Way to transparently filter without putting pfsense device in between networks?



  • Dumb question.  Is there a way to have traffic filtered by pfsense and squidguard without putting the pfsense server in between networks with different IP's?  In the simplest form just having pfsense on the same subnet Linksys router but filter internet traffic anyway for everything on that subnet?



  • Sure.  Configure it with just a LAN interface and then install squid3/squidGuard per usual.  You could do the same thing with a Linux/*BSD box running just squid and squidGuard.



  • KOM,
    If it isn't in between traffic how does it still filter with LAN only?

    It is between the traffic, in a way.  Your web client makes its requests to the proxy server, which does the HTTP/S on its behalf and then replies with the content of the request back to the original client.  It's acting as a middleman, but it doesn't need two interfaces.  The proxy server talks to the firewall/router.  It is allowed out on 80/443 whereas your clients are not.



  • OK,
    So to do it this way I have to specify the IP address of the pfsense box to use as the proxy server in the intenet options right?  When I set it up between connections I didn't have to setup anything extra.
    Thanks,



  • So to do it this way I have to specify the IP address of the pfsense box to use as the proxy server in the intenet options right?

    Yes.  This is easiest if you only have a handful of clients.  If you have a lot, or random, then you need auto-detection of proxy via WPAD.

    When I set it up between connections I didn't have to setup anything extra.

    You were probably running it in transparent mode where all port 80 traffic is silently redirected to squid.  That won't work in this new scenario.