Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Portforward windows squid

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Pec
      last edited by

      Hello,
      I’m using Pfsense 1.2.2  to lets you provide restricted internet access to guests via captive portal.
      I need manage access (acl, blacklist etc) from my SquidNT under Windows (I can’t use a linux squid).
      I have tried looking the answer with google and here, but …
      I need some help

      |–-------------

      Implementation

      Addresses used
      172.16.10.92/16 SquidNT (Windows Server)
      172.16.10.162/16 RAS (Microsoft IAS)
      172.16.10.15/16 DC (Domain Controller-Active Directory))
      192.168.10.254/24 AP (Wireless Access Point)
      192.168.10.X/24 Guests
      172.16.10.110/16 (WAN) & 192.168.10.1/24 (LAN) Pfsense (Captive Portal)

      -------------

      Network diagram

      Internet
      |
      |
      SquidNT        RAS            DC
      |              |              |
      -------------SWITCH------------
                      |
                    PFSENSE
                      |     
                    AP
                    |
                    Guests

      I try to implement a policy based routing rule that redirect all trafic from Lan  (80 ) to my squidNT (3128) by create a portforward at interface Lan

      But SquidNT (isn’t running in transparent mode) return an error : Invalid request.

      Invalid request
      some aspect of the HTTP request is invalid. Possible Problems:
      -Missing or unknown request method
      -missing url
      -missing http identifier (http/1.0)
      -content-length missing for POST or PUT request
      -illegal character in hostname; underscores are not allowed

      Entry in access.log :

      1202027164.370 2 192.168.0.1 TCP_DENIED/400 2028 GET error:invalid-request - NONE/- text/html

      It’s a problem with my policy or squid must run in transparent mode?

      So, I have tried using transparent proxy from pfsense and cache_peer parent to my squidNT (it can’t run transparent mode)
      I add in  squid.conf (pfsense) :

      Cache_peer IP_fromMySquidNT parent 3128 7 no-query proxy-only login=loginuser:passworduser
      Never_direct allow all

      But I’ve a different error from access to my squidNT ( ntlm auth or LDAP) : access cache denied.

      ERROR
      The requested URL could not be retrieved

      –------------------------------------------------------------------------------

      While trying to retrieve the URL: http://2007.fr.msn.com/ArticleView.aspx?

      The following error was encountered:

      Access Denied.
      Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
      Your cache administrator is root.

      I can’t login at this state (not ntlm box etc)

      Is this possible, and if so how do I accomplish it?

      Thanks

      PS: I don't think that pfsense problem.
      I'm not an expert with policy rule

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.