proper firewall rules for https access with proxy enabled

[rizza]

Hello fellow ebox users need your help

I set up ebox as my firewall with proxy enabled. Works great except for https. I can correct this problem by adding a firewall rule for internel to internet for allow any any any. This seems to me to be in poor taste or at least poor practice to me. I tried to set up a service for https and add that to my firewall rules for port 443. This did not work. I need some pointers on the correct way to do this. I would like to make sure I can access gmail and bank things from behind ebox.

One more note: When I set up squid. I had a problem with starting squid. I viewed shell output and it kept scrolling stopping squid. I looked at /var/log/squid/cache.log and it talked about needing to run squid -z to setup the cache. I did this and now it works as expected. Is this normal? I'm using ebox .12 on this machine. I used debian based version previously.

Thanks.

I hate adding to my own posts but I got it to work another way that I'm happier with. I created a service for https just like before except I changed the source port at any instead of 443. Removed my allow any any any. "Saved". Now gmail works.

[javi]

Yep, source port should be any in that case

[rizza]

Thanks for confirming my thoughts.

A little side question on the same subject.

Following the boot sequence. I notice that near the end it shows squid failing to start as well as dansguardian failing to use a port or something like that. Is this normal? And can I remove some of the start ups in the rc2.d to eliminate all the starting and stopping of services before ebox takes control of everything?

Off subject but boot also shows bind connection fail and apache can't reliably determine fqdn. Where did I screw up?

Thanks Again