Squid non transparent proxy



  • Hello guys,

    I'm using pfsense as non transparent proxy with squid package, I'm asking if it's possible to force users to change their browser's proxy settings to have access to the intrnet.

    I'm mean :

    If the proxy config in the browser's client refers to pfsense –> the client will have access to the internet
    Else, nobody can connect without changing the browser's config.

    Because I see that pfsense is acting as transparent and no transparent proxy at the same time, what shall I do please ?

    P.S I don't like to make authentication service nor captive portal.

    Thanks in advance and sorry for my bad english.



  • Hi,

    I do not know what you like to realize now.

    If squid is working TRANSPARENT mode, than the clients do NOT have to change anything in their browser. This ins TRANSPARENT mode and is ONLY working for port 80 (http).

    If you like to use squid in NON-TRANSPARENT mode, that the clients have to enter the proxy servers address in their browsers. If they didn't enter the proxy they cannot connect to the internet. NON-TRANSPARENT mode is working with port 80 (http), 443 (https) and 21 (ftp).

    Many browsers support "automatic proxy configuration". To realize that search for WPAD. There is a how-to for pfsense.
    This is for environments where you like to use NON-TRANSPARENT squid and would like to auto config the clients browsers.



  • @Nachtfalke:

    If they didn't enter the proxy they cannot connect to the internet.

    Thanks Nachtfalke for your prompt reply :)
    Well, this is my problem, they didn't change the browser's settings but they can connect to the internet. I'd like to prevent them from this.


  • Netgate Administrator

    You need to modify your firewall rules to prevent outbound port 80 connections. By default all traffic on LAN is passed.

    Steve



  • mmmmm, thanks stephenw10, your solution sounds to be logic, i'll try this later, and I'll tell you about the result.

    good night :)



  • @stephenw10:

    You need to modify your firewall rules to prevent outbound port 80 connections. By default all traffic on LAN is passed.

    Steve

    WoW !!! Yes Steve, I got it, many thanks, I'm really greatful, you saved me from a lot of troubles ;)


Log in to reply