12
Options For This Howto Free Support Paid Support Navigation [+] Expand [-] Collapse Howtos Linux Android CentOS Debian Fedora Kernel Mandriva PCLinuxOS SuSE Ubuntu Web Server Apache Cherokee Lighttpd nginx Backup Control Panels ISPConfig DNS BIND MyDNS PowerDNS djbdns Desktop Email Anti-Spam/Virus Postfix FTP High-Availability Monitoring MySQL Programming C/C++ PHP Samba Security Anti-Spam/Virus Storage Virtualization KVM OpenVZ VMware VirtualBox Xen Other FreeBSD Commercial Mini-Howtos Forums Contribute Subscription Login Register Login Contribute Subscribe RSS News FAQForge ISPConfig Subscribe Contribute Forums Howtos Squid Proxy Sites P pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t... 1 sur 12 23/12/2013 14:48

Options For This Howto Navigation - …docshare01.docshare.tips/files/23332/233321829.pdfdon't work 1 day 17 hours ago Re: Re: Re: Could not connect to host 1 day 18 hours ago

Embed Size (px)

Citation preview

Options For ThisHowto

Free SupportPaid Support

Navigation

[+] Expand [-] Collapse

Howtos

Linux

Android

CentOS

Debian

Fedora

Kernel

Mandriva

PCLinuxOS

SuSE

Ubuntu

Web Server

Apache

Cherokee

Lighttpd

nginx

Backup

Control Panels

ISPConfig

DNS

BIND

MyDNS

PowerDNS

djbdns

Desktop

Email

Anti-Spam/Virus

Postfix

FTP

High-Availability

Monitoring

MySQL

Programming

C/C++

PHP

Samba

Security

Anti-Spam/Virus

Storage

Virtualization

KVM

OpenVZ

VMware

VirtualBox

Xen

Other

FreeBSD

Commercial

Mini-Howtos

Forums

Contribute

Subscription

Login

Register Login Contribute Subscribe RSS

NewsFAQForgeISPConfigSubscribeContributeForumsHowtos

► Squid ► Proxy Sites ► P

pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...

1 sur 12 23/12/2013 14:48

Site Map/RSS Feeds

User login

Username:

Password:

Remember Me?

Create a new accountRequest new password

Facebook

HowtoForg

6J’aimeJ’aime

Who's online

There are currently 9 usersand 3424 guests online.

HowtoForgeForums

Mail serverproblem

Nginx - Cannot addnew websites usingIP ...

contents directory

Upgradingroundcube to 0.9.5how-to

Iptable error"Use theCT iptables target...

Blank main page

postfix problem

Unable to connectmy ip with 8080port

different sitesget mixed up - dueto local ...

postfix setup!

News

Valve Releases NewSteamOS Beta WithUpdated Drivers

Firefox DevelopersContinue Tuning ASM.jsPerformance

Eye of GNOME 3.11.3Allows for Transparent

pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...

2 sur 12 23/12/2013 14:48

Backgrounds

NVIDIA Optimus LinuxPower Battery Tests

A collection of 12 Tweaksfor Ubuntu and related OS

Linux Mint 16 “Petra” KDEreleased!

oVirt 3.3.2 hackery onFedora 19

Linux Mint 16 “Petra” Xfcereleased!

Secrets Of RætikonOpen-World 2D ExplorationGame Releases Alpha 9With Linux Support

Gummiboot UEFI BootManager Update PushesNew Features

more

Recent comments

mail server problem1 hour 59 min ago

Error - Monit pagedoesn't show afterinstall14 hours 27 min ago

if,after install ispconfig, maildon't work1 day 17 hours ago

Re: Re: Re: Could notconnect to host1 day 18 hours ago

thanks, this helped2 days 1 hour ago

Re: phpmyadmin is notworking2 days 18 hours ago

Hi ! and thanks for that3 days 16 min ago

Thank you so much3 days 11 hours ago

none4 days 11 hours ago

Re: Problème4 days 11 hours ago

Newsletter

Subscribe toHowtoForgeNewsletterand stay informed aboutour latest HOWTOs andprojects.

enter email address

(To unsubscribe fromour newsletter, visit thislink.)

English | Deutsch | Site Map/RSS Feeds | Advertise

pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...

3 sur 12 23/12/2013 14:48

10 Tweet 57

You are here: Home » Howtos » Other » PfSense - Squid + Squidguard / Traffic Shapping Tutorial

pfSense - Squid + Squidguard / Traffic Shapping Tutorial

Want to support HowtoForge? Become a subscriber!

Submitted by neofire (Contact Author) (Forums) on Wed, 2012-09-26 14:43. :: Other |FreeBSD

pfSense - Squid + Squidguard / Traffic ShappingTutorial

In this tutorial I will show you how to set up pfSense 2.0.1 up as an InternetGateway with Squid Proxy / Squidguard Filtering. I will also show that youhave to configure some extra features of pfSense like traffic shapping withsquid. This type of configuration would be useful for people who want to set upwireless hot spots or Internet cafe's etc.

Requirements

This tutorial assumes that you already have a pfsense (version 2.0.1 Minimum) installation running with your network interfacesconfigured and basic firewall rules configured.

Installing Packages to pfsense

First of all lets start by installing the extra packages that we are going to requires

Login to your pfsense's Web Administrator, and click on "Server -> Packages", scroll down the list and find squid and click on "+"button to install, wait for the process to finish then return to the packages section and look for squidguard and install thatpackage as well.

91LikeLike ShareShare

pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...

4 sur 12 23/12/2013 14:48

To confirm that the packages have been installed, refresh the web interface and goto "Services" menu and look for Proxy Server& Proxy Filter, if they both appear in the menu they have been installed correctly, reboot the pfSense Box.

NOTE: There have been a couple of instances where I have had to reinstall the squid package right after I have installed thesquidguard package, the reason behind this is after I install the squidguard package I am unable to access the Proxy ServerConfiguration, if this happens go back to the packages menu, click on installed packages tab, then select reinstall on the squidserver entry (this has only happened in versions prior to 2.0.1).

Configuring Proxy Server Package

Once pfsense has been rebooted we want to configure the proxy server settings, (now in this tutorial I am setting up the proxyserver as a transparent proxy, if you want to set this part up differently please do you research into squid configuration, thepfsense web site has configuration guides for squid aswell), click on Services -> Proxy Server.

On the General Tab, you want to set the following settings, the Proxy Interface Option should be set to "LAN", and because I amsetting this up as a transparent proxy server, tick the "Transparent Proxy" check box.

I would strongly recommend logging to be enabled on your proxy server, as it will come in handy should you need to troubleshoot a issue or just see what people are doing on the Internet etc. Tick the "Enabled Logging" Checkbox, set the log store to thedefault location " /var/squid/logs " rotate your logs every 7 days, set your proxy port to port number 3128 ( remember this portnumber as we will need it when we set the firewall rules up), add a visible hostname and an administrator e-mail address, andset your required language, then click on the Save button.

pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...

5 sur 12 23/12/2013 14:48

Next click on the "Cache Mgmt" tab, by default the Hard Disk Cache Size is set to 100mb, I would strongly recommend that youincrease this, now it will depend on how big your HDD is that will determine how big you make it, but also keep in mind themore people using this proxy the more space you need to allocate, after that is set leave the rest of the page at default settingsand click on Save.

Click on the Access Control Tab next, in the allowed subnets field type in your required subnets, (eg: 192.168.255.0/24); keep inmind that if you have more then one subnet accessing this proxy you need to specify each subnet on its own line.

Scroll down until you see "ACL Safeports and ACL SSLPorts" in these fields you will have to type in what ports you want openthrew your proxy server, you will need to do some research on this, find out what applications are being used on this network,

pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...

6 sur 12 23/12/2013 14:48

and specifiy your required porst effectlive. For this howto I am just going to use port 80 and 443 as these are the only too portsthat I need to see if you have web pages and for some basic Internet applications to work, if you want other applications to haveaccess to the Internet, do some reading on what ports are required and then update the pfsense box, once set click on Save.

Now for the people who wish to throttle the speed of which users get access to the Internet, click on the Trafic Mgmt tab, and set(in kilobytes) what speed you want to restrict users too, click on Save once done.

Configuring SquidGuard Filtering

Now thats is the proxy server configured, next we are going to configure SquidGuard, click on the Services menu and select theProxy Filter button, tick the following 3 check boxes "Enable", "Enable GUI Log" and "Enable Log" then click the Save button,once the page has reloaded click on apply and then confirm that the Squidguard service is running by making sure theSquidguard status is set to STARTED.

pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...

7 sur 12 23/12/2013 14:48

Stay on the General Settings Tab and scroll down to the blacklist area and tick the box that says Enable Blacklist, and in theblacklist URL type the following http://www.shallalist.de/Downloads/shallalist.tar.gz, and click Save; this is so we candownload the blacklist data. Click on the Black list tab and add the save the same URL as before to the Update Address and clickon Download. Wait for the process to complete.

pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...

8 sur 12 23/12/2013 14:48

Next click on the common ACL tab, and the click on Target Rules List, and select every rule that you want block or allow, thenadd a message to the Proxy Denied Error Field, I am currently just using the default one they suggest (look at sceenshot forexample), leave redirect mode at Int Error page so it will use the message you type in, tick the Log Check box then click onSave.

pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...

9 sur 12 23/12/2013 14:48

10 Tweet 57

Once that is set up test your proxy and make sure everything is working. I hope this has been a help to you, and keep an eyeout for the next tutorial which will be implenting Captive Portal to this setup.

Copyright © 2012 Kyle HartiganAll Rights Reserved.

add comment | view as pdf | print

Please do not use the comment function to ask for help! If you need help, please use our forum.Comments will be published after administrator approval.

transperant proxySubmitted by poojarakesh (registered user) on Wed, 2013-09-25 06:47.

you need to mention the transperant proxy option

reply | view as pdf

Browsing IssueSubmitted by azeemmasghar786 (registered user) on Thu, 2013-02-28 12:42.

Hi guys,

I am using pfsense on my network and working good but have one problem that sometime pfsense not open sites on one click when we hit3,4 or 5 times then open.

Any one know what reason and solution plz share with me. Ntop,Squid and squid guard also installed in pfsense.

thanks

reply | view as pdf

What is PFSense, PFSense Feature, PFSense Installation stepSubmitted by azeemmasghar786 (not registered) on Mon, 2012-12-24 21:14.

I see this post again because for the first when see then setting required to me.I have a knowledge about PFSense that given below andbelow link.

Pfsense is a FreeBSD based Open source Firewall Router. Pfsense is basically using as a gateway device (firewall and router). But it can beexpandable as many Server services like DNS, DHCP, and Proxy Servers. Here I submit step by step procedure to install a Pfsense basedProxy server.

Proxy Servers

reply | view as pdf

91LikeLike ShareShare

pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...

10 sur 12 23/12/2013 14:48

What is the best way to redirect one URL to another? Rewrite?Submitted by Anonymous (not registered) on Wed, 2012-12-19 02:36.

Pfsense 2.0.1 latest build. Everything working great with Squid, squidguard,and Muli-wan.

Trying to rewrite youtbe.com -> http://youtube.com/?edufilter=zyshXjlHxWvXP-I9x3Wqjg

Should be easy? Not sure I understand rewrite vs. redirect as the best solution.

Added target category youtubeblock youtube in ACLHave rewrite definedclick on apply and also restarted squid and squidguard services

I will keep tryingAt one point using redirect only was getting it to redirect but getting a redirect loop in the client browser.

Have not found any step by step how to do a simple redirect.

Any advice is appreciated.

International school in Chiang Mai Thailand

reply | view as pdf

Thank you for your niceSubmitted by Anonymous (not registered) on Sun, 2012-11-25 21:31.

Thank you for your nice tutorial. Do you also know how to configure squid as https proxy in non transparent mode?

reply | view as pdf

Thank you for this!Submitted by JKeller1068 (registered user) on Thu, 2012-10-11 21:59.

Thank you for this!

reply | view as pdf

When you mentioned "set yourSubmitted by Ricky Kua (not registered) on Thu, 2012-09-27 02:37.

When you mentioned "set your proxy port to port number 3128 ( remember this port number as we will need it when we set the firewall rulesup)", there are no screenshots added as to what rules should you set in the firewall.

As for "ACL Safeports and ACL SSLPorts", do we need to add in port 53 for resolving of URL?

reply | view as pdf

Squid and Squid GuardSubmitted by Anonymous (not registered) on Mon, 2013-09-02 18:28.

Sorry to say this. why don't you start from the beginning how to configure. Include on your tutorials simple Network diagrams + thefollowing list of configurations. Otherwise it is a waste of time reading your tutorials. 1. NIC configuration 2.Pfsense WAN and LANConfig 3. The Firewall Rules 4. Proxy server config. 5. SquidGuard Config. You have said in the beginning " When you mentioned "setyour proxy port to port number 3128 ( remember this port number as we will need it when we set the firewall rules up)", there are noscreenshots added as to what rules should you set in the firewall." . It seams you don't know the firewall part configurations. Becausescreen shots are easy to put one your tutorials. It is a matter of copy and paste. I am Sory for my words. I am really looking to solvethis problem. But never came with a simple, step by step configuration to configure 1. Pfsense to work just for internet access withoutproxy and filtering. a. adding a firewall. 2. Pfsense and Proxy only. 3. Add on the above filtering capability (SquidGuard). 4. Testing yourconfigurations. 5. Reporting using Light Squid. I believe the above steps are a fully functional firewall applications only if they areproperly configured and tested.

reply | view as pdf

pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...

11 sur 12 23/12/2013 14:48

Howtos | Mini-Howtos | Forums | News | Search | Contribute | SubscriptionSite Map/RSS Feeds | Advertise | Contact | Disclaimer | Imprint

Copyright © 2013 HowtoForge - Linux Howtos and TutorialsAll Rights Reserved.

pfSense - Squid + Squidguard / Traffic Shapping Tutorial | HowtoForge ... http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-t...

12 sur 12 23/12/2013 14:48