This is regardless of whether I have the URL-filter activated or not.
It must have something to do with using the HTTPS proxy,
because when I disable my HTTPS-blocking firewall rule, I can reach https://mozilla.org not using the proxy. http://mozilla.org then redirects directly to https://mozilla.org.
Try if the IPFire itself can resolve mozilla.org. If not try to use an other server. Daniel has reported problems with .org domains on the DNS Servers of the german ISP “Telekom”.
Oops my bad. Thought it works with disabled URL filter. It’s always an good idea to check the logs. That’s what they are made for.
Try another DNS server, resolve the IP online and browse it or even unplug the fw and try directly with your router to make sure the fw is not the problem.
This would explain this because with configured proxy the browser doesn’t resolve the url. It connect the proxy and send a connect “mozilla.org” and the proxy resolve the url.
Ok some port forward rules and VPN, but you allow and disallow some things. What are your settings for:
Firewall Options -> Forward + Outgoing?
If you chose “blocked” for both, you have to open all needed ports, but don’t need to define any blocked ports anymore. It’s the same for the firewall outgoing communication. But I think you know that… I still wonder why you define allowed and blocked port rules.
Also what ports are defined in the group “allowedports”?
Please don’t assume that I know anything. I pretty much found this system here which was setup by somebody else. My only task with the firewall so far has been to get the webfilter to work…
Hm no. Why do you allow HTTPS in that group? Delete it. Also delete rule 7. That’s already done by your default forward communication setting.
And why do you block @ default all outgoing firewall communication just to allow all again? In my opinion it’s not a good idea to allow all outgoing communication since there are just a few ports needed for regular use.
You are probably right. As I want to block all HTTPS not going through the proxy (which is what rule 7 is for, if activated), there is no need to allow HTTPS again in another rule.
Hm, but enabling rule 7 thus far seems to be the only thing that blocks non-proxied HTTPS for me. My goal is that no HTTPS can be used without the proxy’s url filter. Are you saying my default forward communication setting should already be blocking HTTPS?
So you are saying, I should make the firewall rules more restrictive? Which rules are you referring to in particular? Again: it was not me who set up this firewall and I am quite new to the subject matter…
Yes. If you choose “allowed” you will have to create blacklists and if “blocked” the oposit → whitelists .
Try yourself. Don’t configure the cliensts to use the proxy and you will see: http/https isn’t working anymore. Configure them to use the proxy and they will be able to communicate http/https over ipfire again (as long as the firewall is allowed to cummunicate http/https ).
This is up to your needs. I don’t need more than that for the firewall:
He’s right, but that means that you have to use trusted DNS servers already. I don’t know if you do. Aussies are always trustable, so I use 1.1.1.1 for primary and google DNS as reliable server 8.8.8.8 for secondary DNS.
I have now set forward and outgoing in the firewall options to “allowed” and disabled all firewall rules.
But the problem that I cannot reach the mentioned urls via the HTTPS proxy still remains.
I also tried to assign the primary and secondary DNS (1.1.1.1 and 8.8.8.8 aus you suggested) and did a reboot of ipfire afterwards. But this still does not change anything.
).