I have worked on it a lot over the years with url filter, because I had to install it in a school. It is not difficult to use, but I don’t know how I can explain it. I’ll send you an image of my current setup. I hope it can help as a cue.
In any case, know that if you remove the proxy in the clients, the url filter is useless. As I already explained in an initial post, you have to set up rules in your firewall to remedy this.
1 Like
And this is an example of setting proxy in a client.
I set the proxy on the firefox browser.
10.168.1.254 = IP of IPFire server (green)
This procedure is vital. If you do not set a proxy here, as already explained, sites will never be blocked (or ONLY HTTP 80 will be blocked in case you have TRANSPARENCY enabled).
“By acting on the firewall rules,” you can make sure to “force proxy browsing.” In other words, if the proxy is removed in the client, the computer will not be able to browse.
3 Likes
Some users have asked me privately for this information.
I thought I would make it public here, knowing that it may be useful to all users.
This is what I see for a blocked https site:
And this is what I see for a blocked http site:
N.B:
For https the “connection failed” error applies.
I don’t think you can customize an error page for https. At least I couldn’t. I don’t know why.
The site blocker works perfectly for me, though!
One can take a cue from these images to create rules suitable for forcing proxy browsing in clients…
Whenever you create or edit a firewall rule, the green button you see in the picture on the firewall/firewall rules menu will appear.
Click on it for it to disappear, otherwise the rule changes/creations will never take effect.
@zombi3
Make screenshot of your settings for DHCP Server green and blue.
Those are important for the URL Filter function.
BR
Trash
1 Like
If needed I can send my configuration. Let me know. I am at your disposal.
@casabenedetti
I thought Zombi3 had an issue.
If you need to clear that too ? Sure you can.
BR
Trash
I’m having trouble with English 
.
The automatic translators mistranslate your last post.
In any case, I have no problem with the url filter. It works for me 
.
I don’t know if @zombi3 has solved it, and I don’t know if the users who asked me for help in private have solved it.
I will follow the topic doing my best to cooperate 
.
@casabenedetti
@zombi3
No matter. I will get back later and check reply.
For a right functional URL Filter, a right configured DHCP Server for green and blue is needed too.
BR
Trash
2 Likes
I configured it this way. It runs great 
!
Of course, I have assigned static IPs (out of the DHCP range) to the network for ease of detection.
@casabenedetti
You have right.
And for NTP I had set IPFire IP too. Clients can take time from there.
Have a nice day
BR
Trash
1 Like
Good find, at the first glance,
But,
green is 10.168.0.0/16, dynamic IPs are 10.168.155.1 - 10.168.155.254, greenIP is 10.168.1.254
similiar for blue 10.10.0.0/16
3 Likes
Yes, I think that is correct.
In a network 10.168.0.0/16
with gateway (IPFire) 10.168.1.254
I can assign an IP 10.168.255.254 to a client.
However, it would not be correct to assign 10.168.1.254 to a client.
In this case, there would be an IP conflict with IPFire.
In my DHCP configuration, it seems to me that 10.168.1.254 is out.
Is that correct?
1 Like
Sorry, I see my tipo at screenshot .
By calculator:
10.168.155.1 10.168.255.254 255.255.0.0
Address: 10.168.155.1 00001010.10101000 .10011011.00000001
Netmask: 255.255.0.0 = 16 11111111.11111111 .00000000.00000000
Wildcard: 0.0.255.255 00000000.00000000 .11111111.11111111
=>
Network: 10.168.0.0/16 00001010.10101000 .00000000.00000000 (Class A)
Broadcast: 10.168.255.255 00001010.10101000 .11111111.11111111
HostMin: 10.168.0.1 00001010.10101000 .00000000.00000001
HostMax: 10.168.255.254 00001010.10101000 .11111111.11111110
Hosts/Net: 65534 (Private Internet)
=====
10.10.155.1 10.10.255.254 255.255.0.0
Address: 10.10.155.1 00001010.00001010 .10011011.00000001
Netmask: 255.255.0.0 = 16 11111111.11111111 .00000000.00000000
Wildcard: 0.0.255.255 00000000.00000000 .11111111.11111111
=>
Network: 10.10.0.0/16 00001010.00001010 .00000000.00000000 (Class A)
Broadcast: 10.10.255.255 00001010.00001010 .11111111.11111111
HostMin: 10.10.0.1 00001010.00001010 .00000000.00000001
HostMax: 10.10.255.254 00001010.00001010 .11111111.11111110
Hosts/Net: 65534 (Private Internet)
BR
Trash
2 Likes
I thank you. I am reasoning about these values. It’s getting complicated to understand the topic. I want to succeed well .
Just in case, I may as well change .254 to .253
I have no problem with that 
.
@casabenedetti
Sorry, I had a mistype in screenshot, but could not delete it. Not sure why.
Anyway:
HostMin: 10.168.0.1
HostMax: 10.168.255.254
Netmask: 255.255.0.0 = 16
What IP should IPFire get ?? Example 10.168.0.1
Then DHCP can start 10.168.0.2 up to 10.168.255.254
Hosts can use IP range: 65534
HostMin: 10.10.0.1
HostMax: 10.10.255.254
Netmask: 255.255.0.0 = 16
What IP should IPFire get ?? Example 10.10.0.1
Then DHCP can start 10.10.0.2 up to 10.168.255.254
Hosts can use IP range: 65534
BR
Trash
1 Like
Here’s what makes me think:
If I were to start a DHCP from 10.168.1.1
in this network configuration,
All 10.168.0.x IPs seem to me to be out of the DHCP range.
This is similar to my configuration.
correct?
I think starting DHCP from 10.168.0.2 up to 10.168.255.254 means leaving all 10.168.x.1 IPs out of the DHCP range.
Correct me if I am wrong.
You have an special configuration.
Are you reserving IPs in block section for forwarding, as example for VPN? That either the DHCP Server own IP must be in that block section of range? For me unusual to set DHCP Server and green/blue eth network with xxx.xxx.1.254/16. Therefore I wrote check IP range. Yes I thought so, that you have further clients out of DHCP and out of Box reach. I think in isolation.
No. At all DHCP Servers that I had configured, that was not the result.
Because you wrote that everything works fine, I suggest to keep it as it is… as long you know all your IP ranges and the network clients makes no conflict and the linux kernel runs with this settings.
sorry, my Englich is not good. And the translater is worst too.
BR
Trash
2 Likes
I thank you for your answer.
My English is not good either, and all the automatic translators are not perfect.
But I think I understand.
My particular network configuration is related to the fact that I change it all the time for testing.
Apart from an OpenVpn server installed in IPFire (which I only connect to from outside), I have nothing else. I am the only user on my network.
As a result, I have no problem experimenting. I like IPFire precisely because I can study and understand it.
In the normal condition, a network like mine should simply be
192.168.1.0/255.255.255.0
I didn’t think about the DHCP issue you raised.
My ideas about DHCP are fruits of testing, but not of study. And therefore, I am not sure what I stated about the DHCP server. Reading what you told me, I became curious to look into the subject further. That’s all.
I will certainly do more experiments on my network, experiments that I avoid in case the network does not belong to me .
The URL filter is vital for me when I receive children at home .
This is your social media 
BR
Trash
2 Likes