[SOLVED]Wireless Ap is not filtered by Squid/Squidguard/Havp (D-link -> OPT1)
-
Hi,
I'm confused about how to set up my OPT1 interface to be filtered by squid+squidguard like LAN interface does.
After some work, i put a DLink DWL-7100 AP connected to OP1 ( em1: Intel(R) PRO/1000 Network Connection 6.9.6 ) w/ captive portal and all is working fine, but all traffic is not handled by squid ( bypass the rules ).
In other way, all traffic from LAN interface is ok and squid+squidguard+havp do the job very well.
What's wrong? Firewall rules?
This is my current pfsense configuration:Distro Name: pfSense-1.2.3-RELEASE-LiveCD-Installer ( installed to hdd )
D-Link DWL-7100AP
Ethernet Get IP From: Manual
IP address: 192.168.5.2
Subnet Mask: 255.255.255.0
Gateway: 192.168.5.1
Wireless (802.11g)
SSID: ertcp-mbv
Channel: 6
Super Mode:Disabled
Rate: Auto
Security Level: WPA / Encryption Enabled–----------------------------------------------------------------------------
OPT1 ( Interface to connect D-Link )
Enable Optional 1 interface: checked ( of course :) )General configuration
Type: staticIP configuration
Bridge with: none
IP address: 192.168.5.1 /24
Gateway: ( blank )Firewall: Rules
Action: pass
Interface: OPT1
Protocol: Any
Source: OPT1 Subnet
Destination: any
Log packets that are handled by this rule ( checked )
Gateway: default
Description: OPT1 subnetProxy server: General settings
Proxy interface: LAN and OPT1 (both selected)
Allow users on interface: checked
Transparent proxy: not checked ( working w/ HPAV)
Enabled logging: checked
Proxy port: 3128
What to do with requests that have whitespace characters in the URI: stripAll the rest tabs was left as default
Proxy filter SquidGuard: General settings Tab
Enable: checked
Blacklist: checked
Blacklist URL: /tmp/shallalist.tar.gzDefault Tab:
Destination ruleset: configured (ACCESS: 'white' - always pass; 'deny' - block; 'allow' - pass, if not blocked.)
Not to allow IP addresses in URL: checked
Redirect info: http://www.google.com/tisp/notfound.html
Enable log: checkedAll the rest tabs was left as default
Squid.confDo not edit manually !
http_port 192.168.1.1:3128
http_port 192.168.5.1:3128
icp_port 0pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
shutdown_lifetime 3 secondsAllow local network(s) on interface(s)
acl localnet src 192.168.1.0/255.255.255.0 192.168.5.0/255.255.255.0
httpd_suppress_version_string on
uri_whitespace stripcache_mem 100 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /var/squid/cache 3000 16 256
minimum_object_size 0 KB
maximum_object_size 512000 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95No redirector configured
Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 443 3128 1025-65535
acl sslports port 443 563 443
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
cache deny dynamic
http_access allow manager localhosthttp_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslportsAlways allow localhost connections
http_access allow localhost
request_body_max_size 0 KB
reply_body_max_size 0 allow all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow allAllow local network(s) on interface(s)
http_access allow localnet
Custom options
refresh_pattern windowsupdate.com/..(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/..(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*.(cab|exe) 4320 100% 43200 reload-into-ims
range_offset_limit -1redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 3Default block all to be sure
http_access deny all
After 3 days looking for any clue on this forum, net, blogs i really need of your help.
Thanks in advanceSOLVED:
Sorry by this mess.
I forgot to enable OPT1 interface in HAVP settings :-[
All is working like a charm!!
I just leave my config to help others.
I love Pfsense :)Thank you