Squid and firewall rules



  • Hey everybody!

    I have an alix 2d13 with a cf card (pfSense 2.0.1),a hdd (for the squid logfiles) and a wlan-card (interface in pfsense is called WIFI) in it. This should become a hotspot.
    At the moment i am logging the wlan IPs(DHCP) with squid. Everything works fine, but this should become a save system and therfore I have to define firewall rules.
    But the Problem is, that the port 80 rules for the WIFI interface dont work because everything goes over the proxy.
    What can I do ? Below you can see my rules for the WIFI interface.

    Proto        Source      Port  Destination                Port                      Gateway      Queue            Description

    TCP/UDP WIFI net * *                       135                   *             none              NetBios Block 
    TCP/UDP WIFI net * *                       137 - 139           *             none              NetBios Block 
    TCP/UDP WIFI net * *                       445 (MS DS)          *             none              NetBios Block 
    TCP         WIFI net * WIFI address       80 (HTTP)           *                none              Web GUI Block 
    TCP         WIFI net * WAN address       *                   *                none              WAN address Block

    • WIFI net * WAN net               *                   *             none              WAN Subnet Block
    • WIFI net * ! LAN net               *                   *             none              WIFI to Any other than LAN

    Thank you!!
    Greets



  • Setup access lists,safe ports,black lists,squidguard,etc on squid to filter http.

    If you enable WAP/PAC using dns/dhcp you can also filter https urls.



  • But I want to block for example the connection from the WLAN to the LAN. Is there no possibility to use firewall rules with squid?
    I think access control of squid can not realise this or am I wrong?



  • @ruuuter:

    I think access control of squid can not realise this or am I wrong?

    Apply the same ip range/CIDR you would apply on firewall rules.



  • Ahhh, got it  :)

    Thank you!


Log in to reply