Portforward windows squid

  • Hello,
    I’m using Pfsense 1.2.2  to lets you provide restricted internet access to guests via captive portal.
    I need manage access (acl, blacklist etc) from my SquidNT under Windows (I can’t use a linux squid).
    I have tried looking the answer with google and here, but …
    I need some help



    Addresses used SquidNT (Windows Server) RAS (Microsoft IAS) DC (Domain Controller-Active Directory)) AP (Wireless Access Point)
    192.168.10.X/24 Guests (WAN) & (LAN) Pfsense (Captive Portal)


    Network diagram

    SquidNT        RAS            DC
    |              |              |

    I try to implement a policy based routing rule that redirect all trafic from Lan  (80 ) to my squidNT (3128) by create a portforward at interface Lan

    But SquidNT (isn’t running in transparent mode) return an error : Invalid request.

    Invalid request
    some aspect of the HTTP request is invalid. Possible Problems:
    -Missing or unknown request method
    -missing url
    -missing http identifier (http/1.0)
    -content-length missing for POST or PUT request
    -illegal character in hostname; underscores are not allowed

    Entry in access.log :

    1202027164.370 2 TCP_DENIED/400 2028 GET error:invalid-request - NONE/- text/html

    It’s a problem with my policy or squid must run in transparent mode?

    So, I have tried using transparent proxy from pfsense and cache_peer parent to my squidNT (it can’t run transparent mode)
    I add in  squid.conf (pfsense) :

    Cache_peer IP_fromMySquidNT parent 3128 7 no-query proxy-only login=loginuser:passworduser
    Never_direct allow all

    But I’ve a different error from access to my squidNT ( ntlm auth or LDAP) : access cache denied.

    The requested URL could not be retrieved


    While trying to retrieve the URL: http://2007.fr.msn.com/ArticleView.aspx?

    The following error was encountered:

    Access Denied.
    Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
    Your cache administrator is root.

    I can’t login at this state (not ntlm box etc)

    Is this possible, and if so how do I accomplish it?


    PS: I don't think that pfsense problem.
    I'm not an expert with policy rule

Log in to reply