Filter porn, virus's and ads with squid3, HAVP, Dansguardian and privoxy.

Treo

I'm new to all of this, but am very intrigued by the vast capabilities of these varied pfSense configurations.  I'm starting to get the hardware components needed to put a home firewall together and want to make sure I understand the recommended installation steps from this thread (after all 3 pages of notes, adjustments, talks & ideas)….so let's see how much I'm missing.

My home network: 5Meg CableModem supporting 4 desktop PCs and 2 XBOX's (each with their own XBOX Live account)
Old 2GHz HP desktop PC will become the pfSense firewall box once I add a 2nd ethernet NIC.  Optional idea is installing a wireless card (which I'll hopefully be able to configure into a WAP for the home)

Goal of pfSense box:

• reliable firewall that filters out porn, virus/trojan/worm, and annoying ads & banners
• logging of visited websites grouped by home user's PC (either IP, MAC, and/or hostname)
• allow XBOX Live gaming for both consoles

pfSense steps (as I understand them so far from reading dozens of forum threads):

-Install stabe version of pfSense (v2.0.3) & reboot
-verify pfSense is up and running.....allowing internet traffic from one of the PCs) & no filters or rules in place (yet)
-from a regular PC on the home network, access pfSense via web interface
-set to HTTPS access for pfSense web interface instead of HTTP
-change pfSense admin password
-install Dansguardian from the packages screen of GUI (unsure what the current stable version is)

At this point, the next few steps might not be in the right order, so I need guidance:

-install stable squid package (v2.7.9 ?) from the packages screen of pfSense GUI (as opposed to the squid3 beta)
-verify Dansguardian is up properly....running "Dansguardian -Q" from the command line if needed

Does stable Dansguardian package and squid v2.7.9 startup & run the right way on pfSense v2.0.3...or is there some special tweaking needed?  What order to install DG & squid?  Or should I just try the pfSense v2.1 beta and squid3 beta instead?

-configure Dansguardian (somehow) for antivirus
-configure NAT as required to get the 2 XBOX's working properly (refer to thread under Gaming forum for specifics...ie multicast rules)

Have I got this first part right?  Or did I forget a few steps?

Thanks for all the work on this whole project.....the capabilities of this inspire me to consider diving head-first & learning all I can.

eisenb11

I'm having a tough time getting this to work. My goal was to set this up using just squid and privoxy.

To simplify the matters, I'm currently just trying to get squid to work on the loopback with pfsense 2.1 and I'm having no luck at all.

For this test I have the following config:

Squid:
All defaults except…
Changed proxy interface to loopback
Proxy port to 3128
I've also tried checking and unchecking the Allow users on interface and Transparent proxy options

Under NAT, I created a rule to forward all LAN HTTP destined for port 80 to 127.0.0.1 port 3128

In theory, this should forward all LAN HTTP traffic to Squid... but it's not working.

Whenever I enable the NAT rule, web browsing breaks and I get an "Invalid URL" error in my web browser from squid.

Can anyone help me out?

marcelloc

Enable proxy on lan and check transparent proxy. It will create forward rules. There is no need to create nat rules.