Squid transparent proxy not working
-
Hi.
I have been working with my pfsense box and squid.
I'm using pfsense 1.2.2 and squid 2.6.21_08. It suppose that went u enable "Transparent Proxy" all traffic over the port 80 will be send to squid.I have been playing with squid but no luck.
I have been listening my pfsense lan card with tcpdump:
tcpdump -vvv -i fxp0 port 3128
tcpdump -vvv -i lo0 port 3128None of them have receive any package, "sockstat | grep squid" give me this:
proxy squid 17810 3 dgram -> /var/run/logpriv
proxy squid 17810 9 stream /tmp/php-fastcgi.socket-0
proxy squid 17810 13 stream -> ??
proxy squid 17810 14 stream -> ??
proxy squid 17810 15 stream -> ??
proxy squid 17810 16 stream -> ??
proxy squid 17810 17 stream -> ??
proxy squid 17810 18 stream -> ??
proxy squid 17810 19 stream -> ??
proxy squid 17810 20 stream -> ??
proxy squid 17810 21 stream -> ??
proxy squid 17810 22 stream -> ??
proxy squid 17810 23 stream -> ??
proxy squid 17810 24 stream -> ??
proxy squid 17810 25 stream -> ??
proxy squid 17810 26 stream -> ??
proxy squid 17810 27 stream -> ??
proxy squid 17810 28 stream -> ??
proxy squid 17810 29 stream -> ??
proxy squid 17810 30 stream -> ??
proxy squid 17810 31 stream -> ??
proxy squid 17810 32 stream -> ??
proxy squid 17810 33 stream -> ??
proxy squid 17810 34 stream -> ??
proxy squid 17810 35 stream -> ??
proxy squid 17810 36 stream -> ??
proxy squid 17810 37 stream -> ??
proxy squid 17810 38 stream -> ??
proxy squid 17810 39 stream -> ??
proxy squid 17810 40 stream -> ??
proxy squid 17810 41 stream -> ??
proxy squid 17810 42 stream -> ??
proxy squid 17810 43 stream -> ??
proxy squid 17810 44 stream -> ??
proxy squid 17810 52 tcp4 192.168.10.1:3128 :
proxy squid 17810 53 tcp4 127.0.0.1:80 :
proxy squid 17810 54 udp4 *:4827 :
proxy squid 17810 56 udp4 127.0.0.1:56390 127.0.0.1:50381
root squid 17807 3 dgram -> /var/run/logpriv
root squid 17807 9 stream /tmp/php-fastcgi.socket-0Is correct to have the loopback listening on port 80?
My pfsense box is on port 443.
This is my /usr/local/etc/squid/squid.conf
http_port 192.168.10.1:3128
http_port 127.0.0.1:80 transparent
icp_port 0pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
shutdown_lifetime 3 seconds
uri_whitespace stripcache_dir aufs /var/squid/cache 100 16 256
cache_mem 8 MB
maximum_object_size 4 KB
minimum_object_size 0 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
offline_mode off
dns_children 32
cache_swap_low 90
cache_swap_high 95No redirector configured
Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
cache deny dynamic
http_access allow manager localhosthttp_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslportsAlways allow localhost connections
http_access allow localhost
request_body_max_size 0 KB
reply_body_max_size 0 allow all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow allDefault block all to be sure
http_access deny all
Exist some problem with this package or is my configuration wrong?
Thanks all for your time!!!
-
Problem solved, was my mistake, thanks :D
-
why ???
-
My goal was to block all sites by default and after someone here in the forum answer me how to do that, I was thinking that my problem was the "Transparent Proxy" option, but I was wrong.
Now is working good.
