Squid customize ports

periko

Hi guys  ;D

I have follow some posts here about how to add new safe_ports to squid? I see that a lot of people fix this editing the file:

/usr/local/pkg/squid.inc

Is this the only way to do this with squid?

Because if i got to the web gui, adding acl to the customize window will add this new option to the end of the file "squid.conf."

Running pfsense 1.2.2. Thanks for your time people  :).

mhab12

I'm not sure I completely understand your question, but here is some info.

In pfSense, squid.conf gets rewritten at startup from squid.inc.  If you manually edit squid.conf your changes will be lost when you reboot the box.  If you edit squid.inc, your changes will be saved/reloaded each time you boot.

periko

Hi mhab12.

U have answer my question, thanks.

Example: I want to add a new acl to port 7071 to squid, to make this possible I have to edit squid.inc not squid.conf.

This is just to confirm. Last thing, after I edit the squid.inc file, I have to reboot my pfsense box to get this changes or just a service restart?

Thanks again for your time  ;D.

mhab12

Yes, you're correct.  You could edit both the squid.conf and squid.inc with your change, then you'll only need a service restart (I think).  When the time comes to reboot the box anyway, your change will be become permanent.  The downside of this approach is that GUI changes to the proxy settings may erase your changes until reboot.

periko

mhab12 thanks for all this great info u had give to me.

Much to learn from u people.

Thanks  :)

jigpe

Customizing ports is still the same in adding ports or deleting ports in Firewall>Rules? Or this is the other way around especially when you have default rule enabled to any?

jigp
Davao City

mhab12

As discussed in another post (I did not try to find it), the squid ports and transparent redirect rules are processed BEFORE the firewall rules.  Firewall rules will not block traffic from an internal interface to the Squid port you chose through the Squid GUI.

chudy

default pfsense package uses 127.0.0.1:80 transparent and LANIP:3128
you can always change your proxy port(3128) anyport you like at GUI

but if you wanna change the transparent proxy port edit it in /usr/local/pkg/squid.inc
look for http_port 127.0.0.1:80 transparent and it should be match at function squid_generate_rules where you can see these lines
rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80

or to add another port edit /usr/local/pkg/squid.inc and look for icp_port $icp_port
so it will look like

	$conf .= <<<eod<br># add it here where i use port 7071
http_port 7071
icp_port $icp_port</eod<br> 

save then goto your proxy gui and save(this way the squid.inc will be reloaded) to confirm.
load at pfsense gui's diagnostics /usr/local/etc/squid/squid.conf

I think that will give you the idea

jigpe

Thanks for the heads up :)
Good morning all :)

That did the trick :)

But what is the purpose of chaning the ports squid and lan ?

jigp
Davao City
1.2.2