New to PFsense - Transparency mode

heirkeyso

Sir,

I'm trying to configure the pfsense for web proxy cache and content filtering using squid 3 and dansguardian. Base on my web search one of the instruction is to configure in the firewall to redirect all the http request or port 80 to 8080. When I following there instruction I'm getting an error of SSL error and I cannot access the pfsense webconfiguration.

Below is the link what I follow for the configuration.
http://www.theninjageek.co.za/blog/2013/07/02/pfsense-squid3-and-dansguardian-a-better-alternative-to-squidguard/

Kindly assist me with this.

Thank you

kejianshi

You can direct all of port 80 in and that will work, but not port 443.  OK?

stephenw10

If you put in a firewall rule that redirects all traffic on port 80 that may include traffic for the webgui. Either change the port the webgui listens on or add a rule above the squid rule to allow traffic to the webgui without redirection.

Steve

heirkeyso

I'm confuse. Is it necessary or mandatory to redirect the port? What us the purpose of doing it?

stephenw10

Redirecting port 80 is necessary in that configuration. It captures http requests from clients behind pfSense and sends them to Squid/Dansguardian.

Steve

heirkeyso

Sir,

I was trying to follow the instruction on the link I gave in the last post. I'm getting a trouble accessing the pfsense webconfig. Now I'm really confuse and don't know what to do. Kindly assist me with this.

Thank you in advance.

kejianshi

Try this.

at the command line:

pfctl -d

Now - Access your pfsense web menu.  Correct the rule that locked you out.  When you are sure you have fixed the rule that caused the lock-out, then:

pfctl -e

You can always do this if you make a mistake and lock yourself out of the web interface.

onlinecentric1

Sir/Madam!
I am new in pfsense.
Please, advice me which activities are allowed in this forum.

stephenw10

Read the rules:

http://forum.pfsense.org/index.php/topic,70.0.html

Don't hijack someone else's thread to ask an unrelated question.  ::)

Steve

shehan31

I had the same problem but still haven't received any thing to my question which is on the pfsense forum. Therefore I have work out my self and found some kind of a solution. I suggest you to switch off transparent mode and configure your browser for proxy. use the DNS as your PFsense local IP address and add a dns forwarders in your pfsense. use squid guard to mange url filtering. It will also filter https too. There is a small problem with this. the block pages may not display the error message that you have entered.

@heirkeyso:

Sir,

The diagram what I present to you is not a good practice?

I want to use the pfsense for the purpose to serve as a internet or the pfsense is the giving an internet connection to the user and in the same time I can block the website the are using like the social media(facebook, tweeter and etc)., instant messenger, torrent and etc. for the users and I want also to control whose user will I block or gave a full access for the website or url.

Below are my concern:
-> documentation or manual for setting up pfsense
-> if I already finished set-up the box how can I block the https://www.facebook.com and https://www.twitter.com?
-> setting up port forwarding. is it the same in configuring in link-sys router?
-> Is the i7 processor with 8gb ram will enough for the around 60 users?

Sorry for these questions. I'm just new to pfsense and I just want to know everything before I deploy to our office network.

Thank you in advance for your response.

Precious