Portforward windows squid



  • Hello,
    I’m using Pfsense 1.2.2  to lets you provide restricted internet access to guests via captive portal.
    I need manage access (acl, blacklist etc) from my SquidNT under Windows (I can’t use a linux squid).
    I have tried looking the answer with google and here, but …
    I need some help

    |–-------------

    Implementation

    Addresses used
    172.16.10.92/16 SquidNT (Windows Server)
    172.16.10.162/16 RAS (Microsoft IAS)
    172.16.10.15/16 DC (Domain Controller-Active Directory))
    192.168.10.254/24 AP (Wireless Access Point)
    192.168.10.X/24 Guests
    172.16.10.110/16 (WAN) & 192.168.10.1/24 (LAN) Pfsense (Captive Portal)

    -------------

    Network diagram

    Internet
    |
    |
    SquidNT        RAS            DC
    |              |              |
    -------------SWITCH------------
                    |
                  PFSENSE
                    |     
                  AP
                  |
                  Guests

    I try to implement a policy based routing rule that redirect all trafic from Lan  (80 ) to my squidNT (3128) by create a portforward at interface Lan

    But SquidNT (isn’t running in transparent mode) return an error : Invalid request.

    Invalid request
    some aspect of the HTTP request is invalid. Possible Problems:
    -Missing or unknown request method
    -missing url
    -missing http identifier (http/1.0)
    -content-length missing for POST or PUT request
    -illegal character in hostname; underscores are not allowed

    Entry in access.log :

    1202027164.370 2 192.168.0.1 TCP_DENIED/400 2028 GET error:invalid-request - NONE/- text/html

    It’s a problem with my policy or squid must run in transparent mode?

    So, I have tried using transparent proxy from pfsense and cache_peer parent to my squidNT (it can’t run transparent mode)
    I add in  squid.conf (pfsense) :

    Cache_peer IP_fromMySquidNT parent 3128 7 no-query proxy-only login=loginuser:passworduser
    Never_direct allow all

    But I’ve a different error from access to my squidNT ( ntlm auth or LDAP) : access cache denied.

    ERROR
    The requested URL could not be retrieved

    –------------------------------------------------------------------------------

    While trying to retrieve the URL: http://2007.fr.msn.com/ArticleView.aspx?

    The following error was encountered:

    Access Denied.
    Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
    Your cache administrator is root.

    I can’t login at this state (not ntlm box etc)

    Is this possible, and if so how do I accomplish it?

    Thanks

    PS: I don't think that pfsense problem.
    I'm not an expert with policy rule


Log in to reply