SQUID in Transparent Mode



  • Hi all

    First of all I want to say that I was looking for an answer for many hours.
    But I don’t find any information why this is (technically) not possible.

    If I configure SQUID as a “normal” proxy and push the proxy settings using a proxy.pac file, I’m able to open website on all Ports which are defined in the ACL SafePorts list. For example:
    80
    443
    8080
    every port over 1024

    I’m using this service for my test:
    portquiz.net: <port_to_test>If I configure SQUID as a transparent proxy, why is it not possible to proxy more than one port? I can only open connections which are going to port 80.

    In other words.
    I can only open websites which are running on port 80. If a website is running on a different port, it is not possible to open it.

    Thank you very very much for a helpful answer.

    Regards,
    Asan</port_to_test>



  • because this is the way transparent proxy work.
    If you want to use other (HTTP, not HTTPS) ports, then you have configure forward so that pfSense redirects these ports to Squid.

    HTTPS can't be proxied transparently unless you configure SSL-Bump (man in the middle)



  • Hi Chris

    Thank you very much for your answer. What is Squid configuring in background if I enable transparent mode?
    Do I need to configure pfSense as follows, if I want, for example, forward traffic to port 5555 transparently to Squid?

    INSIDE Interface: Source of Traffic
    192.168.10.10: IP Address of the interface on which Squid is listening
    3128: Squid port

    Thank you
    asan

    ![Screen Shot 2016-08-23 at 19.50.52.png](/public/imported_attachments/1/Screen Shot 2016-08-23 at 19.50.52.png)
    ![Screen Shot 2016-08-23 at 19.50.52.png_thumb](/public/imported_attachments/1/Screen Shot 2016-08-23 at 19.50.52.png_thumb)


Log in to reply