Correct method of configuring PFsense squid proxy non transparent
-
I want to configure squid proxy in non transparent mode
Can i get and good guide for it
-Already configured WPAD on webserver
-I am able to access wpad file by HTTp://192.168.1.x:/wpad.dat -<–-file is downloading-Configured DNS server with A record wpad --->192.168.1.254
--Squid Proxy installed
--Created PFsense server CA and deployed to all computers via GPMC.mscI also wanted to allow 192.168.1.50-60 IP range without proxy (WIFI mobiles) and Authentication
Remaning PC i need to be under proxy and authenticated with Radius (ALREADY CONFIGURED-And working-
-
There is no one guide to do all that you want.
Created PFsense server CA and deployed to all computers via GPMC.msc
This is unnecessary if you're running in explicit mode.
I also wanted to allow 192.168.1.50-60 IP range without proxy (WIFI mobiles) and Authentication
Create a firewall rule on LAN that blocks ports 80/443. Add a rule ABOVE that rule to allow your .50-.60 users to access ports 80/443. This way they can go straight out without using the proxy.
-
explicit mode means ? i want to proxy http & https
Found the answere here
https://forum.pfsense.org/index.php?topic=93442.0
thank you , i will try
Thanks vm , its working and squid guard also in realtime logs i am able to see
its easier than i taught
Now i am trying to install Dansguardian
-
i find all my local traffic is also router to pfsense like LAN user 1(192.168.1.2) accessing LAN Website (192.168.1.50) , is there any way to prevent LAN traffic is being sent to Router proxy
this is my wpad file content
function FindProxyForURL(url,host)
{
return "PROXY 192.168.1.1:3128";
}thank you
-
read through this https://forum.pfsense.org/index.php?topic=93060.0
-
Google for 'wpad.dat example' and you will get responses that show you how to edit you wpad.dat file to handle local requests. Your OS should already handle it if you have it set to bypass the proxy for local addresses.
