Cannot block single host or alias? [SOLVED] Now: Block bittorrent

SirMacke · Mar 23, 2012, 8:33 AM

Just playing around with 2.0.1, and I cannot block a single host or alias.

Creating an Alias with the known youtube.com ip:s
Creating a Rule, block, choosing the alias.

But can still ping and get to youtube..?

Grr, why?

marcelloc · Mar 22, 2012, 9:03 PM

You can input host fqdn instead of ip addresses.

Are you setting this rule on lan and putting it on top of allow rules?

SirMacke · Mar 23, 2012, 8:32 AM

@marcelloc:

You can input host fqdn instead of ip addresses.

Are you setting this rule on lan and putting it on top of allow rules?

Lol.
It was 15 minute delay, now it works.
Is there any way to block torrent-traffic?

SirMacke · Mar 28, 2012, 8:50 AM

@marcelloc:

You can input host fqdn instead of ip addresses.

Are you setting this rule on lan and putting it on top of allow rules?

Quting again.
I cannot enter www.youtube.com, http://www.youtube.com or youtube.com as host, pfsense says invalid host.
Bug or feature?

marcelloc · Mar 28, 2012, 12:24 PM

Did you checked if dns defined on pfsense configuration is working?

SirMacke · Mar 28, 2012, 3:44 PM

@marcelloc:

Did you checked if dns defined on pfsense configuration is working?

Where do I do that?
::)

marcelloc · Mar 28, 2012, 6:25 PM

At console you can do nslookup www.youtube.com

toomeek · Apr 1, 2012, 9:34 AM

ehh man.. I block sites this way
(put blocking rules first before any other rules)

costasppc · Apr 1, 2012, 3:02 PM

Good!

When something is blocked, is there a way of users get a page that informs them of company policy?

Also, is there a way of blocking all torrents?

Best

Kostas

Nachtfalke · Apr 1, 2012, 3:16 PM

@costasppc:

Good!

When something is blocked, is there a way of users get a page that informs them of company policy?

Use squid +squidguard or squid+dansguardian

@costasppc:

Also, is there a way of blocking all torrents?

Best

Kostas

Probably not. You can try to block .torrent files or pages with squidguard/dansguardian and then redirect to your company policy page.

costasppc · Apr 1, 2012, 10:35 PM

Thank you, and sorry to hijack this thread…

Is squid +squidguard or squid+dansguardian works reliably with multiWAN?

Best regards

Kostas

marcelloc · Apr 2, 2012, 2:28 AM

@costasppc:

Is squid +squidguard or squid+dansguardian works reliably with multiWAN?

Yes, configure tcp_outgoing_address 127.0.0.1 on squid and then configure a floating rule to balance outgoing http access.

costasppc · Apr 23, 2012, 3:09 PM

Thank you!

What is preferred squid+squidguard or squid+dansguardian?

Where should I configure the floating rule?

What about https? I have now an https failover rule, because of round robin problem with banking sites.

Best regards

Kostas

marcelloc · Apr 23, 2012, 10:00 PM

@costasppc:

What is preferred squid+squidguard or squid+dansguardian?

it's up to you. squidguard is free and dansguardian can do antivirus as well content filtering

@costasppc:

Where should I configure the floating rule?

go on firewall -> rules -> floating

@costasppc:

What about https? I have now an https failover rule, because of round robin problem with banking sites.

It's normal on sites that do not accept request from the same session on different ips