Filtering confusion



  • Hello there.
    It is now couple days I am playing with the packages and settings and I cannot see to find the best option for my situation.
    I am running pfsense 2.2 32 bits
    I would like to block outgoing traffic based on keyword or URL (mostly keyword though, facebook, hidemyass, amazon etc…)

    I check the firewall rules and as it is based on IP addresses, that doesnt do the job
    I tried Dansguardian, and for whatever reason, everything go through
    I tried squid + squidguard, it seems to be blocking absolutely everything as soon as I turn the proxy filter on and squidguard service never starts.

    My question is : does anyone managed to successfully filter outgoing traffic
    if yes , what did you use?

    Thank you for any info.

    Gerry



  • Squid and SquidGuard will do what you want.  You just need to get them working first.



  • i  checked quite a decent amount of tutos and never can get SquidGuard running  and I do not see any log where i can see what is going on :'(
    edit: I also tried squid3



  • Is there any way you can run x64 instead of i386?  I haven't played much with the 32-bit stuff as it's going EOL soon enough.



  • unfortunately no i cannot  :( hardware limitation



  • Well, I would install Squid3 and get that working first.  Then move to SquidGuard.



  • @KOM:

    Well, I would install Squid3 and get that working first.  Then move to SquidGuard.

    I get squid 3 running no problem but the SquidGuqrd never starts
    Is there any screenshot or log I can show you to help you pinpoint the issue ?

    here is an example of logs:
    21.02.2015 21:49:23 squidGuard stopped (1424573363.735)
    21.02.2015 21:49:23 db update done
    21.02.2015 21:49:23 squidGuard 1.4 started (1424573301.973)
    21.02.2015 21:47:32 squidGuard stopped (1424573252.961)
    21.02.2015 21:47:32 db update done
    21.02.2015 21:47:32 squidGuard 1.4 started (1424573252.960)
    21.02.2015 21:46:41 squidGuard stopped (1424573201.525)
    21.02.2015 21:46:41 db update done
    21.02.2015 21:46:41 squidGuard 1.4 started (1424573201.523)
    21.02.2015 21:45:53 squidGuard stopped (1424573153.959)

    Squid is running, I can see entries populating in the proxy monitor section



  • From what I understand, with the new SquidGuard it can appear to be in a stopped state when there is nothing for it to do.  Have you tested the blocking functionality?



  • @KOM:

    From what I understand, with the new SquidGuard it can appear to be in a stopped state when there is nothing for it to do.  Have you tested the blocking functionality?

    I loaded the blacklist from shallalist.tar.gz  and created one custom target category with the facebook and amazon keyword
    also Denied the Social ACL

    Still I am able to fully able browse those sites :(



  • Are you running Squid in standard or transparent mode?  If standard, do you have ports 80 and 443 blocked on LAN?  What is your browser set to for proxy config?  Your browser may be going straight out the firewall instead of via Squid.



  • I am using the transparent mode.
    My understanding was i do not need to set up the proxy on my browser with that mode.( i would like to avoid to ahve to configure a prxy on each devices)



  • The problem with transparent mode is that you can't effectively filter HTTPS sites without installing a trusted cert on every client.  Better to use WPAD to allow your clients to dynamically locate and use the proxy.  You can filter HTTPS without triggering Man in the Middle warnings.  Details here:

    WPAD Autoconfigure for Squid

    You can even use pfSense to host the wpad.dat file as long as you have WebGUI running in HTTP mode and not HTTPS.



  • thx i ll give it a try