Squid customize ports
-
Hi guys ;D
I have follow some posts here about how to add new safe_ports to squid? I see that a lot of people fix this editing the file:
/usr/local/pkg/squid.inc
Is this the only way to do this with squid?
Because if i got to the web gui, adding acl to the customize window will add this new option to the end of the file "squid.conf."
Running pfsense 1.2.2. Thanks for your time people :).
-
I'm not sure I completely understand your question, but here is some info.
In pfSense, squid.conf gets rewritten at startup from squid.inc. If you manually edit squid.conf your changes will be lost when you reboot the box. If you edit squid.inc, your changes will be saved/reloaded each time you boot.
-
Hi mhab12.
U have answer my question, thanks.
Example: I want to add a new acl to port 7071 to squid, to make this possible I have to edit squid.inc not squid.conf.
This is just to confirm. Last thing, after I edit the squid.inc file, I have to reboot my pfsense box to get this changes or just a service restart?
Thanks again for your time ;D.
-
Yes, you're correct. You could edit both the squid.conf and squid.inc with your change, then you'll only need a service restart (I think). When the time comes to reboot the box anyway, your change will be become permanent. The downside of this approach is that GUI changes to the proxy settings may erase your changes until reboot.
-
mhab12 thanks for all this great info u had give to me.
Much to learn from u people.
Thanks :)
-
Customizing ports is still the same in adding ports or deleting ports in Firewall>Rules? Or this is the other way around especially when you have default rule enabled to any?
jigp
Davao City -
As discussed in another post (I did not try to find it), the squid ports and transparent redirect rules are processed BEFORE the firewall rules. Firewall rules will not block traffic from an internal interface to the Squid port you chose through the Squid GUI.
-
default pfsense package uses 127.0.0.1:80 transparent and LANIP:3128
you can always change your proxy port(3128) anyport you like at GUIbut if you wanna change the transparent proxy port edit it in /usr/local/pkg/squid.inc
look for http_port 127.0.0.1:80 transparent and it should be match at function squid_generate_rules where you can see these lines
rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80or to add another port edit /usr/local/pkg/squid.inc and look for icp_port $icp_port
so it will look like$conf .= <<<eod<br># add it here where i use port 7071 http_port 7071 icp_port $icp_port</eod<br>save then goto your proxy gui and save(this way the squid.inc will be reloaded) to confirm.
load at pfsense gui's diagnostics /usr/local/etc/squid/squid.confI think that will give you the idea
-
Thanks for the heads up :)
Good morning all :)That did the trick :)
But what is the purpose of chaning the ports squid and lan ?
jigp
Davao City
1.2.2
