Firewall and Proxy Configuration Help

Hello Everyone!

I’m a quite a newbie with firewall and proxy configuration so
may i ask for some experts’ advice as to how i could fix or deal with the issue
that I’ve been facing for 3 days now. Googled already and have done so many
tweaks but somehow i could not make it work ;(. I wonder if i am doing something
wrong, so would be glad if somebody would correct me.

I had activated IPfire’s proxy as transparent on Green.
Had setup firewall rules where in my goal is to restrict all machines from accessing some sites (social media, gaming sites, etc) by default, and yet allowing access to selected IP’s only.

I am attaching the screenshot of my firewall rules and web proxy configuration for you to see.
(Kindly ignore the inactive rules though.)

LOCAL IP variable here points to a network i created with value of 192.168.0.0/24
and ALLOWED IP is containing a small group of hosts like 192.168.0.1, 192.168.0.15, 192.168.0.30.

However, with ALLOWED IP rule running, those under the ALLOWED IP group can’t still access the restricted sites. (??)

To test if each of my rules are indeed working, i deactivated the ALLOWED IP rule and focused yet with rule number 2 (block all IP from accessing restricted sites). And it seems like this rule is running okay as when i disable or enable this, my testing machine could access, or then could not access everything.
To test even further, i changed this LOCAL IP value to a single host IP 192.168.0.50,
and i am quite confused with the result as 192.168.0.50 could still access everything, even after i restarted the IPfire machine.
And same result when i use a group of hosts.

In conclusion, i wonder why my rules containing a host or a group of host as source won’t work as oppose to when i use a network 192.168.0.0/24 value? Or am i doing something really wrong in here?

Additional info:
IPFire version IPFire 2.25 (x86_64) - core147
Pakfire version 2.25-x86_64
Access to proxy was enabled via my testing machine’s browser proxy setting using port 800.

Thank you in advance for everyone’s help.
Grace

And here is my web proxy setup.

Hi,

first, welcome to the IPFire community ( :slight_smile: ) and sorry for my late reply ( :expressionless: ).

I had activated IPfire’s proxy as transparent on Green.

Using a transparent proxy does not work with HTTPS sites, since those requests cannot be transparently redirected. I suggest to disable the transparent proxy, and use the non-transparent one only.

Had setup firewall rules where in my goal is to restrict all machines from accessing some sites (social media, gaming sites, etc) by default, and yet allowing access to selected IP’s only.

Well, the first firewall rule in your screenshot permits any traffic from any source IP address to any destination. This contradicts your intention, since you do not seem to want to simply allow any traffic.

No harm intended, but I suggest to start by reading the firewall documentation and the web proxy documentation, and rework your ruleset afterwards. Let me know if there is any trouble. :slight_smile:

Thanks, and best regards,
Peter Müller