New to this - can't get transparent proxy working, help!
-
I'm about at my wits end.
This all looked great. Little bit of filtering, little reporting. Don't care about HTTPS, just want some basic filtering and reporting.I've got a beast of a machine with fresh 2.3. Spent weekend trying to get it working, gave up.
Set up a test box in my office with 2.2 to try instead… Laptop directly connected, "WAN" side going through to main network.Saw a thing about setting up OPT interface for bridge. https://forum.pfsense.org/index.php?topic=50711.0
LAN is set to have an interface + gateway of the VLAN my office is on.
OPT has an IP address. WAN has no IP address.So, I set Squid to use that interface. It seems to block, but I get no reports, and no block page. CNN is blocked, as I selected "news" category.
First, do I need this OPT virtual interface?
Second, what else can I check to get the block page and some reporting working?At this point, I will have to rebuild the 2.3 box. It still has configs, even though I selected to remove that upon uninstall of the package.
We host a lot of things. I don't want the proxy breaking that.
On the main network, the box sits "before" the firewall - LAN to core, WAN to firewall's 'LAN' side.Any advice appreciated. I would like to see this work "as advertised" in some way. Seems like it could be useful.
Thanks! -
bump - it was all http traffic that was filtered, so, I guess it's not working as intended.
Anyone else have any pointers on this? I went through trying a fresh install, then installing squidguard first, then squid - same thing; no filtering taking place. I'd also like to have bandwidth shaping, but if filtering isn't working, I wouldn't think the shaping would either.
It seems as if nothing's actually being filtered. Maybe I'm missing something about how the bridge itself is supposed to be set up? Does it need the "opt" interface, or, should it simply have a bridge interface present / enabled with 'floating' rule?
Seems like I've tried everything I can, and nothing works. Either I'm missing something, or there's a problem with squidguard. Surely, others have this working in a transparent proxy mode??
-
By default, you can't filter HTTPS while in transparent mode since proxy filtering is technically a man-in-the-middle kind of approach.
You'll have to disable it but would need manual proxy configuration for the clients. This is where WPAD autoconfigure comes up. :) -
don't care about https, just want http to filter correctly.
Being that I spent nearly a week messing with this, and getting absolutely nowhere, I've given up for now.
It did not seem to filter anything correctly anyway, and with all these posts about others having issues, I guess I just have to wait until whatever version of either pfSense or Squid / Squidguard maybe get fixed to get along with themselves. -
I would stay away from 2.3 until its stable…
Then Yes first start blocking http not sure if cnn is http but tryidownloadblog.com its http
Remember you need to create target categories and group ACL