Crazy to setup pfsense 2.3.3+squid+squidguard+wpad
-
Is it necessary to configure clients in the advanced configuration of tcpip DNS with the domain configured in pfsense for example localdomain.local?
?
-
Sorry for my english. This picture show you i want to say:
If i use default configuration on my windows clients i can not go out to internet.
-
I just have obtain a ip address automatically, did not need to set anything in advance TCP/IP settings.
-
It's very stranger. :-[ :-[
Please could you tell me if my lan rules and wpad.dat,wpad.da, proxy.pac are right?
[img]http://www.servyarte.com/reglaslan.jpg
PROXY.PAC
function FindProxyForURL(url, host)
{
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.255.255.0"))
return "DIRECT";
return "PROXY 10.0.0.1:3128";
}And for my vlan are right this rules, because from this vlan i cannot get wpad if i type in browsers http://wpad.localdomain.local/wpad it not solve.
-
reread the DNS firewall rule section (make the rule on top)
Interface = LAN
Protocol = TCP/UDP
Source ports = *
Dest address = *
Dest ports = 53
NAT IP = 127.0.0.1
NAT Ports = 53
Description = Redirect DNS
LAN TCP/UDP * * * 53 127.0.0.1 53 Redirect DNSno firewall rule is needed for 3128 ??? not sure on vlan
Change wpad to
PROXY.PAC
function FindProxyForURL(url, host)
{
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0"))
return "DIRECT";
return "PROXY 10.0.0.1:3128";
}Not sure on VLAN as i have never set one up.
-
Now I am testing from a vlan and I have detected that if I do not activate the third rule then from a client I can not download the http: //wpad.localdomain.local/proxy.pac, but if I activate the rule then if I can download the proxy.pac.
Also works fine if I do nslookup wpad.localdomain.local and responds:
C: \ Users \ Computers \ nslookup wpad.localdomain.local
Server: fproxy.localdomain.local
Address: 10.0.0.1Name: wpad.localdomain.local
Address: 10.0.0.1Any idea?
-
It looks like the 3rd rule blocks the vlan form connecting to the router which has the wpad.
-
Nobody knows how I can solve it?
Thanks.
-
Did you manage to get it working? I have vlans configured on my network. Like others have mentioned, if you are wanting to use wpad, then you should disable transparent proxy.
Two of my vlans are for mobile wifi and I do not pass wpad to them. It is very difficult to set up as you have to input the proxy information manually. Also some apps do not work very well with it. So these are the only two that I pass through transparent proxy. The others grab wpad because I have specified in the browser to auto detect settings.
-
Finally for the wifi interface I will not use neither squid nor wpad. What instructions did you follow to configure wpad ?. Could you show me your configuration for the vlan? Thank you
-
This is a link to a tutorial I used to set up WPAD. It is fairly straight forward. Basically you setup a web server on pfsense to server the wpad to your different vlans. I do not have any firewall rules to port 3128, only to the webserver on the specified port.
https://nguvu.org/pfsense/pfSense-WPAD-PAC-proxy-configuration-guide/
Here is what my wpad.da/proxy.pac looks like:
function FindProxyForURL(url,host) { if(dnsDomainIs(host, ".mydomain.com")) { return "DIRECT"; } else if (isInNet(myIpAddress(),"10.0.0.0","255.255.255.0")) { // Admin Net return "PROXY 10.0.0.1:3128; DIRECT"; } else if (isInNet(myIpAddress(),"10.0.2.0","255.255.255.0")) { // User Net return "PROXY 10.0.2.1:3128; DIRECT"; } else if (isInNet(myIpAddress(),"10.0.3.0","255.255.255.0")) { //Guest Net return "PROXY 10.0.3.1:3128"; } else { return "DIRECT"; } }Under Services -> Squid Proxy Server, make sure Enable Squid Proxy is checked, also make sure that the vlans you want to use the proxy are selected. The proxy port should be 3128.
-
-
-
Did you tried wpad Unofficial package? I guess it's much easier to setup then manual file changes.
-
I tried several weeks ago. But i don't know what step is wrong or missing for me if you have in mind that i use vlans and i forcé pfsense is DNS server and proxy.
-
I tried several weeks ago. But i don't know what step is wrong or missing for me if you have in mind that i use vlans and i forcé pfsense is DNS server and proxy.
The package will work fine for this setup. You can create different wpad script for each interface.
-
So I guess I'll have to change my settings right now as follows:
Customer 1 on vlan102
Ip 10.0.102.2/24
Gateway: 10.0.102.1
DNS: 10.0.102.1Customer 2 in vlan103
Ip 10.0.103.2/24
Gateway: 10.0.103.1
DNS: 10.0.103.1The DNS should be for example the ip of the LAN 10.0.0.1 if I am not mistaken.
And I set up in PFSENSE the rules for DNS requests to redirect them to the LAN and allow HTTP traffic to the LAN that is going to serve the WPAD.
I'm right?Thanks.
-
Hello again.
Finally I installed the Unofficial wpad and I configured the dns resolver, but I can not get the wpad file. Probably because of my rules. If I write the url in a client http: //wpad.mydomain.local/proxy.pac
Is not able to download it. nslookup command Works fine and i get ip address of the lan.
From a vlan these are my rules.What is wrong with them?
