Netgate SG-1000 microFirewall

Author Topic: Some help over here please  (Read 156 times)

0 Members and 1 Guest are viewing this topic.

Offline MR-NT

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-1
    • View Profile
Some help over here please
« on: January 29, 2018, 11:41:31 am »
Dear All
can any one tell me how to exclude IP address or some IPS from LAN net  to browse free without squid & squidguard , i am installed squid & squidguard to filter traffic , but i want some IP address go internet direct without pass throw squid ?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9808
  • Karma: +1107/-311
    • View Profile
Re: Some help over here please
« Reply #1 on: January 29, 2018, 11:44:39 am »
Put them in the bypass in squid itself.

On the General tab:
   
Bypass Proxy for These Source IPs
Do not forward traffic from these source IPs, CIDR nets, hostnames, or aliases through the proxy server but let it pass directly through the firewall.
Applies only to transparent mode. Separate entries by semi-colons (;)
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline MR-NT

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-1
    • View Profile
Re: Some help over here please
« Reply #2 on: January 29, 2018, 12:00:53 pm »
Thanks Brother

Offline MR-NT

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-1
    • View Profile
Re: Some help over here please
« Reply #3 on: January 29, 2018, 03:13:32 pm »
but if you please , what about if i didnt use transparent mode , how can i do it ?

Offline KOM

  • Hero Member
  • *****
  • Posts: 5596
  • Karma: +688/-23
    • View Profile
Re: Some help over here please
« Reply #4 on: January 29, 2018, 03:25:56 pm »
If squid is explicit then you just need to relax your firewall rule that blocks 80,443/tcp on LAN to allow them out direct.

For example, I have a LAN rule that allows an alias called ExemptfromProxy to use 80,443/tcp.  Below that is a rule that blocks 80,443/tcp for everyone else (forcing them to use the proxy).  Any clients that need direct access get added to the ExemptfromProxy alias.

Offline MR-NT

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-1
    • View Profile
Re: Some help over here please
« Reply #5 on: January 29, 2018, 03:34:16 pm »
Thanks In advance brother