Pfsense or package not working as expected



  • Hi there,

    I just started exploring Pfsense and decided to use it as my main firewall.
    I have installed version 2.1.5-RELEASE (amd64) on a local hardrive.
    I have followed video's and tuturials to understand the user interface and configuration step for the various packages.

    I believe my setup is sound, however I cannot account for it 's strange behaviour.

    After the initial WAN and LAN configuration within Pfsense web GUI, I was able to access the internet, briefly though as I wanted to install packages.

    I installed HAVP and accessed the EICAR.ORG website to download some virus signature emulation files, and HAVP was able to block the download before it could be caught by Windows PC antivirus. Proxy mode was set to Transparent.

    Then I installed Squid, LightSquid and Squidguard and to benefit from the caching feature. The Proxy was also set to Transparent.

    Along the way I rebooted the system to make sure it would start correctly, and it did.
    However, this is when everything becomes interesting:

    I have been trying to configure Squidguard and experiment with the website blocking features and yet I am still unable to restrict access.
    Also, the antivirus is not able to intercept the virus emulation file from EICAR, but my Windows PC antivirus intercept and blocks it.
    I have been trying to experiment with the caching of Squid, and yet caching doesn't seem to happen as I can see the download throughtput on my Windows PC the same as my first download.
    At first I was able to experiment with the blocking feature of Squidbgard (by the way I subscribe for the free Shella's Blacklist database account ) and was able to have my redirecting message appear when the site in question was accessed and blocked.

    Then I tried to access www.google.com with Firefox and was constantly redirected to www.google.ca. By redirecting it to US website, I would then get 403- access denied message, I think.

    So I figured I messed up something with the config and decided to remove the packages.
    Now I am getting the 404 - Not Found errors message when I try to go to www.google.com.
    Interestingly enough, I am able to access www.google.ca and www.google.fr without any problem.
    I have pinged www.google.com and ran a DNS lookup and everything seems fine.
    If I use Chrome or internet Explorer and enter the same addresses, I have no problems.

    I have read some comments on 404- not Found and is believed to be caused by Squid cache or the lack of.

    I need to investigate and resolve those issues, but there is little information for me to go around.
    As anybody experienced such issues and knows the way around, if not what do I need to do in order to track the root cause of the problem? Are there any logs or messages worth looking at?

    Are there any procedures or tests  that are intended to validate the quality and integrity of the configured firewall?

    Why different web browser would be given access while other would be partially blocked?

    In Transparent Proxy mode, am I to understand whatever goes through Pfsense is automatically intercepted and handled accordingly without the need for my Windows PC or any other device accessing the internet over the LAN to be setup in any particular way?



  • Lots of questions maybe this will help a little.

    Why different web browser would be given access while other would be partially blocked?

    Start troubleshooting at the browser. Answer these questions.

    • How does the browser connect? Proxy or Direct

    • On windows what is set in Control Panel –> Internet Options --> Connections --> Lan settings

    • Remember if a proxy is not set and DNS is valid it will default to DNS.

    In Transparent Proxy mode, am I to understand whatever goes through Pfsense is automatically intercepted and handled accordingly without the need for my Windows PC or any other device accessing the internet over the LAN to be setup in any particular way?

    My experience has been that the client gateway must be set correctly for this to work. My network setup may be unique however.

    Are there any procedures or tests  that are intended to validate the quality and integrity of the configured firewall

    That is a good question. I have always just tested each block or allow rule 18 different ways to try to break them. When they are right they seem to work well here.

    Then I tried to access www.google.com with Firefox and was constantly redirected to www.google.ca. By redirecting it to US website, I would then get 403- access denied message, I think.

    So why are you redirected?
    Are you redirected when no firewall is in place?
    Turn off squid and squidguard individually. Which one redirects you?
    I am not familiar with Light Squid. Does it do the same thing as Squid with fewer features? Maybe two different proxies are setup with duplicate features.



  • LightSquid is just a reporting tool that slurps Squid logs and formats them into charts.