Proxy + URL Filtering + mobile phones = KO

Hello everyone, I have installed my first server with ipfire and I am using the proxy + URL filtering, it works very well in wireless mode or with the wired network with computers.

However, the problem is with mobile phones, despite the transparent mode of the proxy being configured, mobile phones connected via wifi have no
restrictions, internet is accessible without restrictions.

Is there something particular to configure for smartphones?

Thank you for your help and have a good day

You will need a firewall rule to block normal traffic flow.
Or change your firewall default behavior to block.
Here is a useful read.

Hi Shaun,

Thanks you but I’m sorry, I don’t understand because if I make a rule to block normal traffic flow, how blue network users like laptop will acces to the web ?

I’m so tired about this problem…

Your users if using the proxy will have access to the web.
Second, the HTTPS protocol cannot work in transparent mode in IPfire.

1 Like

Hello, I have therefore followed your advice, which is to add a rule to block internet access for the wireless networks, and this rule works. From the BLUE network to the RED network. The problem now is that the BLUE wireless network no longer has access to the proxy.

What did I forget? Thank you and have a good day.

I make this for DHCP :

Hello everyone, I have done a rollback and it works. It is necessary to provide the proxy URL in all equipment and the filtering works. I have one last problem because some users will need WhatsApp via their Android or iOS application and the messages do not go out despite opening a few ports of the firewall to the web.

Also, with Spotify it works but not the search function, the Spotify mobile application seems to be offline. Could someone help me a bit?

Thank you and have a nice day

I don’t use the proxy.
Have you tried adding the ports in the web proxy page under “Destination ports”.

Yes Shaun, I do this but it’s KO :frowning:

Whatsapp with squid = DONE !!! Thanks of lot :slight_smile:

1 Like

Hello everyone, I am tired of realizing that WhatsApp and Spotify remain offline, even though I have created the firewall rules with certain
ports and nothing works.

Anyone can help me please ?

Have a nice day

I don’t think you need a firewall rule.
You need to add port to proxy allow port.

I agree with you, I’ve added the allowed ports in the proxy but I can’t even send an email with Gmail. I’m giving up, I’m sorry, I have to install this
product tomorrow and nothing works because of the proxy.

Should the Gmail ports be in the ssl box.

I tried this but KO

Found this.

In the firewall, are you sure you are doing the ports correctly. Generally traffic is from any port (typically high ports) to an explicit destination port. It is rarely from and to the same port.

1 Like