WPAD vs firewall rule

Kalle13

Hello folks,

this time my interest lies on WPAD.
I want to use Squid with Dansguardian but Squid don't goes into "transparent mode"  due to a bug (PFsense in 2.2.6). Now I have to evade to WPAD.
Now my question:
Why do I have to do the hokus-pokus work with WPAD when there are firewall rules? Why not simply create rules to direct all the traffic to the proxy port? Is not the same as to say to the browser:"Hi there, here is the IP und the port of the proxy!"?

Do I make an error in reasoning?

Best regards
Kalle

cmb

No reason you can't do transparent proxy. That works fine. Transparent proxy is just automatically added redirect rules (port forwards) to send the traffic to the proxy.

NOYB

ProxyCap
http://www.proxycap.com/

I've sometimes used this to get direct my client traffic around company preferences and proxies.

Kalle13

Hi guys,

thanks for your reply.

No reason you can't do transparent proxy. That works fine. Transparent proxy is just automatically added redirect rules (port forwards) to send the traffic to the proxy.

The option is not functioning in Squid and you mean that this option only creates a rule to redirect he traffic?
So if I create this rule by my self this will work? :)

ProxyCap
http://www.proxycap.com/

Thank you. The link looks just promising. I will have look at it.

edit
ProxyCap is a cool solution! :) Because it can also handle https which Squid in transparrent mode normally it won't work. But unfortunately only for Windows and Mac. Is there anything out there for Linux compared to this?

Best regards
Kalle

NOYB

@Kalle13:

ProxyCap is a cool solution! :) Because it can also handle https which Squid in transparrent mode normally it won't work. But unfortunately only for Windows and Mac. Is there anything out there for Linux compared to this?

Perhaps create some IP tables rules?

Also you might post the question to ProxyCap support and see if they have any suggestions.

cmb

The option works fine in Squid, just need to enable it.

If you're using limiters on LAN, the issue with limiters and NAT will break the transparent redirect. Add a rule to allow traffic to destination 127.0.0.1 port 3128 (or whatever port you're running Squid on) with no limiter to work around that. Doesn't make much sense to limit traffic to the proxy anyway since that'll limit cache speed, define bandwidth limits in Squid for that if you want.

Kalle13

Hello,

thank you for your answer.

If you're using limiters on LAN, the issue with limiters and NAT will break the transparent redirect.

I'm not using any limiters but I'm using NAT. So  you mean that I need only a rule that says: any from any to any 127.0.0.1 Port 3128?

Regards
Kalle

killmasta93

no need for that rule if  your not using limiter, limiter you need that rule for transparent proxy to work BUT even with that limiter will break nat reflection unfortunately