Proxy causing time outs.
-
Ill give that a try.
I know i can backup DHCP settings etc etc but what would i select to backup usernames and password for my isp etc. In my mind it will make life a little faster when ive got time to reinstall.
-
Do a backup via Diagnostics - Backup/Restore, but set it to not backup packages. Your pfSense settings will be saved but the package details will be lost. That allows you to really start fresh but not have to reconfigure the basics.
-
I have just wiped and started again. Bootable USB FTW!!
All I have done is restore settings (for DHCP etc), go to squid3 in the packages, installed it, enabled it in transparent mode, checked if squid was running with top and timeout :-( .
EDIT : However i have noticed the same site as before are still working with the proxy cache.
-
I don't know if transparent mode is yet working on squid3. Some others have been complaining it's broken.
-
I can try squi 3 in standard mode and see if it works (Slandered mode for me is It required username and password).
Will i need to set a user-name and password for each user or computer?
-
??? You don't need to specify a username and password in standard mode. You do, however, need to either manually configure the client to use the proxy, or implement WPAD so the client can find it automatically. Transparent mode is convenient but useless for HTTPS, which is the way everything is going these days.
-
Will WPAD work for all OS's? So it will autocratically detect for Linux, Mac, Andriod?
& would the settings return to default (ie no proxy etc) when the device leaves etc.
I am also looking at the captive portal which will help security as well.
I am testing the proxy with a Ubuntu VM before I block port 80 and redirect everything to the proxy.
-
Is there another way to do this without a need a for a username and password?I think i have found it. On the proxy setting I have set the authentication method to none in the Proxy server - Authentication.
On my test VM (Ubuntu Mate 15.04. Kill two birds with one Stone. Test Ubuntu MATE 15.04 and test the proxy. LOL.) I have set the gateway ip and squid port, And it seems to be working. The increased speed on web pages is noticeable.
WPAD i think is needed.
-
Will WPAD work for all OS's? So it will autocratically detect for Linux, Mac, Andriod?
Windows, Mac, Linux - yes. Android - no.
& would the settings return to default (ie no proxy etc) when the device leaves etc.
Yes.
-
Brilliant, I will look into that.
All of the Android devices that connect to the network are known / allowed. So i do not see any reason i cant leave port 80 open to a static ip range (Unless i want to filter them. Then ill have to think of something.).
The proxy was working for about half (test VM) and then it was timing out again. So i am currently going through the process of diagnosing it again.
I did test the captive portal again and i love the idea of it and i am planning to use it in a different case if & when i need it. For what i need at the moment it is not necessary.
-
Autodetection of web proxies has been around for at least a decade. That's what that Automatically detect settings checkbox does in Windows' Control Panel - Internet Options - LAN Settings - Automatic configuration. I've seen a bug report filed against Android to get Google to add WPAD support but it hasn't happened yet. I don't know about iPhone.
-
Can I make a firewall rule to redirect traffic from port 80 / 8080 to the proxy port (Default 3128)? This should then start filtering for all devices such as Android, iOS etc.
So far I am loving SquidGaurd and have started restricting access to my needs. I am half tempted to make a group for my server's and tighten security a little (Block everything and allow domain's that I want such as pfsense.org, ubuntu.com etc etc).
-
Can I make a firewall rule to redirect traffic from port 80 / 8080 to the proxy port (Default 3128)? This should then start filtering for all devices such as Android, iOS etc.
That's essentially what Transparent Proxy does. You're still going to have Man in the Middle warnings on all HTTPS sites if you do that. Leave it up to the user to manually config the proxy settings if his device doesn't support auto-detection.
-
Ok in that case ill take a look at implementing WPAD soon. I might end up doing it when no one is online to make life a little peaceful.
Is there a plan to add WPAD into the WebUI (Config etc).
How would I redirect traffic to work with the proxy. Its something ive never tried before and i would like to give it a try and learn what it does etc first hand.
-
-
Right WPAD seems to be working for Windows only. So what i have decided to do is manually add the proxy on static PC's and devices and ill continue to find a good way to make a transparent proxy working.
I have considered a second PC just for the proxy but ive not worked out the most efficient way of setting it up.
-
Should work fine on Windows, Mac and Linux clients. Only mobile seems to still be an issue.
