Limiter blocks internet access (Squid transparent proxy)
-
Hi guys,
so Limiter + Transparent Squid…is it really workable? or they dont just mix...
I'm trying to share bandwidth evenly on LAN as demonstrated by "foxale08" in the post I've linked above and at the same time use squid for caching purposes given my very limited bandwidth.Kindly advice...
-
I can fully confirm the same issue. Once the squid process is stopped, the limiter works again.
Will be testing with DansGuardian later today to see if I have the same issue. If not, looks like I might need to switch my content filtering utility.
~Shu
Edit: Blah - Dunno why I mentioned DG. That's a filter - the issue is with the proxy service itself….
-
Atleast now I'm not the only one experiencing this, Shuon kindly let me know of any developments.
-
I don't think there is anything I/you/we can do about the compatibility issue. I can get the limiter to work by simply changing the squid binding to the loopback, without disabling it. This tells me there is some sort of binding issue with how squid works now and the limiter feature of pfSense. Something is getting goofed in the stack.
For now, I'll likely use the captive portal to perform some bandwidth limiting. If I had a spare machine, I would setup a second instance of pfSense - one as a UTM and the other as the limiter.
All I can think of doing is putting in a report with the Squid devs to see if they are aware of the issue. Seems this issue is specific to Squid3, also. I don't recall having it with the prior version of Squid.
Maybe if I get some time I'll work on testing the older version of Squid/squidguard and the limiter. I'll let you know the results.
-
Good News! I've got it working!
Bad News? I had to roll-back to pfSense 2.5.1. On this version, I'm able to use squid + traffic shaping to limit bandwidth. -
Good News! I've got it working!
Bad News? I had to roll-back to pfSense 2.5.1. On this version, I'm able to use squid + traffic shaping to limit bandwidth.sounds promising, I don't think its a problem for me to use and old version since I'm not using pfsense for alot of things, only the traffic shaper and squid. I'm curious tho', are you using squid in transparent mode? also I only tried with squid3 will try with squid stable version and report results.
update:
I've tried squid stable version but its still not working for me, I still can't use squid with the Limiter, I disabled squid transparent mode and I could access internet without proxy settings on browser but squid wasnt caching anything. I really would like this to work for me even if with an older version of pfsense that's why I would like to know if in your case squid is in transparent mode or what you are using squid for. -
Yup, squid is in transparent mode. I'm using a fresh/clean install of 2.5.1. It could also be an issue with your configuration. If you were in messing with some of the settings, that could also be messing with ya right now.
Here is the general setup/what I have running right now. Very basic, since it is a clean install, but it works. I might try to do a clean/fresh install to 2.2.1 (rather than the upgrade) and see if that makes any difference. I'd rather be running the latest/greatest of pfSense rather than an older version, simply due to bug / security fixes.
https://www.walj.us/rand/pfs/pfsense-squid-limiter.cfm
-
Thanks Shuon, this is very helpful. I'm suspecting I have something wrong with the firewall rule, I have a very simple limiter and squid setup, will do everything afresh and see.
Update:
I can confirm that squid + limiter works on 2.5.1, I couldn't get it working on 2.2 & 2.2.1…guess I'm going to stick with 2.5.1 for a while atleast until someones confirms this setup works with any newer version of pf.Thanks alot Shuon
-
I having same issue here.
2.2.1 i cant limit with squid
A old 2.1.5 runs perfectly.
Anyone more had this issue?
-
Known issue, nothing new here.
-
Known issue, nothing new here.
Hello is there any temp work around? I really need this.
Thanks -
No.
-
doktornotor , Please Share the reason , why it is working on 2.1 and not in 2.2 . I'm using squid 2.7.9 with pfsense 2.2.1 and facing the same issue.
-
Because it's broken. SIGDUH! If the devs knew what's broken where, they'd fix it.
-
Thank You doktornotor,
I want to restrict Bandwidth and At the same time URL filtering for LAN users .
-
Well then stick with 2.1.5 until fixed.
-
Just a thought…. in 2.2.x they introduced Unbound as the default resolver.
Could it be related to that?
If changing DNS forwarder to the former one also available in the GUI, will it work??
-
Hmmm? Not really sure how's this related to unbound, or even any resolver at all? When I put limiters on a NAT firewall rule, the traffic stop flowing. As simple as that.
-
I have same problem.
Firstly i am sorry for my english.
I install squid+transparent mode. Filter active and everything works good.
When i do limiter activate, then i cant internet access.In proxy server, disable transparent mode; then internet can access and works fine limiter. But filter doesnt works.
What is problem and what can i do?
Help pls. Regard. -