You can easily install a dedicated squid box (not a pfSense box running
squid) in your network and accomplish the same goals.
Graeme Evans wrote:
Chris
Seems you may be on to something. I have removed Squid and what was a very re-producible issue doesn't _seem_ to be happening. I had thought about that but dismissed it as it was affecting ICMP/Ping, TCP/FTP and other traffic which I didn't think squid would interfere with.
However now I have another problem, It's most important to have the security
but squid saves us hours of time and gigs of bandwidth a day by caching updates
for all the PC's that come through our workshop. Really could do with it
installed and still have the intended security. I guess I could have a second
PFSense box caching within the workshop segment but it shouldn't be needed.
Graeme Evans
Technical Manager
KCS Computer Solutions
e: graeme.ev...@kcssolutions.co.uk
w: www.kcssolutions.co.uk
t: 017687 75526
f: 017687 75636
a: Packhorse Court, Keswick, Cumbria, CA12 5JB
Keswick Computer Services Ltd. trading as KCS Computer Solutions (Registered in
England & Wales)
Company Number: 4533301
VAT Number: GB734 732 432
This email and any attachments are confidential. It may contain privileged information and is intended for the named recipient(s) only. It must not be distributed without consent. If you are not one of the intended recipients, please notify the sender immediately and do not disclose, distribute, or retain this email or any part of it.
Unless expressly stated, opinions in this email are those of the individual sender, and not of Keswick Computer Services Ltd. Legally binding obligation can only arise for, or be entered into on behalf of, Keswick Computer Services Ltd by duly authorised representatives.
Keswick Computer Services Ltd excludes any liability whatsoever for any offence caused, any direct or consequential loss arising from the use, or reliance on, this e-mail or its contents. We believe but do not warrant that this e-mail and any attachments are virus free. You must therefore take full responsibility for virus checking. Keswick Computer Services Ltd reserve the right to scan all e-mail communications through its network.
-----Original Message-----
From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris
Buechler
Sent: 17 April 2009 15:36
To: support@pfsense.com
Subject: Re: [pfSense Support] Firewall rules keep failing
On Fri, Apr 17, 2009 at 4:15 AM, Graeme Evans
<graeme.ev...@kcssolutions.co.uk> wrote:
Situation:
I have a simple PFSense setup with a single PFsense 1.2.2 computer, 1 WAN
interface, and 2 Local interfaces - one named LAN (10.0.0.0/24), and the
other is Workshop (10.0.1.0/24). We have allsorts of computers including
infected PC's connected to our Workshop interface so there are firewall
rules setup only to allow internet access from both Local interfaces and on
the workshop interface a some simple rules allowing things like FTP access
to our fileserver on the LAN interface. We want no other access between
subnets. We also have squid installed in transparent mode listening on the
Workshop interface only, lightsquid,
If you uninstall squid does it change? If traffic isn't getting
logged and you have logging on all your firewall rules, squid has to
be picking it up. There are a number of potential consequences of the
squid packages, this may be one.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
