[pfSense] Installed but no internet

By Lilrich
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

You would of had to have started it - just installing the package does not start it, and there are 2 versions of it - atleast on the 2.0 branch there is a

squid 2.7.9_4

squid3 3.1.9

I can fire up a 1.2.3 branch virtual to take a look what might be going on..

Mentor

Lilrich

Posted
  • Author
Posted

You would of had to have started it - just installing the package does not start it, and there are 2 versions of it - atleast on the 2.0 branch there is a

squid 2.7.9_4

squid3 3.1.9

I can fire up a 1.2.3 branch virtual to take a look what might be going on..

There was only one branch on mine, i am sure it was squid 2.7.9_4 but i would need to 10000% check.

I reckon i might need to start it up... :blush:

Also Neowin Search is not working for me today, keep getting DB errors, you don't know where that BBC.co.uk article is do you?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Here is the thread about blocking bbc.co.uk he was trying to do it with host files and dns, etc. Which you just can not do for what he wanted which was blocking /news not the entire domain

https://www.neowin.net/forum/topic/975926-cannot-banblock-bbc-news-site/

Its a bit long - but I followed up with how to do it with squid and squidguard and showed it blocking the /news -- read through it, we got on a side track of using a firefox addon to block specific urls, he was just looking to block himself from accessing sites ;) (no willpower)

The thread got on a few different tangents on what can and can not be blocked with dns, in the end what he wanted was specific URL blocking - which you need a proxy, etc.

Here is link to last post where I show it blocking exactly what he wanted and what I installed on pfsense and the rule I created to block /news and how you could still access main site but not /news

https://www.neowin.net/forum/topic/975926-cannot-banblock-bbc-news-site/page__view__findpost__p__593706004

Here is another thread where I show output of the lightsquid reporting showing traffic from my wifes machine, etc. When I had it running from the above thread - but have removed it since, when you update pfsense before the RC1 it was reinstalling all the packages took quite a bit of time to have the machine back up and working, etc. So I removed all the packages I really didn't need

https://www.neowin.net/forum/topic/978142-website-tracking/

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

You can block a specific IP from accessing any specific IP or protocols all together just in the firewall, ie you could say IP 192.168.1.120 can not go outbound on port 80, 443 (http, https) for example in the normal firewall.

You would use squidgard if you want to block on categories or specific urls, but if just want to block all access, or limit access to specific IPs on specific ports this can be done in the normal firewall, you don't need a proxy to do that sort of filtering.

Squid also provides for authing to allow access if you want - and can be setup in a transparent proxy mode where all traffic will flow through it, or have to point the machine to the proxy port on the pfsense box, etc.

What exactly do you want to block or allow? And we can work out the best/easiest way to do that. Be it with normal firewall rules or with proxy.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

yeah if your looking to just block based upon domain name, which could be a whole netblock for those types of domains it best to use a url based filter via a proxy vs a firewall rule which would be based upon ip, iprange, protocol, ports, etc.

If you didn't want say 192.168.33.100 to have ANY internet access, then that would be simple firewall rule - deny source 192.168.33.100 dest ANY port http, https

edit: now you could create a alias for the url that should work

post-14624-0-97153100-1300211873.jpg

So if only a few domains you could get by with this I would think.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

quick read of the error shows something about blacklist file not being there, did you tell it to use a blacklist without downloading them first?

Let me look at the error again.

When exactly do you get that error, check that enabled, then click apply, then click save.

Mentor

Lilrich

Posted
  • Author
Posted

When i first installed it it said there was no blacklist file available but after reading the wiki today it does say i should of downloaded one from the GUI.

I am downloading one now and will try again in a second to see if that has resolved the error.

:whistle:

EDIT: Error has gone however when i turn on SquidGuard EVERYTHING gets blocked.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

I had the same issue with everything being blocked, just with squid installed - went into disk cache and saved, then access control then saved - and working.

before I did that everywhere just sent me to the pfsense page. Uninstall the squidguard until you have squid working.

Like I said im on 2.0 code, I can fire up a 1.2.3 box in virtual later tonight.

Other thing I noticed is Im pointing to my pfsense box as dns. In that alternate dns near the bottom of the page, I point to my pfsense IP for dns 192.168.1.253 in my case.

Mentor

Lilrich

Posted
  • Author
Posted

Squidguard has now been removed i have entered my pfsense ip into that alternate DNS box at the bottom of the page like you said, gone to cache mgmt and SAVED gone to access control and clicked SAVE and now i am here typing this so that appears to be working.

Is there a specific way i can check if Squid is working on it's own before i put squidguard back on?

Rich

Mentor

Lilrich

Posted
  • Author
Posted

Found the problem, when i turn squidguard on it puts this in the custom options on the squid page

If i remove this it works, but my question is what does it do?

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3

Edit: If you remove this from the custom options SquidGuard changes to STOPPED.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

you need those for quidguard to work.. But sure you can block something just in squid to verify its working.

Ok now that you have squid up and running and internet access is working, let me install the squidgard and see whats up with it.

http://doc.pfsense.org/index.php/SquidGuard_package

edit: ok installed the package, went through the instructions for squidguard, not even using blacklists

Then

created custom list,

post-14624-0-17848000-1300224317.jpg

And put in facebook.com and looks what you get

post-14624-0-70146500-1300224307.jpg

  • Lilrich, Leviathan1 and bolerodan
  • Like 3
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

to get blacklist to work, once you have downloaded and picked what categories.. make sure on the bottom of general proxy filter page you put in the location LOCAL

note: bottom of page says

Enter FTP, HTTP or LOCAL (pfSense) URL blacklist archive, or leave blank.

Once you have a black listed loaded under targets you should see all the categories and you can set to block, allow, etc

post-14624-0-91327700-1300224593.jpg

also make sure once you make any changes to anything on the proxy filter to hit the apply button in the general proxy filter page and then save. Working smooth as silk here!

And then sure on the bottom of the proxy server page you should see the custom stuff

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3

  • Lilrich and Leviathan1
  • Like 2
Mentor

Lilrich

Posted
  • Author
Posted

you need those for quidguard to work.. But sure you can block something just in squid to verify its working.

Ok now that you have squid up and running and internet access is working, let me install the squidgard and see whats up with it.

http://doc.pfsense.org/index.php/SquidGuard_package

edit: ok installed the package, went through the instructions for squidguard, not even using blacklists

Then

created custom list,

post-14624-0-17848000-1300224317.jpg

And put in facebook.com and looks what you get

post-14624-0-70146500-1300224307.jpg

It just isn't working, i disabled the blocklist tried a custom filter everything is blocked.

What is in your custom options?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

you have to set default to ALLOW if using squidguard.

post-14624-0-68168700-1300224926.jpg

I posted options off squid page in the post above on an edit.

If you want open up pfsense gui to remote access and PM the details ip and username and pass and will take a look.

  • Lilrich and Leviathan1
  • Like 2
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By PsYcHoKiLLa · Posted

      If they don't sell enough of the 1st gen then there won't be a 2nd gen
    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By PsYcHoKiLLa · Posted

      Epic fail, should've added an eSata port on the back, also if the memory/NVME are soldered then they're hardly gonna sell any, first thing most people do with their Steamdeck is, or used to be, replacing the NVME with a 2TB one.
    • Politically funny images of the World

      By PsYcHoKiLLa · Posted

    • GEEKOM kicks off Prime Day Sale with discounts up to 30% on Intel and AMD mini PCs

      By Steven P. · Posted

      GEEKOM kicks off Prime Day Sale with discounts up to 30% on Intel and AMD mini PCs by Steven Parker GEEKOM has kicked off its Prime Day Sale letting you save up to 30% on mini PCs in every price class. Below we are sharing a few highlights from the A series of AMD mini PCs, along with an Intel variant with pretty beefy specs. We start off with the very affordable GEEKOM A5 in the AMD Ryzen 5 7430U, 16GB RAM, and 512GB NVMe SSD configuration, with some of its highlighted specs listed below: Operating System: Windows 11 Pro CPU Model: AMD Ryzen 5 7430U CPU Speed: 3.5 GHz Cache Size: 16 MB Graphics: Integrated AMD Radeon Vega 7 Graphics Memory: 16 GB 3200 MT/s DDR4 Copilot+ PC: No SSD: 512 GB Connectivity: Bluetooth 5.2 + WiFi 6E I never got the chance to review this variant, but here is how GEEKOM describes it: GEEKOM A5 [Ryzen 5 7430U, 16GB+512GB] for $371 —was $439 (15% off) Next up is the GEEKOM A6 in the AMD Ryzen 7 6800H, 16GB DDR5 RAM, with a 1TB PCIe 4.0 NVMe SSD configuration, with the below highlights: Operating System: Windows 11 Pro CPU Model: AMD Ryzen 7 6800H CPU Speed: 4.7 GHz Cache Size: 16 MB Graphics: Integrated AMD Radeon 680M Memory: 16 GB 4800 MT/s DDR5 Copilot+ PC: No SSD: 1 TB Connectivity: Bluetooth 5.2 + WiFi 6E I gave the A6 high marks in my dedicated review from just over a year ago; GEEKOM has this to say about this compact Mini PC: GEEKOM A6 [Ryzen 7 6800H, 16GB+1TB] for $524 —was $649 (19% off) Next up is the MAX variant of A-series mini PCs in the Prime Day Sale. The GEEKOM A7 MAX [2026 Edition] powered by the AMD Ryzen 9 7940HS with 16GB of DDR5 and a 1TB SSD. Below are some of its more important specifications: Operating System: Windows 11 Pro CPU Model: AMD Ryzen 9 7940HS CPU Speed: 5.2 GHz Cache Size: 24 MB Graphics: Integrated AMD Radeon 780M Memory: 16 GB 5600 MT/s DDR5 Copilot+ PC: No SSD: 1 TB Connectivity: Bluetooth 5.2 + WiFi 6E I reviewed this Mini PC a year and a half ago, and praised it for its modern internals like a dedicated NPU and DDR5 memory, as such it is more than capable of keeping up with today's offerings of Mini PC on the market. GEEKOM A7 MAX [Ryzen 9 7940HS, 16GB+1TB] for $594 —was $699 (15% off) Next we have another in the MAX series of A mini PC. The GEEKOM A9 MAX powered by the AMD Ryzen AI HX 470 with 32GB DDR5 and a 2TB SSD. Below are some of its more important specifications: Operating System: Windows 11 Pro CPU Model: AMD Ryzen 9 AI HX 470 CPU Speed: 5.4 GHz Cache Size: 24 MB Graphics: Integrated AMD Radeon 890M NPU: 55 TOPS Copilot+ PC: Yes (combined NPU+CPU=86 TOPS) Memory: 32GB 5600 MT/s DDR5 SSD: 2 TB Connectivity: Bluetooth 5.4 + WiFi 7 We reviewed this Mini PC last month, also in the 64GB configuration. Be sure to check out both reviews before dropping this kind of money on it, you won't be sorry! I praised it for its excellent NPU (AI) performance and premium all-metal build, as such it is more than capable of keeping up with today's offerings of Mini PC on the market. GEEKOM A9 MAX [Ryzen AI 9 470 HX, 32GB+2TB] for $1,444 —was $1,699 (19.72% off) Last but not least we have the GEEKOM IT13 MAX, which is an Intel configuration featuring the Ultra 9 185H with 16GB DDR5 memory and a 1TB SSD. Below are some of its more important specifications: Operating System: Windows 11 Pro CPU Model: Intel Ultra 9 185H (65W TDP) CPU Speed: 5.1 GHz Cache Size: 24 MB Graphics: Integrated Intel ARC Graphics Copilot+ PC: No Memory: 16GB 5600MT/s DDR5 SSD: 1 TB Connectivity: Bluetooth 5.4 + WiFi 7 I never got a chance to review the IT13 MAX, but I did review the GEEKOM X14 Pro which has comparable specifications if you want to get an idea of the IT13 MAX's capabilities. In any case this is what GEEKOM has to say about this variant: GEEKOM IT13 MAX [Intel U9 185H, 16GB+2TB] for $764 —was $899 (15% off) Check out other US and UK deals too These are just a sample of discounts in GEEKOM's Prime Day Sale, you can check out the entire line up, which include more Intel and AMD mini PCs, discounted at up to 30% off, which was more than the recent Spring Sale they ran earlier this year. You can check out the entire lineup of Prime Day deals on the dedicated GEEKOM store page at Amazon in the following regions: Amazon US GEEKOM Prime Day Sales (up to 30% off) Amazon UK GEEKOM Prime Day Sales (up to 30% off) What's more, all products from GEEKOM receive a 3-year free Warranty from the date you receive the product. If needed, you can RMA or return locally relative to your region (the U.S. has a U.S. warehouse, mainland E.U. has a German warehouse, U.K. has a U.K. warehouse, Australia has an AU warehouse). To recap, here are all of the above mentioned deals, available on Amazon US. GEEKOM A5 [Ryzen 5 7430U, 16GB+512GB] for $371 —was $439 (15% off) GEEKOM A6 [Ryzen 7 6800H, 16GB+1TB] for $524 —was $649 (19% off) GEEKOM A7 MAX [Ryzen 9 7940HS, 16GB+1TB] for $594 —was $699 (15% off) GEEKOM A9 MAX [Ryzen AI 9 470 HX, 32GB+2TB] for $1,444 —was $1,699 (19.72% off) GEEKOM IT13 MAX [Intel U9 185H, 16GB+2TB] for $764 —was $899 (15% off) Please be aware that the above promotional discounts expire on June 26 Between June 23 - 26 it's Prime Day week on Amazon, click here to check out all the deals. As an Amazon Associate we earn from qualifying purchases.
    • Ubuntu Livepatch arrives on Arm64 to eliminate system reboots for kernel updates

      By BergischNRW · Posted

      Nice to see! Especially now with Arm64 VMs getting more popular and sometimes even cheaper than traditional x86 ones in datacenters.

  • Recent Achievements

    • One Month Later
      nates earned a badge
      One Month Later
    • Week One Done
      Almohandis earned a badge
      Week One Done
    • Rookie
      dorf went up a rank
      Rookie
    • First Post
      mike_rumble earned a badge
      First Post
    • Dedicated
      tuben earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      487
    2. 2
      +Edouard
      204
    3. 3
      PsYcHoKiLLa
      94
    4. 4
      Michael Scrip
      91
    5. 5
      neufuse
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!