Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [exclude_hosts] let me try again

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jamiebond
      last edited by

      Hi everyone, this post of mine has reference (http://forum.pfsense.org/index.php/topic,29924.0.html)

      (I think my question in the above post was unclear - moderator, please pardon me for starting a new threat).

      (Please bear with me on this -  I was thrown in the deep end when the previous IT manager quit the company)

      BACKGROUND:

      We are using a webconfigurator gui to manage the proxy. The interface is very similar to this (http://devwiki.pfsense.org/CoreGUI - actually it's exactly the same).

      And I can manage it from any of my Windows machines via http://ip-of-the-proxy/login.php.

      I need to exclude the CEO's IP from being filtered through the proxy, ie. his IP's traffic(browsing/downloads/etc) must not appear in the reporting section of squid - or put simply, the IP must bypass the proxy.

      I know that the line [exclude_hosts 192.168.0.10] must be added to [sarg.conf]

      As far as i know, this will mean that [access.log] is affected by not filtering 192.168.0.10.

      QUESTION:

      With reference to the webconfigurator gui - (keeping in mind that i have [root] access to it):

      • under which heading(menu) would i find the option to add(edit) lines in [sarg.conf] ?
      • because i've been through every page in the gui and can not find an option to do this.
      • i can exclude a host from the cache, but that does not exclude him from the reports.

      If you say that this can NOT be done through the web gui as mentioned, then my next dilemma would be this:

      On the proxy machine itself, I am presented with the console screen having the following options:

      MIG console setup
      –---------------
      0) Logout (SSH only)

      1. Assign Interfaces
      2. Set LAN IP address
      3. Reboot system
      4. Halt system
      5. Ping host
      6. PFtop (firewall state table)
      7. Filter logs
      8. Restart webConfigurator

      From this point forward, i don't know how to do edit whichever files to exclude a host, because I am not familiar with the linux(freebsd) and squid/squidgaurd commands to do so.

      Also, I have over a 100 internet client machines in the building, and can therefore not afford to make a mistake which will cause the internet connection to go down - or screw up the proxy completely for that metter.

      Please assist me in whichever way you can. Even just point me in the right direction.

      I genuinely appreciate you taking the time to read my post.

      Thank you kindly.
      Regards,
      Jamie.

      1 Reply Last reply Reply Quote 0
      • D
        dvserg
        last edited by

        @jamiebond:

        I need to exclude the CEO's IP from being filtered through the proxy, ie. his IP's traffic(browsing/downloads/etc) must not appear in the reporting section of squid - or put simply, the IP must bypass the proxy.

        Bypass proxy for these source IPs  
        Do not forward traffic from these source IPs through the proxy server but directly through the firewall. Separate by semi-colons ( ; ).

        SquidGuardDoc EN  RU Tutorial
        Localization ru_PFSense

        1 Reply Last reply Reply Quote 0
        • J
          jamiebond
          last edited by

          Thank you kindly for your reply:

          Yes, i have read the manual; and as it stipulates…

          Bypass proxy for these source IPs 
          Do not forward traffic from these source IPs through the proxy server but directly through the firewall. Separate by semi-colons ( ; ).

          ...would (normally) be on the page Services/General Settings.

          But that option is NOT listed on my machine. (Please see attached pic).

          So i was thinking that maybe the XML file, in this case (svc_edit.php?xml=squid.xml) needs to be edited somehow so that the option "Do not forward traffic...." is shown on the page Services/General Settings. The only problem with this is that I do not know how to edit that file(package?)

          Any ideas ?

          Thanks again.
          Jamie.

          proxy.gif_thumb
          proxy.gif

          1 Reply Last reply Reply Quote 0
          • D
            dvserg
            last edited by

            Fresh squid installation

            1005.png
            1005.png_thumb

            SquidGuardDoc EN  RU Tutorial
            Localization ru_PFSense

            1 Reply Last reply Reply Quote 0
            • J
              jamiebond
              last edited by

              thanks for the reply.

              unfortunately a fresh install is not an option since our proxy needs to be up 24/7 so serve 100+ client machines (large hospital).

              do you think there might be another way to edit a (xml?) file to simply include the missing lines (refer your attached screenshot).

              regards.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.