Pfsense squid not redirecting 80 to 3128 in transperant mode

hafte · Dec 10, 2009, 12:33 PM

Hi all,

Plase help me with this problem.
I have using pfsense squid but it stops redirecting 80 to 3128 in transperant mode.
I have tried reinstall all packages but without success.

I have the following configuration:
WAN (ext internet)- LAN1 (vlan 192.168.0.1), LAN2 (vlan 192.168.1.1), LAN3 (vlan 192.168.2.1)

How to manual create a rule to forward traffic from all LAN networks to proxy. It seems that pfsense not create it automaticaly.

Thanks

danswartz · Dec 14, 2009, 6:28 PM

what are you configuring squid to do? are you selecting all 3 of the LAN interfaces for the transparent mode?

hafte · Dec 14, 2009, 6:41 PM

Yes all 3 of the LAN interfaces are selected in proxy interface and the transparent mode is checked.

After this problem the config was the same and worked.
I also tried to use proxy enabled only on LAN but the result is the same. Not redirecting.
If i manually select settings (proxy IP, and port) in browser it works with proxy and lightsquid without problems.

I cannot stop the machine for reinstallation of pfsense because there are ~200 user that using it all the time. Now it works without proxy and file type restrictions :-(

hafte · Jan 5, 2010, 3:33 PM

Anyone ???

mhab12 · Jan 5, 2010, 4:31 PM

Make sure your webGUI is set to a port other an 80 - try HTTPS/443.

hafte · Jan 5, 2010, 5:10 PM

webGUI is set to a port 8080. :-(

here is my squid.conf

Do not edit manually !

http_port 192.168.0.1:3128
http_port 192.168.1.1:3128
http_port 192.168.2.1:3128
http_port 127.0.0.1:80 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/Bulgarian
icon_directory /usr/local/etc/squid/icons
visible_hostname firewall.redcross.bg
cache_mgr admin@redcross.bg
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
logfile_rotate 30
shutdown_lifetime 3 seconds
uri_whitespace strip

cache_mem 256 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /var/squid/cache 100000 32 256
minimum_object_size 0 KB
maximum_object_size 512000 KB
offline_mode off
cache_swap_low 80
cache_swap_high 90

No redirector configured

Setup some default acls

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 8080 3128 1025-65535
acl sslports port 443 563 8080
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
acl unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl"
acl banned_hosts src "/var/squid/acl/banned_hosts.acl"
acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
cache deny dynamic
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections

http_access allow localhost

quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
reply_body_max_size 0 allow all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all

These hosts are banned

http_access deny banned_hosts

These hosts do not have any restrictions

http_access allow unrestricted_hosts

Block access to blacklist domains

http_access deny blacklist

Default block all to be sure

http_access deny all

mhab12 · Jan 6, 2010, 4:53 PM

The redirect rules are not in squid.conf, they are located here…
/usr/local/pkg/squid.inc

hafte · Jan 6, 2010, 6:01 PM

The problem is solved :-)
I reinstalled pfsense and restored backup config.

Everything not works perfect.

Thanks for support