Trouble with pfsense + dansguardian + sqid3
-
I'm not using hostname (eighter shortname or fqdn) in any configuration file…but, could it be that it tries to do a lookup ?
Anyway, I'm now trying to set up DG on a separate box (CentOS) and have a config like this:
pfsensebox: running squid on port 3128 on LAN interface (192.168.1.2)
pfsensebox: NAT rule point at the new server 192.168.1.9 (tcp/8080)DGbox: listening on 8080
DGbox: proxyip 192.168.1.2
DGbox: proxyport 3128When I activate the NAT rule - web browsing stops...
UPDATE: when configureing the web browsers proxy IP directly to DG server - it's working...but I need to get this working by forwarding tcp/80 to DG:8080...
augh... :-\
-
Conceptually your new config should work (although it is unnecessary). You've got to go through some debugging steps and figure out where things are failing. Start eliminating variables - for example, have you tried configuring a client to use the new box and port 8080 as a proxy?
-
Yes - when configuring the client's proxy in the web browser to point towards my new DG box - DG works…and - while watching squid logs on my pfsense box...DG server redirect to it...
My problem now is to find out how to redirect web access (tcp/80) from default gateway (pfsense box) to DG...
client –-tcp/80---> pfsense/defgw –--redirect tcp/80 to DGserver/8080 ---> DGserver –-filterfilterfilter ---> pfsense/squid 3128 –--to the web --->
-
Just a thought…while all my clients are configured with pfsense as default gateway - and when enabling the squid server as "transparent" all request automatically will be redirected to port 3128...then squid will handle all requests. When enabling my NAT rule to forward tcp/80 request to the DG server - something crashes...and web browsing stop working.
cut and paste from pfsense proxy ui:
"If transparent mode is enabled, all requests for destination port 80 will be forwarded to the proxy server without any additional configuration necessary." -
My problem now is to find out how to redirect web access (tcp/80) from default gateway (pfsense box) to DG…
client –-tcp/80---> pfsense/defgw –--redirect tcp/80 to DGserver/8080 ---> DGserver –-filterfilterfilter ---> pfsense/squid 3128 –--to the web --->
All looks correct. Now create a LAN NAT rule that redirects anything that is destination port 80 to DGserver/8080. Should work fine…
-
Hi again,
OK - just to rule out any issues with my pfsense box, I've installed and configured squid on the same server as Dansguardian. Now - when configuring dansguardian as a proxy in my browser, this works. But, I still want to redirect all tcp/80 connections via my firewall towards dansguardian (tcp/8080).
I've created a NAT rule as attached to this post…but, when this is enabled web browsing stop working...are there any faults in my NAT rule ?
squid and dansguardian are uninstalled on my pfsense box.
-
These services were not running on the same box?
Why do people do this to themselves? -
Yeah. Thats how mine looks except I would expect redirect target IP to be 192.168.1.1, not .9
"squid and dansguardian are uninstalled on my pfsense box"
I hope you meant installed…
-
@kejianshi: all services was installed on one box - dansguardian didn't work at all.
So, I installed squid and dansguardian on a separate server, which is working if i configure proxy-settings in my web browser. But, I don't want to do it this way - I want to redirect the traffic so the user can't affect web traffic without even get more creative that they already are (teenages in the house).
So yes - i uninstalled squid and dg on my pfsense box.
Now - when trying to redirect the traffic (tcp/80) to my dg-box (192.168.1.9:8080) i created that rule…but it doesn't work...
-
To me it sounds like something on your pfsense box got seriously screwed up and that maybe the answer is reinstall that box clean then cleanly add in your packages and rules.
-
To me it sounds like something on your pfsense box got seriously screwed up and that maybe the answer is reinstall that box clean then cleanly add in your packages and rules.
I guess I'd have to agree… When setup properly, DQ/Squid works fine on pfSense. I've done this build dozens of times with no issue...
-
augh…last try is to reinstall...:\