Hi! I'm trying to achieve this configuration: essentially all the traffic in the network should pass the content filtering in the proxy, assume I have control over the clients. All not proxied traffic should be blocked by default.
I know not all network traffic can pass through proxy, but I'm not sure I understand how actually all of this work.
My UFW firewall configuration is the following:
To Action From
-- ------ ----
3128 ALLOW OUT Anywhere
53 ALLOW OUT Anywhere
53 is for DNS requests (that cannot pass through the proxy), even if I use DOH this port needs to be open for bootstrapping.
3128 is Squid proxy port.
I'm assuming the following:
client -> dns request (53) / cannot be handled by the proxy -> dns response
client -> proxy (all ports that the proxy can handle) -> http/https/ftp response
client -> blocked (all other ports)
But from UFW logs it looks like the client is trying to make requests (eg. https requests) directly through port 443, instead that passing from 3128..
Maybe I'm getting something wrong here on how Proxies work.
Do you have any suggestion?
If you simply want to block certain sites, why not use Pihole?
DNS over HTTPS bypasses pihole, and you have to do some effort to make it work. DNS in general is such a mess.