Squid non-functional in transparent mode in 2.3 and 2.3.1
-
I haven't try with using "Alias" yet. But previously I put domain name in the line and it's kind of feeling like an universal "*" which accept everything as bypass from transparent proxy.
Temporally I remove the entire line.
-
By pass proxy , it is mean don't use proxy,
but we want to use proxy with transparent mode. -
I first think if it's my own problem - the transparent proxy function suddenly failed after the 2.3 upgrade.
The solution mentioned here did not help the problem, but it's still good to find this thread.
Though the problems remains there, I can save some time not to further dig into my setting…
-
I can only get the transparent proxy to work on the interface designated as lan.
It will not work on opt designated interfaces. The result is pages not loading.
-
Soooooooo. I am guessing this glitch never was resolved. Is anyone from pfsense working on this? Wish I never updated, transparent proxy was the whole reason I use a firewall.
-
Soooooooo. I am guessing this glitch never was resolved. Is anyone from pfsense working on this?
No, because it works fine.
Post specifics of your config, what your firewall states look like when transparent proxy is enabled (filter on 127.0.0.1 under Diag>States), and squid logs.
-
Have the same problem here: when transparent proxy is enabled, it seems no redirect/forward is created.
-
I'm also running into a problem with the transparent proxy. As far as I can tell, it only happens when I have the limiters enabled- disabling the limiters fixes the problem. Are those two features inherently incompatible?
I saw the thread aminli pointed to that has a youtube video, but I have no idea what is going on in that video so I'm reluctant to try it.
-
I'm also running into a problem with the transparent proxy. As far as I can tell, it only happens when I have the limiters enabled- disabling the limiters fixes the problem. Are those two features inherently incompatible?
Yes, as NAT and limiters are incompatible, and transparent proxy is NAT on LAN. https://redmine.pfsense.org/issues/4326
-
@cmb:
I'm also running into a problem with the transparent proxy. As far as I can tell, it only happens when I have the limiters enabled- disabling the limiters fixes the problem. Are those two features inherently incompatible?
Yes, as NAT and limiters are incompatible, and transparent proxy is NAT on LAN. https://redmine.pfsense.org/issues/4326
Thanks. I'm a bit confused, though- is this a bug in pfsense/FreeBSD that has a chance of being fixed, or is this an architectural limitation because they both use NAT? Do you see any major problems with gmar15's workaround?
As a side note, I noticed that recently-viewed websites still work after enabling both limiters and squid's transparent proxy. Any idea why those still work? Existing connections that bypass the proxy?
-
@cmb:
Soooooooo. I am guessing this glitch never was resolved. Is anyone from pfsense working on this?
No, because it works fine.
Post specifics of your config, what your firewall states look like when transparent proxy is enabled (filter on 127.0.0.1 under Diag>States), and squid logs.
Hi CMB,
Could you please take a look at https://forum.pfsense.org/index.php?topic=87577.0 as your knowledge of how to make the transparent proxy work may help solve this long standing issue that appears to affect only i386 users.
Thanks,
Steve
-
squid makes an infinite loop. I fix this by adding this to iptable.
no rdr on em1 inet proto tcp from 127.0.0.0/8 to any port = 3128 -
If any record exists for "Bypass Proxy for These Source IPs", transparent proxy does not work for me.
If "Bypass Proxy for These Source IPs" is empty, transparent proxy works just fine. -
I too am getting web pages that do not load up with the Transparent Proxy box checked. If this is not a bug issue, is there detailed guide regarding how to set up the Pfsense proxy server?
As the instructions presented here do not appear to valid in order to get a functional proxy server up and running:
https://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy -
Use captive portal for liiter that solve. or transfer to the floating.
-
I too have upgraded to pfSense 2.3 and the transparent proxy does not work. The Diagnostics > States page shows a lot of CLOSED:SYN_SENT states with packets and bytes only sent, zero received, during a webpage load attempts.
Related log entries (the "Real Time" tab) shows nothing.
pfSense 2.3.2_1, Squid 0.4.23_1
-
If any record exists for "Bypass Proxy for These Source IPs", transparent proxy does not work for me.
If "Bypass Proxy for These Source IPs" is empty, transparent proxy works just fine.How Can i Add this to pfsense iptable
-
I'm having the same problem, not sure whether I should better start a new thread.
My Squid should be set to logging all connections as a transparent proxy. I do not want to decrypt SSL, but I do want the hostname to show up in the logs. This works perfectly fine, until I try to add a domain/IP in "Bypass Proxy for These Destination IPs". As mentioned before, setting an IP and a domain (see screenshot) seems to function like a wildcard, and no traffic is logged anymore.
Full settings page: see attachment. The only difference between a working Squid and a non-working Squid is the "Bypass Proxy for These Destination IPs" setting. If I clear that field, hit save, then Squid starts functioning immediately.
I am running 0.4.37.
-
Seems that when a FQDN is added which does not resolve, squid treats it as a '*'.