access_log /var/squid/log/access.log
      cache_log /var/squid/log/cache.log
      cache_store_log none
      shutdown_lifetime 3 seconds

      Allow local network(s) on interface(s)

      acl localnet src  192.168.1.0/255.255.255.0 192.168.5.0/255.255.255.0
      httpd_suppress_version_string on
      uri_whitespace strip

      cache_mem 100 MB
      maximum_object_size_in_memory 32 KB
      memory_replacement_policy heap GDSF
      cache_replacement_policy heap LFUDA
      cache_dir aufs /var/squid/cache 3000 16 256
      minimum_object_size 0 KB
      maximum_object_size 512000 KB
      offline_mode off
      cache_swap_low 90
      cache_swap_high 95

      No redirector configured

      Setup some default acls

      acl all src 0.0.0.0/0.0.0.0
      acl localhost src 127.0.0.1/255.255.255.255
      acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 443 3128 1025-65535
      acl sslports port 443 563 443
      acl manager proto cache_object
      acl purge method PURGE
      acl connect method CONNECT
      acl dynamic urlpath_regex cgi-bin ?
      cache deny dynamic
      http_access allow manager localhost

      http_access deny manager
      http_access allow purge localhost
      http_access deny purge
      http_access deny !safeports
      http_access deny CONNECT !sslports

      Always allow localhost connections

      http_access allow localhost

      request_body_max_size 0 KB
      reply_body_max_size 0 allow all
      delay_pools 1
      delay_class 1 2
      delay_parameters 1 -1/-1 -1/-1
      delay_initial_bucket_level 100
      delay_access 1 allow all

      Allow local network(s) on interface(s)

      http_access allow localnet

      Custom options

      refresh_pattern windowsupdate.com/..(cab|exe) 4320 100% 43200 reload-into-ims
      refresh_pattern download.microsoft.com/.      .(cab|exe) 4320 100% 43200 reload-into-ims
      refresh_pattern au.download.windowsupdate.com/.*.(cab|exe) 4320 100% 43200 reload-into-ims
      range_offset_limit -1

      redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
      redirector_bypass on
      redirect_children 3

      Default block all to be sure

      http_access deny all

      After 3 days looking for any clue on this forum, net, blogs i really need of your help.
      Thanks in advance

      SOLVED:

      Sorry by this mess.
      I forgot to enable OPT1 interface in HAVP settings  :-[
      All is working like a charm!!
      I just leave my config to help others.
      I love Pfsense :)

      Thank you

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.