• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[squid] transparent proxy - don't proxy a specific client?

Scheduled Pinned Locked Moved pfSense Packages
2 Posts 1 Posters 2.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    vrillusions
    last edited by Jul 27, 2008, 12:14 AM

    Since I've got metal gear solid 4 I've been stressing out what the extras menu didn't load.  After doing some packet captures I found out squid, which is running in transparent proxy mode, was throwing an error.  Basically it was giving the "URL can not be retrieved" message that apparently wasn't what the game was expecting, so it was immediately giving an error.  I disabled the transparent proxy and sure enough I now get an error from the game saying it can't connect to server (it's been known their servers have been flakey).  So long story short, I want to whitelist the PS3's ip from being proxied while still doing the transparent proxy for everyone else.

    I tried adding the following options to the "custom options" in proxy server:

    acl ps3 src 192.168.0.105/32; http_access deny ps3
    

    That didn't work.  I then changed http_access to cache and still didn't work.  Any other ideas or is it just an all or nothing type thing?

    1 Reply Last reply Reply Quote 0
    • V
      vrillusions
      last edited by Jul 27, 2008, 12:22 AM

      Guess I was too quick to post, but this may help others anyway.  First you need to uncheck "Allow users on interface" which automatically creates an allow for all clients in local network.  Since you want to deny an ip you need to put the deny before the allow, which doesn't happen automatically.  In the custom section add the following (where 192.168.0.0 is your own local network).

      acl ps3 src 192.168.0.105/32;
      acl localnet src 192.168.0.0/24;
      http_access deny ps3;
      http_access allow localnet
      

      Again, the order of the http_access lines are important.  Now the "ps3" acl won't get proxied.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received