Cant be that hard, monitor web traffic

  • I am a newbie to this pfsense, but i don't think it can be that hard, I've been fighting with it for 2 days on my pfsense box. My Config is this: I have pfsense installed on a machine with 256 mb ram, installed to the hard drive, not running live cd. Coming out of my modem, into the pfsense box, then out of the pfsense into a 4 port hub, that feeds 3 24 port switches. All is working great, no problems there. My issue is that half my techs are spending half their time playing games online. I would like to be able to see what websites are visited so i can then in turn block those sites to reduce the gaming. someone told me snort would monitor and i would be able to see what websites were visited, but i can't figure out how to access that. then i read somewhere that squid along with light squid would show me that, and still i can't figure out how to access that. Im sure it can't be that hard, just that im a newbie!

  • LAYER 8 Global Moderator

    squid install is not hard, just install the package.

  • System>Packages

    Install the ff:
    1. squid - for proxy server
    2. lightsquid - for report generation
    3. squidguard - for blocking

  • That was an awesome tutorial, it worked for me. Thanks! funny tho, it doesn't seem to generate all the web traffic, but im sure its just some setting, Ill work on that today. Thanks again!

  • Well it seems that it monitored web traffic for a little while, but none since yesterday. I did have to take the checkmark out of "transparent Proxy" in my proxy server settings as it denied internet to everybody on the network. Even my imspector doesn't seem to be working right either. Here's my config on the proxy report:

    IP resolve method (future) IP

    Refresh sheduler 10MIN(!)

    And im not skipping any urls..  Any ideas?

    And now, looking at the report, looks like it monitored at 0900 hours yesterday morning and nothing since. would it be the transparent proxy? that's about when i turned it on and had to turn it back off….

  • LAYER 8 Global Moderator

    Well if you don't have it in transparent mode, then you would have to POINT machines at the proxy if you want stuff logged.

    Transparent works just fine.. You clearly did not setup something correctly if you say the internet did not work when in transparent mode.

    If you installed squidguard, you have to configure that or its going to just block all traffic I do believe.

    Are you on pfsense 1.2.3 or 2.0?  I am currently not using proxy packages, but if your on 2.0 I can walk through installing them again with every setting I change, etc.  And post the screenshots of the settings.  I personally just don't have any use for the proxy - but have used it a few times to test and to walk other users through using it.

  • Hi John and thank you for the post, i did figure out what my problem was, for some reason there was a bunch of stuff in the custom options of the proxy server config, Dont know how it got there, but once i deleted it and turned on the transparent proxy, then everything started working like i wanted it to. my goal is to see what websites my techs are going to and from what ip address so i can start blocking the sites that seem to use up their time…  thanks for the reply and the offer for help!

  • k, now that i got the monitoring web traffic to work, I was looking into blocking websites, so i had previously installed squid guard, and found a page telling me that i could use squid guard to do that, so i couldn't find squid guard in my services, so i looked under installed packages, and found that squidguard is stopped, i tried to start it but it wont start. i've reinstalled it and it still wont start..  where should i start looking?

    Ok, i think i found the problem, whenever i enable squidguard, it puts this in my proxy server settings under custom options:

    redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3

    when that goes in, i get a permission denied for any webpage that's being accessed, but if i delete that out, then the squidguard service stops and it won't restart…

    ok, i just uninstalled and reinstalled squidguard, and it put that same thing as above in the custom options of the proxy server, and now its working???

    Crap, Just added a website to access control in proxy server again, and hit apply and it blocked all internet access again until i deleted the redirect program thing again.. I'm getting lost...

  • LAYER 8 Global Moderator

    Like I said if your going to install squidguard your going to have to configure it to allow traffic, and then create your blocks.

    I have some RL work to do currently, but after I finish that I will create a walkthru for setting up squidguard package

    But here is a doc that more than likely has eveything you need to do to get squidguard working

    Keep in mind you don't actually need squidguard to block stuff, you can just use squid.  squidguard allows for easy use of blacklists and categories, etc.  But if you are just wanting to block a few specific urls, then you don't even need squidguard installed.

Log in to reply