Restrict traffic to proxy only
-
Hi all
I have a very basic configuration as follow :
internet<–->pfsense(192.168.4.1)<--->LAN
All PCs have firefox as the default browser. The pfsense box is also the default gateway
I want to force all machines to go through the proxy to access internet (http and https). That way, if one user set his firefox to "no proxy", browsing would be blocked.
What I have already tested :
transparent proxy : does not work with HTTPS.
Add a fw rule as follow :
does not work as it does not block anything..
Any idea ?
Many thanks in advance
Richard
-
Up ! ;)
-
It looks like it should block a lot of stuff. So I will ask some "obvious" questions:
- Is the rule on LAN interface?
2)Is it above the "allow all" rule, and above any other pass rules?
and what pfSense version? (although all pfSense versions should work for standard rules like this)
- Is the rule on LAN interface?
-
Thanks for your reply
1)Yes, it's on the lan interface.
2) it's under the anti-lokout rule and above the rest
pfsense version 2.1thanks
-
"!192.168.4.1" - shouldn't it be destination IP?
-
https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid
-
"!192.168.4.1" - shouldn't it be destination IP?
I don't think so. 192.168.4.1 is the proxy (and default gateway). The destination is any adress on Internet on port 80
-
https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid
Thanks. Not a good solution as users can disable the proxy setting in Firefox.