136892
Dec 21, 2018
2765
3
0
PfSense Blockt Interne IP-Adressen?
Hallo,
ich habe das Problem wenn der Proxy eingeschaltet ist, blockt pfSense sich selber und andere IP-Adressen lässt er auch nicht durch.
Netzaufbau:
- WAN: 192.168.0.1
- LAN: 192.168.1.1
Internetseiten die geblockt werden blockiert er.
Was ich gemacht habe ist:
- Unter Squid eine Whitelist erstellt mit den IP-Adressen die geblockt werden
- Unter SquidProxy Server ALC die IPs eingetragen (Allowed Subnet, Unrestricted IPs und Whitelist)
- Dienste neugestartet
Kennt ihr das Problem?
Hoffe auf eure Hilfe
Gruß
ich habe das Problem wenn der Proxy eingeschaltet ist, blockt pfSense sich selber und andere IP-Adressen lässt er auch nicht durch.
Netzaufbau:
- WAN: 192.168.0.1
- LAN: 192.168.1.1
Internetseiten die geblockt werden blockiert er.
Was ich gemacht habe ist:
- Unter Squid eine Whitelist erstellt mit den IP-Adressen die geblockt werden
- Unter SquidProxy Server ALC die IPs eingetragen (Allowed Subnet, Unrestricted IPs und Whitelist)
- Dienste neugestartet
Kennt ihr das Problem?
Hoffe auf eure Hilfe
Gruß
Share on Facebook
Share on Twitter
Share on Reddit
Share on LinkedinPlease also mark the comments that contributed to the solution of the article
Content-Key: 396438
Url: https://administrator.de/contentid/396438
Printed on: April 25, 2024 at 14:04 o'clock
3 Comments
Latest comment
Hallo,
Die Standarteinstellung der Pfsense ist das, RFC Netzwerke geblockt werden. Schau mal in den WAN Einstellungen müsste "Block RFC1918 Private Networks" und "Block bogon Networks" heißen.
Gruß
Stefan
Die Standarteinstellung der Pfsense ist das, RFC Netzwerke geblockt werden. Schau mal in den WAN Einstellungen müsste "Block RFC1918 Private Networks" und "Block bogon Networks" heißen.
Gruß
Stefan
Zitat von @136892:
Hallo,
ich habe das Problem wenn der Proxy eingeschaltet ist, blockt pfSense sich selber und andere IP-Adressen lässt er auch nicht durch.
Hallo,
ich habe das Problem wenn der Proxy eingeschaltet ist, blockt pfSense sich selber und andere IP-Adressen lässt er auch nicht durch.
Wenn der Proxy wo mit welchen Settings eingeschaltet ist?
Netzaufbau:
- WAN: 192.168.0.1
- LAN: 192.168.1.1
- WAN: 192.168.0.1
- LAN: 192.168.1.1
Hier in den WAN Einstellungen die Private Networks unblocken. Bogon Nentworks drinlassen. Siehe @138064:
Internetseiten die geblockt werden blockiert er.
??????????????????? Was soll uns das sagen? Und die Internetseiten die nicht blockiert werden werden nicht blockiert?Was ich gemacht habe ist:
- Unter Squid eine Whitelist erstellt mit den IP-Adressen die geblockt werden
- Unter SquidProxy Server ALC die IPs eingetragen (Allowed Subnet, Unrestricted IPs und Whitelist)
- Dienste neugestartet
Kennt ihr das Problem?
Ernsthaft: Poste mal deine Konfig (WAN und Squid) und dann ist das nullkommanix erledigt. So ist das wieder mal Quizshow...
Gruß
Buc
Unter Windows wenn der Proxy eingeschaltet ist komme ich nicht mehr auf die pfSense Webseite.
Die Private Networks habe ich schon deaktiviert.
Die Komplette Konfig:
Interfaces:
<interfaces>
<wan>
<enable></enable>
<if>hn0</if>
<descr><![CDATA[WAN]]></descr>
<alias-address></alias-address>
<alias-subnet>32</alias-subnet>
<spoofmac></spoofmac>
<ipaddr>dhcp</ipaddr>
<dhcphostname></dhcphostname>
<dhcprejectfrom></dhcprejectfrom>
<adv_dhcp_pt_timeout></adv_dhcp_pt_timeout>
<adv_dhcp_pt_retry></adv_dhcp_pt_retry>
<adv_dhcp_pt_select_timeout></adv_dhcp_pt_select_timeout>
<adv_dhcp_pt_reboot></adv_dhcp_pt_reboot>
<adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_backoff_cutoff>
<adv_dhcp_pt_initial_interval></adv_dhcp_pt_initial_interval>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_send_options></adv_dhcp_send_options>
<adv_dhcp_request_options></adv_dhcp_request_options>
<adv_dhcp_required_options></adv_dhcp_required_options>
<adv_dhcp_option_modifiers></adv_dhcp_option_modifiers>
<adv_dhcp_config_advanced></adv_dhcp_config_advanced>
<adv_dhcp_config_file_override></adv_dhcp_config_file_override>
<adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path>
<ipaddrv6>dhcp6</ipaddrv6>
<dhcp6-duid></dhcp6-duid>
<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
<adv_dhcp6_prefix_selected_interface>wan</adv_dhcp6_prefix_selected_interface>
</wan>
<lan>
<enable></enable>
<if>hn1</if>
<ipaddr>192.168.1.1</ipaddr>
<subnet>24</subnet>
<ipaddrv6>track6</ipaddrv6>
<subnetv6>64</subnetv6>
<media></media>
<mediaopt></mediaopt>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
</lan>
</interfaces>
Squid:
<installedpackages>
<package>
<name>squid3</name>
<internal_name>squid</internal_name>
<descr><![CDATA[High performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.<br />
It includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP.]]></descr>
<pkginfolink>https://forum.pfsense.org/index.php?board=60.0</pkginfolink>
<website>http://www.squid-cache.org/</website>
<version>0.4.44_7</version>
<configurationfile>squid.xml</configurationfile>
<filter_rule_function>squid_generate_rules</filter_rule_function>
<tabs>
<tab>
<text><![CDATA[General]]></text>
<url>/pkg_edit.php?xml=squid.xml&id=0</url>
<active></active>
</tab>
<tab>
<text><![CDATA[Remote Cache]]></text>
<url>/pkg.php?xml=squid_upstream.xml</url>
</tab>
<tab>
<text><![CDATA[Local Cache]]></text>
<url>/pkg_edit.php?xml=squid_cache.xml&id=0</url>
</tab>
<tab>
<text><![CDATA[Antivirus]]></text>
<url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url>
</tab>
<tab>
<text><![CDATA[ACLs]]></text>
<url>/pkg_edit.php?xml=squid_nac.xml&id=0</url>
</tab>
<tab>
<text><![CDATA[Traffic Mgmt]]></text>
<url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url>
</tab>
<tab>
<text><![CDATA[Authentication]]></text>
<url>/pkg_edit.php?xml=squid_auth.xml&id=0</url>
</tab>
<tab>
<text><![CDATA[Users]]></text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
<tab>
<text><![CDATA[Real Time]]></text>
<url>/squid_monitor.php</url>
</tab>
<tab>
<text><![CDATA[Sync]]></text>
<url>/pkg_edit.php?xml=squid_sync.xml</url>
</tab>
</tabs>
<include_file>/usr/local/pkg/squid.inc</include_file>
</package>
<package>
<name>squidGuard</name>
<descr><![CDATA[High performance web proxy URL filter.
<br />
Works with both Squid (2.7 legacy branch) and Squid3 (3.4 branch) packages.
<br />
<strong>Ensure Squid is installed before installing this package.</strong>]]></descr>
<website>http://www.squidGuard.org/</website>
<version>1.16.18_1</version>
<configurationfile>squidguard.xml</configurationfile>
<after_install_info>Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.</after_install_info>
<tabs>
<tab>
<text><![CDATA[General settings]]></text>
<url>/pkg_edit.php?xml=squidguard.xml&id=0</url>
<active></active>
</tab>
<tab>
<text><![CDATA[Common ACL]]></text>
<url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url>
</tab>
<tab>
<text><![CDATA[Groups ACL]]></text>
<url>/pkg.php?xml=squidguard_acl.xml</url>
</tab>
<tab>
<text><![CDATA[Target categories]]></text>
<url>/pkg.php?xml=squidguard_dest.xml</url>
</tab>
<tab>
<text><![CDATA[Times]]></text>
<url>/pkg.php?xml=squidguard_time.xml</url>
</tab>
<tab>
<text><![CDATA[Rewrites]]></text>
<url>/pkg.php?xml=squidguard_rewr.xml</url>
</tab>
<tab>
<text><![CDATA[Blacklist]]></text>
<url>/squidGuard/squidguard_blacklist.php</url>
</tab>
<tab>
<text><![CDATA[Log]]></text>
<url>/squidGuard/squidguard_log.php</url>
</tab>
<tab>
<text><![CDATA[XMLRPC Sync]]></text>
<url>/pkg_edit.php?xml=squidguard_sync.xml</url>
</tab>
</tabs>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
</package>
<package>
<name>Backup</name>
<descr><![CDATA[Tool to Backup and Restore files and directories.]]></descr>
<version>0.5_2</version>
<configurationfile>backup.xml</configurationfile>
<tabs>
<tab>
<text><![CDATA[Backup]]></text>
<url>/packages/backup/backup.php</url>
<active></active>
</tab>
</tabs>
<include_file>/usr/local/pkg/backup.inc</include_file>
</package>
<package>
<name>ntopng</name>
<website>http://www.ntop.org/</website>
<descr><![CDATA[ntopng (replaces ntop) is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.]]></descr>
<version>0.8.13_3</version>
<configurationfile>ntopng.xml</configurationfile>
<noembedded>true</noembedded>
<tabs>
<tab>
<text><![CDATA[ntopng Settings]]></text>
<url>/pkg_edit.php?xml=ntopng.xml</url>
<active></active>
</tab>
<tab>
<text><![CDATA[Access ntopng]]></text>
<url>/ntopng_redirect.php</url>
</tab>
</tabs>
<include_file>/usr/local/pkg/ntopng.inc</include_file>
</package>
<package>
<name>nmap</name>
<descr><![CDATA[NMap is a utility for network exploration or security auditing.<br/>
It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).
It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more.]]></descr>
<version>1.4.4_1</version>
<pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink>
<configurationfile>nmap.xml</configurationfile>
<include_file>/usr/local/pkg/nmap.inc</include_file>
</package>
<package>
<name>OpenVPN Client Export Utility</name>
<internal_name>openvpn-client-export</internal_name>
<descr><![CDATA[Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.]]></descr>
<version>1.4.18</version>
<configurationfile>openvpn-client-export.xml</configurationfile>
<tabs>
<tab>
<name>Client Export</name>
<tabgroup>OpenVPN</tabgroup>
<url>/vpn_openvpn_export.php</url>
</tab>
<tab>
<name>Shared Key Export</name>
<tabgroup>OpenVPN</tabgroup>
<url>/vpn_openvpn_export_shared.php</url>
</tab>
</tabs>
<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
</package>
<squidcache>
<config>
<cache_replacement_policy>heap LFUDA</cache_replacement_policy>
<cache_swap_low>90</cache_swap_low>
<cache_swap_high>95</cache_swap_high>
<donotcache></donotcache>
<enable_offline></enable_offline>
<ext_cachemanager></ext_cachemanager>
<harddisk_cache_size>100</harddisk_cache_size>
<harddisk_cache_system>ufs</harddisk_cache_system>
<level1_subdirs>16</level1_subdirs>
<harddisk_cache_location>/var/squid/cache</harddisk_cache_location>
<minimum_object_size>0</minimum_object_size>
<maximum_object_size>50</maximum_object_size>
<memory_cache_size>512</memory_cache_size>
<maximum_objsize_in_mem>256</maximum_objsize_in_mem>
<memory_replacement_policy>heap GDSF</memory_replacement_policy>
<cache_dynamic_content></cache_dynamic_content>
<custom_refresh_patterns></custom_refresh_patterns>
</config>
</squidcache>
<squidremote>
</squidremote>
<squidauth>
<config>
<auth_method>none</auth_method>
</config>
</squidauth>
<menu>
<name>Squid Proxy Server</name>
<tooltiptext>Modify the proxy server settings</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=squid.xml&id=0</url>
</menu>
<menu>
<name>Squid Reverse Proxy</name>
<tooltiptext>Modify the reverse proxy server settings</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url>
</menu>
<menu>
<name>SquidGuard Proxy Filter</name>
<tooltiptext>Modify the proxy server's filter settings</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=squidguard.xml&id=0</url>
</menu>
<menu>
<name>Backup Files/Dir</name>
<tooltiptext>Backup settings.</tooltiptext>
<section>Diagnostics</section>
<configfile>backup.xml</configfile>
<url>/packages/backup/backup.php</url>
</menu>
<menu>
<name>ntopng Settings</name>
<tooltiptext>Set ntopng settings such as password and port.</tooltiptext>
<section>Diagnostics</section>
<url>/pkg_edit.php?xml=ntopng.xml</url>
</menu>
<menu>
<name>ntopng</name>
<tooltiptext>Access ntopng</tooltiptext>
<section>Diagnostics</section>
<url>/ntopng_redirect.php</url>
</menu>
<menu>
<name>NMap</name>
<section>Diagnostics</section>
<configfile>nmap.xml</configfile>
</menu>
<service>
<name>squid</name>
<rcfile>squid.sh</rcfile>
<executable>squid</executable>
<description><![CDATA[Squid Proxy Server Service]]></description>
</service>
<service>
<name>clamd</name>
<rcfile>clamd.sh</rcfile>
<executable>clamd</executable>
<description><![CDATA[ClamAV Antivirus]]></description>
</service>
<service>
<name>c-icap</name>
<rcfile>c-icap.sh</rcfile>
<executable>c-icap</executable>
<description><![CDATA[ICAP Inteface for Squid and ClamAV integration]]></description>
</service>
<service>
<name>squidGuard</name>
<description><![CDATA[Proxy server filter Service]]></description>
<executable>squidGuard</executable>
</service>
<service>
<name>ntopng</name>
<rcfile>ntopng.sh</rcfile>
<executable>ntopng</executable>
<description><![CDATA[ntopng Network Traffic Monitor]]></description>
</service>
<squidantivirus>
<config>
<enable>on</enable>
<client_info>both</client_info>
<enable_advanced>disabled</enable_advanced>
<clamav_url></clamav_url>
<clamav_safebrowsing></clamav_safebrowsing>
<clamav_disable_stream_scanning></clamav_disable_stream_scanning>
<clamav_update>24</clamav_update>
<clamav_dbregion>europe</clamav_dbregion>
<clamav_dbservers></clamav_dbservers>
</config>
</squidantivirus>
<squidnac>
<config>
<allowed_subnets>MTkyLjE2OC4wLjAvMjQNCjE5Mi4xNjguMS4wLzI0</allowed_subnets>
<unrestricted_hosts>MTkyLjE2OC4wLjAvMjQNCjE5Mi4xNjguMS4wLzI0DQoxOTIuMTY4LjAuMQ0KMTkyLjE2OC4xLjE=</unrestricted_hosts>
<banned_hosts></banned_hosts>
<whitelist>MTkyLjE2OC4xLjENCjE5Mi4xNjguMC4x</whitelist>
<blacklist></blacklist>
<block_user_agent></block_user_agent>
<block_reply_mime_type></block_reply_mime_type>
<addtl_ports></addtl_ports>
<addtl_sslports></addtl_sslports>
</config>
</squidnac>
<squid>
<config>
<enable_squid>on</enable_squid>
<keep_squid_data>on</keep_squid_data>
<active_interface>lan</active_interface>
<proxy_port>3128</proxy_port>
<icp_port></icp_port>
<allow_interface>on</allow_interface>
<dns_v4_first></dns_v4_first>
<disable_pinger></disable_pinger>
<dns_nameservers></dns_nameservers>
<transparent_proxy></transparent_proxy>
<transparent_active_interface>lan</transparent_active_interface>
<private_subnet_proxy_off></private_subnet_proxy_off>
<defined_ip_proxy_off></defined_ip_proxy_off>
<defined_ip_proxy_off_dest></defined_ip_proxy_off_dest>
<ssl_proxy>on</ssl_proxy>
<sslproxy_mitm_mode>spliceall</sslproxy_mitm_mode>
<ssl_active_interface>lan</ssl_active_interface>
<ssl_proxy_port>3129</ssl_proxy_port>
<sslproxy_compatibility_mode>modern</sslproxy_compatibility_mode>
<dhparams_size>2048</dhparams_size>
<dca>5c1d629ab3cf4</dca>
<sslcrtd_children>5</sslcrtd_children>
<interception_checks></interception_checks>
<interception_adapt></interception_adapt>
<log_enabled></log_enabled>
<log_dir>/var/squid/logs</log_dir>
<log_rotate></log_rotate>
<log_sqd></log_sqd>
<visible_hostname>localhost</visible_hostname>
<admin_email>admin@localhost</admin_email>
<error_language>en</error_language>
<xforward_mode>on</xforward_mode>
<disable_via></disable_via>
<uri_whitespace>strip</uri_whitespace>
<disable_squidversion></disable_squidversion>
<custom_options>url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 16 startup=8 idle=4 concurrency=0</custom_options>
<custom_options_squid3></custom_options_squid3>
<custom_options2_squid3></custom_options2_squid3>
<custom_options3_squid3></custom_options3_squid3>
</config>
</squid>
<squidguardgeneral>
<config>
<squidguard_enable>on</squidguard_enable>
<ldap_enable></ldap_enable>
<ldapbinddn></ldapbinddn>
<ldapbindpass></ldapbindpass>
<stripntdomain></stripntdomain>
<striprealm></striprealm>
<ldapversion>3</ldapversion>
<enable_guilog></enable_guilog>
<enable_log></enable_log>
<log_rotation></log_rotation>
<adv_blankimg>on</adv_blankimg>
<blacklist>on</blacklist>
<blacklist_proxy></blacklist_proxy>
<blacklist_url>http://www.shallalist.de/Downloads/shallalist.tar.gz</blacklist_url>
</config>
</squidguardgeneral>
<squidguarddefault>
<config>
<dest>Whitelist !Blacklist !blk_BL_adv !blk_BL_costtraps !blk_BL_gamble !blk_BL_porn !blk_BL_sex_education !blk_BL_sex_lingerie !blk_BL_spyware !blk_BL_tracker !blk_BL_warez !blk_BL_weapons all</dest>
<notallowingip>on</notallowingip>
<deniedmessage></deniedmessage>
<redirect_mode>rmod_int</redirect_mode>
<redirect>Blocked by pfSense</redirect>
<safesearch></safesearch>
<rewrite></rewrite>
<enablelog>on</enablelog>
</config>
</squidguarddefault>
<squidguarddest>
<config>
<name>Whitelist</name>
<domains>google.com youtube.com songsterr.com spotify.com</domains>
<urls></urls>
<expressions></expressions>
<redirect_mode>rmod_none</redirect_mode>
<redirect></redirect>
<description></description>
<enablelog></enablelog>
</config>
<config>
<name>Blacklist</name>
<domains></domains>
<urls></urls>
<expressions>(porn|sex|xxx|hardcore|strip|lingerie|ads|adv|adware|werbung|casino)</expressions>
<redirect_mode>rmod_int</redirect_mode>
<redirect>Blocked by pfSense</redirect>
<description></description>
<enablelog></enablelog>
</config>
</squidguarddest>
<ntopng>
<config></config>
</ntopng>
</installedpackages>
<gateways></gateways>
</pfsense>
Die Private Networks habe ich schon deaktiviert.
Die Komplette Konfig:
Interfaces:
<interfaces>
<wan>
<enable></enable>
<if>hn0</if>
<descr><![CDATA[WAN]]></descr>
<alias-address></alias-address>
<alias-subnet>32</alias-subnet>
<spoofmac></spoofmac>
<ipaddr>dhcp</ipaddr>
<dhcphostname></dhcphostname>
<dhcprejectfrom></dhcprejectfrom>
<adv_dhcp_pt_timeout></adv_dhcp_pt_timeout>
<adv_dhcp_pt_retry></adv_dhcp_pt_retry>
<adv_dhcp_pt_select_timeout></adv_dhcp_pt_select_timeout>
<adv_dhcp_pt_reboot></adv_dhcp_pt_reboot>
<adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_backoff_cutoff>
<adv_dhcp_pt_initial_interval></adv_dhcp_pt_initial_interval>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_send_options></adv_dhcp_send_options>
<adv_dhcp_request_options></adv_dhcp_request_options>
<adv_dhcp_required_options></adv_dhcp_required_options>
<adv_dhcp_option_modifiers></adv_dhcp_option_modifiers>
<adv_dhcp_config_advanced></adv_dhcp_config_advanced>
<adv_dhcp_config_file_override></adv_dhcp_config_file_override>
<adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path>
<ipaddrv6>dhcp6</ipaddrv6>
<dhcp6-duid></dhcp6-duid>
<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
<adv_dhcp6_prefix_selected_interface>wan</adv_dhcp6_prefix_selected_interface>
</wan>
<lan>
<enable></enable>
<if>hn1</if>
<ipaddr>192.168.1.1</ipaddr>
<subnet>24</subnet>
<ipaddrv6>track6</ipaddrv6>
<subnetv6>64</subnetv6>
<media></media>
<mediaopt></mediaopt>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
</lan>
</interfaces>
Squid:
<installedpackages>
<package>
<name>squid3</name>
<internal_name>squid</internal_name>
<descr><![CDATA[High performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.<br />
It includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP.]]></descr>
<pkginfolink>https://forum.pfsense.org/index.php?board=60.0</pkginfolink>
<website>http://www.squid-cache.org/</website>
<version>0.4.44_7</version>
<configurationfile>squid.xml</configurationfile>
<filter_rule_function>squid_generate_rules</filter_rule_function>
<tabs>
<tab>
<text><![CDATA[General]]></text>
<url>/pkg_edit.php?xml=squid.xml&id=0</url>
<active></active>
</tab>
<tab>
<text><![CDATA[Remote Cache]]></text>
<url>/pkg.php?xml=squid_upstream.xml</url>
</tab>
<tab>
<text><![CDATA[Local Cache]]></text>
<url>/pkg_edit.php?xml=squid_cache.xml&id=0</url>
</tab>
<tab>
<text><![CDATA[Antivirus]]></text>
<url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url>
</tab>
<tab>
<text><![CDATA[ACLs]]></text>
<url>/pkg_edit.php?xml=squid_nac.xml&id=0</url>
</tab>
<tab>
<text><![CDATA[Traffic Mgmt]]></text>
<url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url>
</tab>
<tab>
<text><![CDATA[Authentication]]></text>
<url>/pkg_edit.php?xml=squid_auth.xml&id=0</url>
</tab>
<tab>
<text><![CDATA[Users]]></text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
<tab>
<text><![CDATA[Real Time]]></text>
<url>/squid_monitor.php</url>
</tab>
<tab>
<text><![CDATA[Sync]]></text>
<url>/pkg_edit.php?xml=squid_sync.xml</url>
</tab>
</tabs>
<include_file>/usr/local/pkg/squid.inc</include_file>
</package>
<package>
<name>squidGuard</name>
<descr><![CDATA[High performance web proxy URL filter.
<br />
Works with both Squid (2.7 legacy branch) and Squid3 (3.4 branch) packages.
<br />
<strong>Ensure Squid is installed before installing this package.</strong>]]></descr>
<website>http://www.squidGuard.org/</website>
<version>1.16.18_1</version>
<configurationfile>squidguard.xml</configurationfile>
<after_install_info>Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.</after_install_info>
<tabs>
<tab>
<text><![CDATA[General settings]]></text>
<url>/pkg_edit.php?xml=squidguard.xml&id=0</url>
<active></active>
</tab>
<tab>
<text><![CDATA[Common ACL]]></text>
<url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url>
</tab>
<tab>
<text><![CDATA[Groups ACL]]></text>
<url>/pkg.php?xml=squidguard_acl.xml</url>
</tab>
<tab>
<text><![CDATA[Target categories]]></text>
<url>/pkg.php?xml=squidguard_dest.xml</url>
</tab>
<tab>
<text><![CDATA[Times]]></text>
<url>/pkg.php?xml=squidguard_time.xml</url>
</tab>
<tab>
<text><![CDATA[Rewrites]]></text>
<url>/pkg.php?xml=squidguard_rewr.xml</url>
</tab>
<tab>
<text><![CDATA[Blacklist]]></text>
<url>/squidGuard/squidguard_blacklist.php</url>
</tab>
<tab>
<text><![CDATA[Log]]></text>
<url>/squidGuard/squidguard_log.php</url>
</tab>
<tab>
<text><![CDATA[XMLRPC Sync]]></text>
<url>/pkg_edit.php?xml=squidguard_sync.xml</url>
</tab>
</tabs>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
</package>
<package>
<name>Backup</name>
<descr><![CDATA[Tool to Backup and Restore files and directories.]]></descr>
<version>0.5_2</version>
<configurationfile>backup.xml</configurationfile>
<tabs>
<tab>
<text><![CDATA[Backup]]></text>
<url>/packages/backup/backup.php</url>
<active></active>
</tab>
</tabs>
<include_file>/usr/local/pkg/backup.inc</include_file>
</package>
<package>
<name>ntopng</name>
<website>http://www.ntop.org/</website>
<descr><![CDATA[ntopng (replaces ntop) is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.]]></descr>
<version>0.8.13_3</version>
<configurationfile>ntopng.xml</configurationfile>
<noembedded>true</noembedded>
<tabs>
<tab>
<text><![CDATA[ntopng Settings]]></text>
<url>/pkg_edit.php?xml=ntopng.xml</url>
<active></active>
</tab>
<tab>
<text><![CDATA[Access ntopng]]></text>
<url>/ntopng_redirect.php</url>
</tab>
</tabs>
<include_file>/usr/local/pkg/ntopng.inc</include_file>
</package>
<package>
<name>nmap</name>
<descr><![CDATA[NMap is a utility for network exploration or security auditing.<br/>
It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).
It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more.]]></descr>
<version>1.4.4_1</version>
<pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink>
<configurationfile>nmap.xml</configurationfile>
<include_file>/usr/local/pkg/nmap.inc</include_file>
</package>
<package>
<name>OpenVPN Client Export Utility</name>
<internal_name>openvpn-client-export</internal_name>
<descr><![CDATA[Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.]]></descr>
<version>1.4.18</version>
<configurationfile>openvpn-client-export.xml</configurationfile>
<tabs>
<tab>
<name>Client Export</name>
<tabgroup>OpenVPN</tabgroup>
<url>/vpn_openvpn_export.php</url>
</tab>
<tab>
<name>Shared Key Export</name>
<tabgroup>OpenVPN</tabgroup>
<url>/vpn_openvpn_export_shared.php</url>
</tab>
</tabs>
<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
</package>
<squidcache>
<config>
<cache_replacement_policy>heap LFUDA</cache_replacement_policy>
<cache_swap_low>90</cache_swap_low>
<cache_swap_high>95</cache_swap_high>
<donotcache></donotcache>
<enable_offline></enable_offline>
<ext_cachemanager></ext_cachemanager>
<harddisk_cache_size>100</harddisk_cache_size>
<harddisk_cache_system>ufs</harddisk_cache_system>
<level1_subdirs>16</level1_subdirs>
<harddisk_cache_location>/var/squid/cache</harddisk_cache_location>
<minimum_object_size>0</minimum_object_size>
<maximum_object_size>50</maximum_object_size>
<memory_cache_size>512</memory_cache_size>
<maximum_objsize_in_mem>256</maximum_objsize_in_mem>
<memory_replacement_policy>heap GDSF</memory_replacement_policy>
<cache_dynamic_content></cache_dynamic_content>
<custom_refresh_patterns></custom_refresh_patterns>
</config>
</squidcache>
<squidremote>
</squidremote>
<squidauth>
<config>
<auth_method>none</auth_method>
</config>
</squidauth>
<menu>
<name>Squid Proxy Server</name>
<tooltiptext>Modify the proxy server settings</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=squid.xml&id=0</url>
</menu>
<menu>
<name>Squid Reverse Proxy</name>
<tooltiptext>Modify the reverse proxy server settings</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url>
</menu>
<menu>
<name>SquidGuard Proxy Filter</name>
<tooltiptext>Modify the proxy server's filter settings</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=squidguard.xml&id=0</url>
</menu>
<menu>
<name>Backup Files/Dir</name>
<tooltiptext>Backup settings.</tooltiptext>
<section>Diagnostics</section>
<configfile>backup.xml</configfile>
<url>/packages/backup/backup.php</url>
</menu>
<menu>
<name>ntopng Settings</name>
<tooltiptext>Set ntopng settings such as password and port.</tooltiptext>
<section>Diagnostics</section>
<url>/pkg_edit.php?xml=ntopng.xml</url>
</menu>
<menu>
<name>ntopng</name>
<tooltiptext>Access ntopng</tooltiptext>
<section>Diagnostics</section>
<url>/ntopng_redirect.php</url>
</menu>
<menu>
<name>NMap</name>
<section>Diagnostics</section>
<configfile>nmap.xml</configfile>
</menu>
<service>
<name>squid</name>
<rcfile>squid.sh</rcfile>
<executable>squid</executable>
<description><![CDATA[Squid Proxy Server Service]]></description>
</service>
<service>
<name>clamd</name>
<rcfile>clamd.sh</rcfile>
<executable>clamd</executable>
<description><![CDATA[ClamAV Antivirus]]></description>
</service>
<service>
<name>c-icap</name>
<rcfile>c-icap.sh</rcfile>
<executable>c-icap</executable>
<description><![CDATA[ICAP Inteface for Squid and ClamAV integration]]></description>
</service>
<service>
<name>squidGuard</name>
<description><![CDATA[Proxy server filter Service]]></description>
<executable>squidGuard</executable>
</service>
<service>
<name>ntopng</name>
<rcfile>ntopng.sh</rcfile>
<executable>ntopng</executable>
<description><![CDATA[ntopng Network Traffic Monitor]]></description>
</service>
<squidantivirus>
<config>
<enable>on</enable>
<client_info>both</client_info>
<enable_advanced>disabled</enable_advanced>
<clamav_url></clamav_url>
<clamav_safebrowsing></clamav_safebrowsing>
<clamav_disable_stream_scanning></clamav_disable_stream_scanning>
<clamav_update>24</clamav_update>
<clamav_dbregion>europe</clamav_dbregion>
<clamav_dbservers></clamav_dbservers>
</config>
</squidantivirus>
<squidnac>
<config>
<allowed_subnets>MTkyLjE2OC4wLjAvMjQNCjE5Mi4xNjguMS4wLzI0</allowed_subnets>
<unrestricted_hosts>MTkyLjE2OC4wLjAvMjQNCjE5Mi4xNjguMS4wLzI0DQoxOTIuMTY4LjAuMQ0KMTkyLjE2OC4xLjE=</unrestricted_hosts>
<banned_hosts></banned_hosts>
<whitelist>MTkyLjE2OC4xLjENCjE5Mi4xNjguMC4x</whitelist>
<blacklist></blacklist>
<block_user_agent></block_user_agent>
<block_reply_mime_type></block_reply_mime_type>
<addtl_ports></addtl_ports>
<addtl_sslports></addtl_sslports>
</config>
</squidnac>
<squid>
<config>
<enable_squid>on</enable_squid>
<keep_squid_data>on</keep_squid_data>
<active_interface>lan</active_interface>
<proxy_port>3128</proxy_port>
<icp_port></icp_port>
<allow_interface>on</allow_interface>
<dns_v4_first></dns_v4_first>
<disable_pinger></disable_pinger>
<dns_nameservers></dns_nameservers>
<transparent_proxy></transparent_proxy>
<transparent_active_interface>lan</transparent_active_interface>
<private_subnet_proxy_off></private_subnet_proxy_off>
<defined_ip_proxy_off></defined_ip_proxy_off>
<defined_ip_proxy_off_dest></defined_ip_proxy_off_dest>
<ssl_proxy>on</ssl_proxy>
<sslproxy_mitm_mode>spliceall</sslproxy_mitm_mode>
<ssl_active_interface>lan</ssl_active_interface>
<ssl_proxy_port>3129</ssl_proxy_port>
<sslproxy_compatibility_mode>modern</sslproxy_compatibility_mode>
<dhparams_size>2048</dhparams_size>
<dca>5c1d629ab3cf4</dca>
<sslcrtd_children>5</sslcrtd_children>
<interception_checks></interception_checks>
<interception_adapt></interception_adapt>
<log_enabled></log_enabled>
<log_dir>/var/squid/logs</log_dir>
<log_rotate></log_rotate>
<log_sqd></log_sqd>
<visible_hostname>localhost</visible_hostname>
<admin_email>admin@localhost</admin_email>
<error_language>en</error_language>
<xforward_mode>on</xforward_mode>
<disable_via></disable_via>
<uri_whitespace>strip</uri_whitespace>
<disable_squidversion></disable_squidversion>
<custom_options>url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 16 startup=8 idle=4 concurrency=0</custom_options>
<custom_options_squid3></custom_options_squid3>
<custom_options2_squid3></custom_options2_squid3>
<custom_options3_squid3></custom_options3_squid3>
</config>
</squid>
<squidguardgeneral>
<config>
<squidguard_enable>on</squidguard_enable>
<ldap_enable></ldap_enable>
<ldapbinddn></ldapbinddn>
<ldapbindpass></ldapbindpass>
<stripntdomain></stripntdomain>
<striprealm></striprealm>
<ldapversion>3</ldapversion>
<enable_guilog></enable_guilog>
<enable_log></enable_log>
<log_rotation></log_rotation>
<adv_blankimg>on</adv_blankimg>
<blacklist>on</blacklist>
<blacklist_proxy></blacklist_proxy>
<blacklist_url>http://www.shallalist.de/Downloads/shallalist.tar.gz</blacklist_url>
</config>
</squidguardgeneral>
<squidguarddefault>
<config>
<dest>Whitelist !Blacklist !blk_BL_adv !blk_BL_costtraps !blk_BL_gamble !blk_BL_porn !blk_BL_sex_education !blk_BL_sex_lingerie !blk_BL_spyware !blk_BL_tracker !blk_BL_warez !blk_BL_weapons all</dest>
<notallowingip>on</notallowingip>
<deniedmessage></deniedmessage>
<redirect_mode>rmod_int</redirect_mode>
<redirect>Blocked by pfSense</redirect>
<safesearch></safesearch>
<rewrite></rewrite>
<enablelog>on</enablelog>
</config>
</squidguarddefault>
<squidguarddest>
<config>
<name>Whitelist</name>
<domains>google.com youtube.com songsterr.com spotify.com</domains>
<urls></urls>
<expressions></expressions>
<redirect_mode>rmod_none</redirect_mode>
<redirect></redirect>
<description></description>
<enablelog></enablelog>
</config>
<config>
<name>Blacklist</name>
<domains></domains>
<urls></urls>
<expressions>(porn|sex|xxx|hardcore|strip|lingerie|ads|adv|adware|werbung|casino)</expressions>
<redirect_mode>rmod_int</redirect_mode>
<redirect>Blocked by pfSense</redirect>
<description></description>
<enablelog></enablelog>
</config>
</squidguarddest>
<ntopng>
<config></config>
</ntopng>
</installedpackages>
<gateways></gateways>
</pfsense>
