• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

SQUID proxy is not creating NAT rules and forwarding to port 3128

Scheduled Pinned Locked Moved Cache/Proxy
5 Posts 3 Posters 2.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cewjr9842
    last edited by May 4, 2017, 7:14 PM

    Having issues with getting squid proxy to work.
    I installed it from the packages and set it up correctly, but it will not create the NAT rule to allow traffic to be forwarded from 80 to 3128.  when I check the cache logs i get this below

    I Dont see any of the NAT rules for SQUID. I do see the service is active but its not working as it should or showing cache logs. Any suggestions?
    2017-05-03_11-15-09.jpg
    2017-05-03_11-15-09.jpg_thumb

    1 Reply Last reply Reply Quote 0
    • D
      doktornotor Banned
      last edited by May 4, 2017, 7:46 PM

      You don't see any NAT rules in top output? Shocking…

      https://www.freebsd.org/cgi/man.cgi?top(1)

      Top displays the top processes on the system and periodically updates this  information.

      Sigh.

      https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L2094

      1 Reply Last reply Reply Quote 0
      • C
        cewjr9842
        last edited by May 5, 2017, 1:40 PM

        I know right. DO This is what i see in my WAN and LAN Rules? DO you have a shot of what it should look like?

        wan.jpg
        wan.jpg_thumb
        lan.jpg
        lan.jpg_thumb

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by May 5, 2017, 2:00 PM

          You don't. Read /tmp/rules.debug to see the complete ruleset. None of the package-created or default pfSense rules are shown in the GUI.

          1 Reply Last reply Reply Quote 0
          • N
            neilgreene
            last edited by May 7, 2017, 11:23 AM

            Having the same problem with proxy not working on HTTP but HTTPS working since it is not setup for transparent proxy yet.

            Running pfSense 5.6.5 2.3.5-DEVELOPMENT.
            Setup SQUID with Transparent Proxy.

            em0 wan
            em1 lan, vlan10, vlan11, vlan12, vlan99, vlan100

            I can see that ALL HTTP traffic is getting blocked.  Of course, websites with HTTPS are passing through the Transparent Proxy.
            My understanding is that pfs would make all necessary firewall rules and/or NAT translations to pass port 80 requests over to 3128.

            If I look at /tmp/rules.debug I see port 80 rules redirect to 3128 on the loopback interface.

            Setup Squid proxy redirect

            rdr pass on em1_vlan11 proto tcp from any to !(em1_vlan11) port 80 -> 127.0.0.1 port 3128
            rdr pass on em1_vlan10 proto tcp from any to !(em1_vlan10) port 80 -> 127.0.0.1 port 3128
            rdr pass on em1_vlan12 proto tcp from any to !(em1_vlan12) port 80 -> 127.0.0.1 port 3128
            rdr pass on em1_vlan100 proto tcp from any to !(em1_vlan100) port 80 -> 127.0.0.1 port 3128
            rdr pass on em1_vlan99 proto tcp from any to !(em1_vlan99) port 80 -> 127.0.0.1 port 3128

            BUT FIREWALL log shows ALL port 80 requests getting blocked.

            HINTS.  Mainly wondering what would not be setup since it is supposed to create the necessary rules and I understand some rules are HIDDEN.

            Ng

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received