[pfSense Support] Squid + Content filtering
I know this has been asked several times and I have searched but came up with no solid answers. We're running PFsense as our FW + Squid as a web cache for a fairly large school district. We're migrating away from our paid content filtering solution and are looking at Dans guardian. I realize that there is no package for DG and probably will never be. What we would like to do is run SQUID on one box and DG by itself on another. Is this possible? We've purchased the PFSense handbook which is great btw (thanks). There obviously isnt much information on this subject in it however so we would greatly appreciate any information that anyone currently has. Summary: PFSense acting as Firewall + Web cache Seperate server running Dans guardian for content filtering. Squidguard is not really an option for us because there is no current way to setup bypass accounts for specific users or integrate with AD. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Squid + Content filtering
If you are wanting to integrate with AD, you will not want to use the pfSense package. You would be better served setting up squid and DG on a separate box and using a GPO to enforce proxy settings on your LAN clients. You can then further enforce your site policy by only allowing web traffic to leave your network from the squid box using firewall rules in pfSense. JASON JAMES wrote: I know this has been asked several times and I have searched but came up with no solid answers. We're running PFsense as our FW + Squid as a web cache for a fairly large school district. We're migrating away from our paid content filtering solution and are looking at Dans guardian. I realize that there is no package for DG and probably will never be. What we would like to do is run SQUID on one box and DG by itself on another. Is this possible? We've purchased the PFSense handbook which is great btw (thanks). There obviously isnt much information on this subject in it however so we would greatly appreciate any information that anyone currently has. Summary: PFSense acting as Firewall + Web cache Seperate server running Dans guardian for content filtering. Squidguard is not really an option for us because there is no current way to setup bypass accounts for specific users or integrate with AD. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Squid + Content filtering
AD is not really a deal breaker for us, bypass accounts/page is however. Jason James Technology Department School District of Milton 608-868-9570 ext 1082 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Slow TCP connection
Having just discovered wireshark, I'll agree =) I'm using the packet capture bit in pfsense. Is there a way of doing this via the shell (I'm new to BSD, more of a Linux person) and leaving it running (filtered by hostname) for a few hours/days? This way I can dump it all and analyse it in wireshark. Thanks, Josh. -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: 02 March 2010 05:31 To: support@pfsense.com Subject: Re: [pfSense Support] Slow TCP connection On Mon, Mar 1, 2010 at 5:24 AM, Hiren Joshi j...@moonfruit.com wrote: I'm not hitting the max states (this is set to a high enough number) and a tcp dump is impractical as this is not a consistent failure. tcpdump is never impractical. :) In fact it's really the only way you're going to get any further with this. 1 in 100 or even 1 in 1000 isn't difficult to handle, just get the headers in the capture to keep the size down, and the analysis tools in Wireshark make it easy to pick out the problem without browsing through thousands of frames. Get two simultaneous captures, one on LAN (or whatever internal interface) and one on WAN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Slow TCP connection
On Tue, Mar 2, 2010 at 8:54 AM, Hiren Joshi j...@moonfruit.com wrote: I'm using the packet capture bit in pfsense. Is there a way of doing this via the shell (I'm new to BSD, more of a Linux person) and leaving it running (filtered by hostname) for a few hours/days? This way I can dump it all and analyse it in wireshark. tcpdump. For example, tcpdump -i vr0 -n -w capture.pcap -i for the interface, -n to disable name resolution, capture.pcap is the capture file. I'm not sure if you have to do anything special to make it readable in wireshark. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Slow TCP connection
On 3/2/10 7:59 AM, David Burgess wrote: On Tue, Mar 2, 2010 at 8:54 AM, Hiren Joshi j...@moonfruit.com wrote: I'm using the packet capture bit in pfsense. Is there a way of doing this via the shell (I'm new to BSD, more of a Linux person) and leaving it running (filtered by hostname) for a few hours/days? This way I can dump it all and analyse it in wireshark. tcpdump. For example, tcpdump -i vr0 -n -w capture.pcap -i for the interface, -n to disable name resolution, capture.pcap is the capture file. I'm not sure if you have to do anything special to make it readable in wireshark. No special treatment needed -- wireshark will take pcap files as input. However, you might want to bear a couple of things in mind: 1. By default, tcpdump grabs only the first 68 bytes of each packet. You can override this with the '-s' flag, for example with a switch such as '-s 1500'. This is essential if you need to see deeper into the packet but the tradeoff is increased processing time. If you just need TCP headers you shouldn't need this switch. 2. Depending on link utilization tcpdump can capture a *lot* of traffic. If you know you only want to see traffic from/to a specific host, or for a given protocol, there are filters you can add at the end of a tcpdump command to limit what it will capture -- and wireshark uses identical capture filter syntax. The tcpdump manpage or wireshark docs have more info. dn - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Slow TCP connection
Oh I see, this is the Unix system I know this! =) Sorry for the blond moment, the interface names confused me. -Original Message- From: David Burgess [mailto:apt@gmail.com] Sent: 02 March 2010 15:59 To: support@pfsense.com Subject: Re: [pfSense Support] Slow TCP connection On Tue, Mar 2, 2010 at 8:54 AM, Hiren Joshi j...@moonfruit.com wrote: I'm using the packet capture bit in pfsense. Is there a way of doing this via the shell (I'm new to BSD, more of a Linux person) and leaving it running (filtered by hostname) for a few hours/days? This way I can dump it all and analyse it in wireshark. tcpdump. For example, tcpdump -i vr0 -n -w capture.pcap -i for the interface, -n to disable name resolution, capture.pcap is the capture file. I'm not sure if you have to do anything special to make it readable in wireshark. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Slow TCP connection
On second thoughts, I'll take that back. It looks like the front end is matching all hosts with that IP, now I'm stumped... -Original Message- From: Hiren Joshi Sent: 02 March 2010 17:43 To: support@pfsense.com Subject: RE: [pfSense Support] Slow TCP connection This is where things get interesting... When I use packet capture which I'm assuming is a front end to tcpdump, and enter a hostname, the filter works but when I use tcpdump host something.com it does a lookup on something.com and matches all packets with that IP. I have multiple hosts with the same IP but need to filter the packets for just one host. Any idea how I can do this? As it works via the front end, I figure there must be a way to do this in the command line. Thanks, Josh. -Original Message- From: David Newman [mailto:dnew...@networktest.com] Sent: 02 March 2010 16:08 To: support@pfsense.com Subject: Re: [pfSense Support] Slow TCP connection On 3/2/10 7:59 AM, David Burgess wrote: On Tue, Mar 2, 2010 at 8:54 AM, Hiren Joshi j...@moonfruit.com wrote: I'm using the packet capture bit in pfsense. Is there a way of doing this via the shell (I'm new to BSD, more of a Linux person) and leaving it running (filtered by hostname) for a few hours/days? This way I can dump it all and analyse it in wireshark. tcpdump. For example, tcpdump -i vr0 -n -w capture.pcap -i for the interface, -n to disable name resolution, capture.pcap is the capture file. I'm not sure if you have to do anything special to make it readable in wireshark. No special treatment needed -- wireshark will take pcap files as input. However, you might want to bear a couple of things in mind: 1. By default, tcpdump grabs only the first 68 bytes of each packet. You can override this with the '-s' flag, for example with a switch such as '-s 1500'. This is essential if you need to see deeper into the packet but the tradeoff is increased processing time. If you just need TCP headers you shouldn't need this switch. 2. Depending on link utilization tcpdump can capture a *lot* of traffic. If you know you only want to see traffic from/to a specific host, or for a given protocol, there are filters you can add at the end of a tcpdump command to limit what it will capture -- and wireshark uses identical capture filter syntax. The tcpdump manpage or wireshark docs have more info. dn - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Slow TCP connection
On Tue, Mar 2, 2010 at 10:45 AM, Hiren Joshi j...@moonfruit.com wrote: On second thoughts, I'll take that back. It looks like the front end is matching all hosts with that IP, now I'm stumped... I don't understand. You have several remote hosts with the same IP address and same host name? db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Slow TCP connection
I have many sites with different domain names all with the same IP. I am now realising that I won't be able to get this information from tcpdump as the tcp packets are too low level... I'll try matching the IP of the location of where I'm running the tests from, that should work. -Original Message- From: David Burgess [mailto:apt@gmail.com] Sent: 02 March 2010 17:51 To: support@pfsense.com Subject: Re: [pfSense Support] Slow TCP connection On Tue, Mar 2, 2010 at 10:45 AM, Hiren Joshi j...@moonfruit.com wrote: On second thoughts, I'll take that back. It looks like the front end is matching all hosts with that IP, now I'm stumped... I don't understand. You have several remote hosts with the same IP address and same host name? db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org