Sleeping Facebook home connections brake corporative pfSense?

bellera

I'm using pfSense since last quarter of year 2006… And FreeBSD since year 2000.

I have pfSense as firewall and FreeBSD as proxy server.

In my main installation, browsing internet needs to have the proxy configured at client computer. The URLs are filtered by squid+squidGuard.

I have also some alias blocking IPs used by facebook.com, twitter.com...

Some wekks ago I discovered that pupils (I'm an IT school administrator) came to school from home with Facebook sleeping connections.

Using this mechanism they bypassed pfSense rules and proxy filtering (because are https initiated connections).

TCP connection states doesn't end until 24 hours. I think my (teeneger) users use this characteristic of TCP. Of course, they don't know why but know how.

I added new ACL to my squid for this traffic and now sarg is saying that is blocked:

acl stop_https_sites dstdomain .facebook.com .twitter.com .youtube.com
http_access deny CONNECT stop_https_sites

My question is: if no proxy, how to stop this sleeping connections from home?

How to clear/reset these "outsider" states?

doktornotor

@bellera:

Some wekks ago I discovered that pupils (I'm an IT school administrator) came to school from home with Facebook sleeping connections.

Did they bring their IP from home as well? Sorry, this just makes no sense.

bellera

I know, that "this just makes no sense".

But they arrived to connect to Facebook.

I don't understand why, but it works.

It is for this I put ? at the end of the Subject.

I will try to reproduce it with my netbook.

Thanks?