Transparent Proxy issue?
-
Zaf, by chance do you have multiple WAN interfaces? Squid (and even pfsense itself) tend to by super-flakey with multi-wan since I upgraded to 2.1.4 and I think it has to do with apinger failing and dropping connections that are perfectly valid, while also continuously saying that the gateway that is down is actually up.
I'd initially thought that squid was at fault, but I completely removed squid and still had the issue, so I shut down the failover interface and suddenly everything works again. Moved the two connections to an old router and it seems to be working fine now, though its much slower than having the connections directly connected to the pfsense box.
-
Liath, no I don't have multiple WAN interface on pfsense, I have attached some screen prints and my network setup.
Basically, I connect via wireless router for LAN access, DHCP is set on pfsense firewall, so I get IP in range of 192.168.0.X.
Could this be an issue that I'm connecting via wireless router though its just used as LAN connection?
Thanks
 -
anymore to add before I give up on this?
Thanks
-
@KOM:
Squid3-dev in pfSense 2.1.x is fragile and I would not recommend using it unless you have both time on your hands and a masochistic streak. Perhaps look at it in pfSense 2.2-ALPHA.
What is fragile about it?
I Must be mayor masochist then, runs fine here. (before the 2.1.5 update Squid3-dev was running no problems for 51 days)At least I was (am) trying to help zaf.
@zaf are you double NAT-ting? (double NAT is bad!)
I don't get it? Does the wireless come from your ISP with a private address?I suggest google double NAT.
Try and resolve that issue first then try squid again, even the squid2 you where trying would work fine then. -
@zaf are you double NAT-ting? (double NAT is bad!)
I don't get it? Does the wireless come from your ISP with a private address?Tikimotel, the wireless router is mine used for wireless access.
when you say double NAT, do you mean I have LAN interface on pfsense (DHCP) and WAN interface of Pfsense to wireless router (DHCP) and wireless router to Virgin Media broadband router.
Then the answer is probably yes.
I use wireless router for wireless connections but the clients get IP from the Pfsense DHCP!
Thanks
-
@zaf:
@zaf are you double NAT-ting? (double NAT is bad!)
I don't get it? Does the wireless come from your ISP with a private address?Tikimotel, the wireless router is mine used for wireless access.
when you say double NAT, do you mean I have LAN interface on pfsense (DHCP) and WAN interface of Pfsense to wireless router (DHCP) and wireless router to Virgin Media broadband router.
Then the answer is probably yes.
I use wireless router for wireless connections but the clients get IP from the Pfsense DHCP!
Thanks
If you are able to get your Internet Provider to provide a "Bridged Mode" setting in the Modem, this will eliminate the Double NAT issue.
Your Modem is getting the Real Internet Address instead of pfSense getting the real address.
-
The issue with double NAT is that the translation can only happen once.
So the first NAT can translate the private address and corresponding internet connection fine, but the second NAT can only translate the private address to another private address and basically does nothing.
I'm no expert at this, but the pfsense box should handle the real internet adress.
I've setup all my wireless stuff using an wireless router as a access point.ISP –> pfSense box --> wired device(s) incl. wireless router
Configure wireless router as an access point, other devices should point to pfSense to get DHCP address information (so wireless devices are routed to the pfSense box by the access point automatically).
Safety Tip! You need to make sure only wired devices are allowed to change the wireless router configuration.
-
ok Thanks, give me till weekend and I will change it around and connect pfsense direct to the ISP modem etc..
Thanks
-
Zaf, you should read up the manual of the wireless router if it supports the function or role as an "access point".
With my equipment it was a option under "operating mode", then I simply choose "access point" and I was done.
Your mileage may vary.Please post again if you have issues setting up the access point, or anything. I will try to help you out.
-
Thanks Tikimotel, my wireless router is TP-LINK WR1043ND, I will have a look and see If the option for access point is supported.
Thanks
-
I looked up the router info.
This looks interesting:
http://www.justanswer.com/computer-networking/817le-trying-set-tp-link-tl-wr1043nd-access-point.html -
what about flashing it with this firmware?
http://joeyiodice.com/converting-tp-link-tl-wr1043nd-to-dd-wrt/
