Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Restrict traffic to proxy only

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 4 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      prius
      last edited by

      Hi all

      I have a very basic configuration as follow :

      internet<–->pfsense(192.168.4.1)<--->LAN

      All PCs have firefox as the default browser. The pfsense box is also the default gateway

      I want to force all machines to go through the proxy to access internet (http and https). That way, if one user set his firefox to "no proxy", browsing would be blocked.

      What I have already tested :
      transparent proxy : does not work with HTTPS.
      Add a fw rule as follow :

      does not work as it does not block anything..

      Any idea ?

      Many thanks in advance

      Richard

      1 Reply Last reply Reply Quote 0
      • P
        prius
        last edited by

        Up !  ;)

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          It looks like it should block a lot of stuff. So I will ask some "obvious" questions:

          1. Is the rule on LAN interface?
            2)Is it above the "allow all" rule, and above any other pass rules?
            and what pfSense version? (although all pfSense versions should work for standard rules like this)

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • P
            prius
            last edited by

            Thanks for your reply

            1)Yes, it's on the lan interface.
            2) it's under the anti-lokout rule and above the rest
            pfsense version 2.1

            thanks

            1 Reply Last reply Reply Quote 0
            • R
              rubic
              last edited by

              "!192.168.4.1" - shouldn't it be destination IP?

              1 Reply Last reply Reply Quote 0
              • C
                cheonne
                last edited by

                https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

                1 Reply Last reply Reply Quote 0
                • P
                  prius
                  last edited by

                  @rubic:

                  "!192.168.4.1" - shouldn't it be destination IP?

                  I don't think so. 192.168.4.1 is the proxy (and default gateway). The destination is any adress on Internet on port 80

                  1 Reply Last reply Reply Quote 0
                  • P
                    prius
                    last edited by

                    @cheonne:

                    https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

                    Thanks. Not a good solution as users can disable the proxy setting in Firefox.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.