Block access to internet.
-
how do I get the firewall to block access to all that are not in the firewall?
all PC are already with "proxy", but if I leave the proxy, have full access to internet.
-
router have 2 NICs
firewall WAN/LAN router- TCP - LAN net - * - LAN add - 3128 - * - none -
proxy have 1 NIC
firewall LAN proxy- TCP - LAN net - * - LAN add - 3128 - * - none -
-
how do I get the firewall to block access to all that are not in the firewall?
all PC are already with "proxy", but if I leave the proxy, have full access to internet.
If I understand correctly what you are asking, you create a rule that blocks the entire LAN range EXCEPT the address of the proxy server.
-
if I manually configure the proxy on some PC, the PC goes through the proxy.
if I do not configure the proxy on the PC, this machine has full access to internet.
this is a problem, because the firewall does not block access to internet.
-
if I manually configure the proxy on some PC, the PC goes through the proxy.
if I do not configure the proxy on the PC, this machine has full access to internet.
this is a problem, because the firewall does not block access to internet.
Right… create a rule on the firewall that blocks all IP Addresses EXCEPT the proxy server.
-
The company I work has ERP, Logmein and several other services installed.
I have to configure proxy at all?
I have to just block access to web?
-
pfSense firewall is default deny on interfaces. So anything not allowed will be denied. Do you have an allow rule for port 80? If so, are you specifying a source?
To deny the internet to everyone except for the proxy the rule would look like on the LAN interface.
Proto Source Port Destination Port TCP <proxy server="" ip="">* * 80</proxy>
And then web access from anywhere else that's not the proxy server will be dropped. If source is just "*" then both proxy server and pc's will get through. Post your LAN firewall rules if you're still unclear.