That is the solution that gives me a lot of troubles... When I point https://mydomin.com/media/ => https://media.local:2020/media/ I have to configure media.local to have a service running on a different path, and that brings a lot of problems. The easyest solution would be to mask the url and rewrite https://mydomin.com/media/ to https://media.local:2020 that way I don't need to mess with the destinations servers.

Thanks derelict
🌷

i know this pfsense chat but you seem very smart in this other stuff too i had another question if i have a unraid and it rsyncs to a freenas if data on teh unraid bit rots wont it bit rot the freenas or should i be scrapping unraid all together. i just like it its easier to use then freenas but i do like some things freenas has so there is no happy medium or best solution windows i guess lol

@brlamnr said in HAProxy TCP/use client ip and carp cluster problem:

@piba said in HAProxy TCP/use client ip and carp cluster problem:

@brlamnr
Can you check result of command 'ipfw show' ?

Following after activating client-ip:

00010 0 0 fwd ::1 tcp from 10.3.128.10 443 to any in recv cxl0.79
00011 108 20412 fwd ::1 tcp from 10.3.128.11 443 to any in recv cxl0.79
65535 48732381 4651172490 allow ip from any to any

It didn't work. Same behavior. Thanks.

Edit file /usr/local/www/sqstat/sqstat.php

change line

$res .= "$('#sqstat_updtime').html({$time}');";

to

$res .= "$('#sqstat_updtime').html('{$time}');";

If the destination ip/port is the pfSense ip with proxy port, then it's a direct connect.
If the destination ip/por is an valip ip address with port 80 or 443 then it's a transparent connection if transparent mode is configured.

The basic usage for tcpdump is:

tcpdump -ni YOUR_LAN_OR_WAN_INTERFACE host YOUR_CLIENT_IP

@cloudfw said in Squid as transparent HTTP/HTTPS whitelist only proxy:

@marcelloc But why is it working with HTTP then? same thing DNS lookup, then direct http to IP traffic. Have you had this HTTPS setup working?

Because http traffic is not encrypted, squid can see the packet content. With ssl in splice all mode, squid does not intercept the connection, it just tries to check the server certificate. before establishing a tunnel between the client and the server.

i'll give it a try.. thanks

@valnurat said in How do I know if it is working?:

Okay, but what metadata is cached?

I'm not using Squid, but I tend to say : all classic http (non-https) web access. Forget about SSL caching (check Google, he will tell you why).
Squid main goal isn't being a "cache", it's more a proxy thing.

That is not an official package for pfSense. If you want to ask about that, I suggest you start a new thread and put the name of the package in the title. Otherwise the chances are slim that anyone that touches that package will see this thread.

@billiam said in Socks5 Proxy:

Thanks for the pointers, with a few tweaks I've got it running as needed. Some were just because the commands shown in your config displayed warnings as deprecated when run. I also added a user to the system for the service to run as "socks" instead of root

You're welcome. I found that config somewhere when looking for examples, don't remember where I found it but might have been an old one. Didn't see any warnings though, although once it worked I didn't check the logs.

Finally I've added the line:

<shellcmd>/usr/local/etc/rc.d/sockd onerestart</shellcmd>

to the pfSense config.xml just before the </system> line which auto starts the service when the box is rebooted.

Thanks for the tip!