Multi-Lan Squid 2.7 Transparent Firewalling



  • Sorry if this is obvious…  I have multi-vlan setup.  Firewall rules seem to work fine for keeping guest vlan from HTTP accessing secure lan.  This via allowing !LAN as port 80 destination.

    I'd like to proxy-cache for all VLANs , however when I turn on transparent proxy, guest now has HTTP access to other vlans, apparently bypassing firewall.  Blacklisting the 'secure' vlans doesn't help.

    Not using any special filetering packages.  I'd just like to use squid to cache, and obey firewall rules...

    Any ideas?

    Thanks!



  • Guess it was kind of obvious.  Had rules to allow certain traffic, and was relying on default deny rule to stop everything else.  This worked fine till Squid opened a port to listen.  Then I needed to explicitly reject traffic I didn't want to allow.



  • where you deny access squid or firewall rules?
    I'm in the same case, and now deny in squidGuard



  • Firewall Rule.  Added a reject rule to my PUBLIC tab, source PUBLIC net, destination LAN net, any port.  Seems to work for me.



  • I have this rule, but still, you can enter webconfigurator.



  • I replied on your thread.