Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Transparent Proxy and Bind Resolve Issue

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 1 Posters 650 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • perikoP
      periko
      last edited by

      Hi.

      I had setup bind as cache server on pfsense 2.4.4_p2, squid MITM.

      I start noting issues with example www.google.com, my error are:

      This site can’t provide a secure connection www.google.com sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR

      Latter I start checking others sites like ebay, amazon, etc and the same issue, firefox, iexplorer, chrome.

      If I test inside the client side like nslookup it answer all the queries.

      Running squid in none-transparent mode no issues, just with MITM.

      Using DNS resolver no issue.

      Anyone knows is this s bug or something to do?

      Thanks!!!

      Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
      www.bajaopensolutions.com
      https://www.facebook.com/BajaOpenSolutions
      Quieres aprender PfSense, visita mi canal de youtube:
      https://www.youtube.com/c/PedroMorenoBOS

      perikoP 1 Reply Last reply Reply Quote 0
      • perikoP
        periko @periko
        last edited by

        @periko I will answer my own post.

        Looks like I found the issuem, once we enable and setup bind, for some reason the file /etc/resolv.conf lost the line:

        nameserver 127.0.0.1

        Them squid read this file and for some reason the queries fall.

        Now, I have 2 paths:

        1. Add manually the localhost in the resolv.conf file in the first line.
        2. Or add as alternative dns in squid localhost 127.0.0.1

        Using any of this 2 options everything start working.

        Them bind have some daemon, because I select LAN+Localhost for listen.

        Hope some could check this which affect proxy transparent MITM.

        Thanks.

        Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
        www.bajaopensolutions.com
        https://www.facebook.com/BajaOpenSolutions
        Quieres aprender PfSense, visita mi canal de youtube:
        https://www.youtube.com/c/PedroMorenoBOS

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.