Monday, November 30, 2020

Squid Installation Step By Step For HTTP sites


Just a quick walkthrough on installing SquidGuard and getting it up and running.

1. Install squid and SquidGuard packages from package manager
2. After installation, go to Squid Proxy Server under services
3. Go to the Local Cache and scroll down to the Squid Hard Disk Cache Size area and click the orange "Clear Disk Cache NOW" option
4. Go back to the General tab and scroll down to the Transparent HTTP Proxy area and check the box for Transparent HTTP Proxy "Enable transparent mode to forward all requests for destination port 80 to the proxy server."
5. Scroll to the bottom of the page and save
6. Go to SquidGuard Proxy Filter under services
7. Scroll down to Blacklist options and check box to enable Blacklist
8. Add http://www.shallalist.de/Downloads/shallalist.tar.gz into Blacklist URL
9. Save
10. Scroll up and go to the Blacklist tab
11. Click the green Download option and wait for download to complete
12. Go to Common ACL tab
13. Click on Target Rules List + sign
14. Scroll down and change Default access [all] to "allow"
15. Deny Porn and Spyware categories (and any other categories you wish to block)
16. Scroll down and save
17. Go back to General settings tab and hit green "Apply" button
18. Go back to Squid Proxy Server under Services tab
19. Check box to enable Squid Proxy and save
20. Go back to Squidguard Proxy Filter
21. Check box to enable and save
22. White box should say "STARTED"

Monday, November 23, 2020

pfBlockerNG: Internet Goes Out After Reboot

While using pfBlockerNG (including the "devel" version) on the SG-3100 and SG-1100 we ran into a problem where all internet traffic would stop after a power loss or a reboot. The only way to get traffic to flow again would be to get into the firewall and disable pfBlocker. The fix ended up being very simple, though, surprisingly we could not find it listed or mentioned anywhere on the Internet. There are just a few settings that I found needed to be changed:

1. Increase Firewall Maximum Table Entries on the System / Advanced / Firewall & NAT page from 400,000 to 600,000 (could be higher but 600,000 has worked very well for me).

2. Enable De-Duplication, CIDR Aggregation and Suppression pfBlockerNG options on the Firewall / pfBlockerNG / IP page.

After changing those settings I haven't been able to recreate the problem at all, even after adding multiple memory intensive packages to the firewall.


Monday, November 16, 2020

Netgate Or Not Netgate

 Personally,  we do use a lot of Netgate gear.  Is it the best thing out there?  Probably not.  But,  the pfsense updates are tested on Netgate gear,  and that does make it more valuable to our customers.  I have not had any complaints or of using Netgate gear,  but I have also put in many pfSense boxes that was something else without issue.  I just think the updates being tested on Netgate gear before you see the update is pretty important. 

Sunday, November 8, 2020

PBR (Policy Based Routing) And PFSense


Another post from sister blog www.shanekillen.com on June 2, 2020.

I went to a customer site today (June 2nd) where they had a Toshiba IP phone system that would not route but to only one destination (the default gateway). But the need was to have certain traffic go out one internet connection (smtp) and the voice traffic out the other. So, I put a Netgate SG-1100 in to do the PBR and it worked great. Doing PBR on PFSense was easy and made sense for this customer. And yes, it's setup with only the LAN port. It's all they needed.