4. Portforward windows squid

Portforward windows squid

  • P

    Hello,
    I’m using Pfsense 1.2.2  to lets you provide restricted internet access to guests via captive portal.
    I need manage access (acl, blacklist etc) from my SquidNT under Windows (I can’t use a linux squid).
    I have tried looking the answer with google and here, but …
    I need some help

    |–-------------

    Implementation

    Addresses used
    172.16.10.92/16 SquidNT (Windows Server)
    172.16.10.162/16 RAS (Microsoft IAS)
    172.16.10.15/16 DC (Domain Controller-Active Directory))
    192.168.10.254/24 AP (Wireless Access Point)
    192.168.10.X/24 Guests
    172.16.10.110/16 (WAN) & 192.168.10.1/24 (LAN) Pfsense (Captive Portal)

    -------------

    Network diagram

    Internet
    |
    |
    SquidNT        RAS            DC
    |              |              |
    -------------SWITCH------------
                    |
                  PFSENSE
                    |     
                  AP
                  |
                  Guests

    I try to implement a policy based routing rule that redirect all trafic from Lan  (80 ) to my squidNT (3128) by create a portforward at interface Lan

    But SquidNT (isn’t running in transparent mode) return an error : Invalid request.

    Invalid request
    some aspect of the HTTP request is invalid. Possible Problems:
    -Missing or unknown request method
    -missing url
    -missing http identifier (http/1.0)
    -content-length missing for POST or PUT request
    -illegal character in hostname; underscores are not allowed

    Entry in access.log :

    1202027164.370 2 192.168.0.1 TCP_DENIED/400 2028 GET error:invalid-request - NONE/- text/html

    It’s a problem with my policy or squid must run in transparent mode?

    So, I have tried using transparent proxy from pfsense and cache_peer parent to my squidNT (it can’t run transparent mode)
    I add in  squid.conf (pfsense) :

    Cache_peer IP_fromMySquidNT parent 3128 7 no-query proxy-only login=loginuser:passworduser
    Never_direct allow all

    But I’ve a different error from access to my squidNT ( ntlm auth or LDAP) : access cache denied.

    ERROR
    The requested URL could not be retrieved

    –------------------------------------------------------------------------------

    While trying to retrieve the URL: http://2007.fr.msn.com/ArticleView.aspx?

    The following error was encountered:

    Access Denied.
    Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
    Your cache administrator is root.

    I can’t login at this state (not ntlm box etc)

    Is this possible, and if so how do I accomplish it?

    Thanks

    PS: I don't think that pfsense problem.
    I'm not an expert with policy rule

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy