Restrict traffic to proxy only

prius

Hi all

I have a very basic configuration as follow :

internet<–->pfsense(192.168.4.1)<--->LAN

All PCs have firefox as the default browser. The pfsense box is also the default gateway

I want to force all machines to go through the proxy to access internet (http and https). That way, if one user set his firefox to "no proxy", browsing would be blocked.

What I have already tested :
transparent proxy : does not work with HTTPS.
Add a fw rule as follow :

does not work as it does not block anything..

Any idea ?

Many thanks in advance

Richard

prius

Up !  ;)

phil.davis

It looks like it should block a lot of stuff. So I will ask some "obvious" questions:

1. Is the rule on LAN interface?
   2)Is it above the "allow all" rule, and above any other pass rules?
   and what pfSense version? (although all pfSense versions should work for standard rules like this)

prius

Thanks for your reply

1)Yes, it's on the lan interface.
2) it's under the anti-lokout rule and above the rest
pfsense version 2.1

thanks

rubic

"!192.168.4.1" - shouldn't it be destination IP?

cheonne

https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

prius

@rubic:

"!192.168.4.1" - shouldn't it be destination IP?

I don't think so. 192.168.4.1 is the proxy (and default gateway). The destination is any adress on Internet on port 80

prius

@cheonne:

https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

Thanks. Not a good solution as users can disable the proxy setting in Firefox.