Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SQUID in Transparent Mode

    Scheduled Pinned Locked Moved Cache/Proxy
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      asan
      last edited by

      Hi all

      First of all I want to say that I was looking for an answer for many hours.
      But I don’t find any information why this is (technically) not possible.

      If I configure SQUID as a “normal” proxy and push the proxy settings using a proxy.pac file, I’m able to open website on all Ports which are defined in the ACL SafePorts list. For example:
      80
      443
      8080
      every port over 1024

      I’m using this service for my test:
      portquiz.net: <port_to_test>If I configure SQUID as a transparent proxy, why is it not possible to proxy more than one port? I can only open connections which are going to port 80.

      In other words.
      I can only open websites which are running on port 80. If a website is running on a different port, it is not possible to open it.

      Thank you very very much for a helpful answer.

      Regards,
      Asan</port_to_test>

      1 Reply Last reply Reply Quote 0
      • C
        chris4916
        last edited by

        because this is the way transparent proxy work.
        If you want to use other (HTTP, not HTTPS) ports, then you have configure forward so that pfSense redirects these ports to Squid.

        HTTPS can't be proxied transparently unless you configure SSL-Bump (man in the middle)

        Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

        1 Reply Last reply Reply Quote 0
        • A
          asan
          last edited by

          Hi Chris

          Thank you very much for your answer. What is Squid configuring in background if I enable transparent mode?
          Do I need to configure pfSense as follows, if I want, for example, forward traffic to port 5555 transparently to Squid?

          INSIDE Interface: Source of Traffic
          192.168.10.10: IP Address of the interface on which Squid is listening
          3128: Squid port

          Thank you
          asan

          ![Screen Shot 2016-08-23 at 19.50.52.png](/public/imported_attachments/1/Screen Shot 2016-08-23 at 19.50.52.png)
          ![Screen Shot 2016-08-23 at 19.50.52.png_thumb](/public/imported_attachments/1/Screen Shot 2016-08-23 at 19.50.52.png_thumb)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.