next »

[iamthed]

i'm having trouble with squid and squid guard..
let's say i want to block facebook so i already installed squid and squid guard..

and i already set the configuration like tutorial do..
but i want to enable transparent proxy so i don't need to setup proxy browser on every client..
i put the default rule to deny all traffic.. (just for test that squid and squid guard is working)
but yet i still can browse anything..
but when i disable the transparent proxy and setup proxy browser it's work..
do u have any idea how to solve it??
regards

[tommyboy180]

I would block facebook in Squid on the access control setting page. When you start adding huge lists squid may act a little strange but small lists will do perfect.
If its just one domain you want to block I would recommend just using squid, uninstall SquidGuard.

[iamthed]

I would block facebook in Squid on the access control setting page. When you start adding huge lists squid may act a little strange but small lists will do perfect.
If its just one domain you want to block I would recommend just using squid, uninstall SquidGuard.

actually i want to block all the porn sites too.. it's too many of them if i'm not using squidguard..
and what's the solution about transparent proxy failed??
if i'm using transparent proxy i don't need to setup browser proxy right?

[jigpe]

I think it will work in Firewall>Rules>Lan.. Im not sure if you cn block there.
jigp
Davao City

[josey]

well,
alow all
and on chat or socialnetwork set deny and thats it ...

[jigpe]

Ok thanks ill try that too.
OT: is there a way to change the default proxy squid host and port 3128? I have a private proxy and port but upon reading the /var/squid its not there anymore...
jigp
Davao City

[josey]

just use transparent proxy it is easy way to set it up

[iamthed]

just use transparent proxy it is easy way to set it up

i have some problem with transparent proxy since i used bridge method..
dvserg say bridge method can't use transparent proxy..
and if i'm not using bridge method.. i can't connect to internet..
weird isn't it?
or i'm dumb enough..
dunno which one

[Bern]

How about using OpenDNS?

So far it's worked perfectly for me in about 10 clients' offices.

We had to make squid use OpenDNS's DNS servers and kept everything else on the respective ISP's DNS servers because OpenDNS was occasionally blocking access to hotmail's MX records etc, which caused problems with outbound mail.

[jigpe]

Thanks. I will use opendns again. Though some sites are blocked without setting up the menu there in the opendns site
Sometimes i disabled opendns just to access the site..

thanks,
jigp
Davao City

[MikeKulls]

My solution was to create an Alias with the following network entries
66.220.144.0/20
69.63.176.0/20
204.15.20.0/22

and then block that Alias in firewall rules.

[john doe]

FACEBOOK_ALLOW="192.168.1.12 192.168.1.14 192.168.1.111"
iptables -N FACEBOOK
 
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 80 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 80 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 80 -j FACEBOOK
 
## FACEBOOK ALLOW
for face in $FACEBOOK_ALLOW; do
    iptables -A FACEBOOK -s $face -j ACCEPT
done
iptables -A FACEBOOK -j REJECT

[Cry Havok]

Which would be better if pfSense was Linux

[john doe]

no no..... list of IP's facebook use. Thats all. Should have made that clear.

[jigpe]

Hi try my post. It work for me and the rest of my friends. Search "How to block facebook in 4 ways" or click this link http://forum.pfsense.org/index.php/topic,39849.msg205547.html#msg205547

jigp