Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow .exe through squid proxy

    Scheduled Pinned Locked Moved pfSense Packages
    14 Posts 3 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrsquash2
      last edited by

      Unfortunately, the .exe is part of a distributed package from a 3rd party vendor. Therefore I cannot alter their software.

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        you can bypass the proxy for a destination IP.
        So if your exe is connecting to always the same IP (range) then add this to the bypass list on squid GUI.

        1 Reply Last reply Reply Quote 0
        • M
          mrsquash2
          last edited by

          Isn't the bypass list something that allows an internal client to bypass the proxy all together?

          The only thing I have found so far to test is:

          edit the squid.inc file

          $rules .= "\n# Setup Squid proxy redirect\n";
          if ($squid_conf['private_subnet_proxy_off'] == 'on') {
          foreach ($ifaces as $iface) {
          $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 166.73.20.226/32, 166.73.20.167/32, 166.73.20.43/32, 66.238.16.200/32 } port 80\n";

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            this rule says to do not forward traffic to squid for these ips

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke
              last edited by

              @mrsquash2:

              Isn't the bypass list something that allows an internal client to bypass the proxy all together?
              (…)

              It depends on what you allow to bypass. You can bypass the proxy by SOURCE IP or you can bypass the proxy by DESTINATION IP.

              If you allow by SOURCE IP you are right, the host will bypass the proxy at all.
              That's why I said you should use DESTINATION IP. Then the proxy will only be bypassed for this dest. IP but all other IPs must pass the proxy.

              1 Reply Last reply Reply Quote 0
              • M
                mrsquash2
                last edited by

                When I go to Services > Proxy Server I have the option "Bypass proxy for these source IPs" with a description of "Do not forward traffic from these source IPs through the proxy server but directly through the firewall. Separate by semi-colons (;)."

                Are you saying that I can put DESTINATION IPs in here as well?

                1 Reply Last reply Reply Quote 0
                • marcellocM
                  marcelloc
                  last edited by

                  @mrsquash2:

                  Are you saying that I can put DESTINATION IPs in here as well?

                  Isn't the next field ..Bypass proxy for these destination IPs ?
                  Do not proxy traffic going to these destination IPs, CIDR nets, hostnames, or aliases, but let it pass directly through the firewall. Separate by semi-colons (;). [Applies only to transparent mode]

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • M
                    mrsquash2
                    last edited by

                    I don't have that option.

                    I'm using:

                    Squid v2.7.8_1
                    SquidGuard v1.3-2
                    Lightsquid v1.7.1 pkg v.1.2

                    Do I need to upgrade to a newer version?

                    1 Reply Last reply Reply Quote 0
                    • marcellocM
                      marcelloc
                      last edited by

                      @mrsquash2:

                      Do I need to upgrade to a newer version?

                      It's on both squid versions (2.7.9 pkg v.4.3.1 and 3.1.20 pkg 2.0.5_5) on first package gui tab for a long time.

                      Treinamentos de Elite: http://sys-squad.com

                      Help a community developer! ;D

                      1 Reply Last reply Reply Quote 0
                      • M
                        mrsquash2
                        last edited by

                        Upgraded to 2.7.9 pkg v.4.3.1 and added the IP DESTINATION bypass.

                        All seems to be working now.

                        Thanks!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.