Hello,
(I’m sorry for my English).
The company does not want to activate the proxy on Windows 10 PCs.
But the filtering URL must be activated to block sites (facebook, porn, drugs, …).
In IpFire, the transparent proxy is activated with port 800 (proxy) and 3128 (transparent).
The PC does not have internet access without a proxy activated in its windows !!!
My configuration is correct! I have checked the settings but cannot find an explanation for the problem.
Hi,
this will not work for HTTPS sites. Refer to the corresponding documentation for further information.
Thanks, and best regards,
Peter Müller
Thank you for your answer but is there a solution?
" Transparent mode
In this mode Squid operates completely in the background and requires no configuration on client side. This mode only works with HTTP (port 80), the transparency is technically regulated by the firewall that intercepts any request to the web through the proxy and redirects the service (REDIRECT-Target)."
Hi,
Thank you for your answer but is there a solution?
none I am aware of. You need to configure a proxy in Windows (or whatever client you are
using) or allow direct internet access. In theory, it is possible to transparently intercept
HTTPS traffic as well, but IPFire does not support this on purpose - and since this is
what rogue governments are doing sometimes, you do not want it anyway.
Thanks, and best regards,
Peter Müller
Hi Paul
I’m a bit confused about what the problem is. Is the filtering the issue, or is the problem that the Windows machines need to have proxy configured for them to have Internet?
And by internet do you only mean Web browsing or everything, mail, streaming, etc. ?
If its the filtering, then you need to rethink how you do the filtering. As Peter and the site states, the proxy will not capture HTTPS traffic, so it cannot be filtered, it is ignored. The only way you can filter this is if you enforce DNS rules that block the sites you don’t want accessed. If a machine cannot resolve the DNS it cannot connect to it, “simple” principle. 
If its that the Windows machines require the proxy configuration manually instead of transparency doing its job, that seems firewall rules related.
I may be wrong, but from what I read you are blocking all traffic, and you are not permitting any traffic from the LAN to the firewall apart from DNS.
This means the only service that will have external connections are the Proxy (non-transparent), and OpenVPN (if configured). You need to give it rules on what type of traffic from the LAN will be allowed out, as you currently have a blanked ban in place.
Thank you. It’s sad. Good Sunday.