Portforward windows squid
-
Hello,
I’m using Pfsense 1.2.2 to lets you provide restricted internet access to guests via captive portal.
I need manage access (acl, blacklist etc) from my SquidNT under Windows (I can’t use a linux squid).
I have tried looking the answer with google and here, but …
I need some help|–-------------
Implementation Addresses used
172.16.10.92/16 SquidNT (Windows Server)
172.16.10.162/16 RAS (Microsoft IAS)
172.16.10.15/16 DC (Domain Controller-Active Directory))
192.168.10.254/24 AP (Wireless Access Point)
192.168.10.X/24 Guests
172.16.10.110/16 (WAN) & 192.168.10.1/24 (LAN) Pfsense (Captive Portal)-------------
Network diagram Internet
|
|
SquidNT RAS DC
| | |
-------------SWITCH------------
|
PFSENSE
|
AP
|
GuestsI try to implement a policy based routing rule that redirect all trafic from Lan (80 ) to my squidNT (3128) by create a portforward at interface Lan
But SquidNT (isn’t running in transparent mode) return an error : Invalid request.
Invalid request
some aspect of the HTTP request is invalid. Possible Problems:
-Missing or unknown request method
-missing url
-missing http identifier (http/1.0)
-content-length missing for POST or PUT request
-illegal character in hostname; underscores are not allowedEntry in access.log :
1202027164.370 2 192.168.0.1 TCP_DENIED/400 2028 GET error:invalid-request - NONE/- text/html
It’s a problem with my policy or squid must run in transparent mode?
So, I have tried using transparent proxy from pfsense and cache_peer parent to my squidNT (it can’t run transparent mode)
I add in squid.conf (pfsense) :Cache_peer IP_fromMySquidNT parent 3128 7 no-query proxy-only login=loginuser:passworduser
Never_direct allow allBut I’ve a different error from access to my squidNT ( ntlm auth or LDAP) : access cache denied.
ERROR
The requested URL could not be retrieved–------------------------------------------------------------------------------
While trying to retrieve the URL: http://2007.fr.msn.com/ArticleView.aspx?
The following error was encountered:
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is root.I can’t login at this state (not ntlm box etc)
Is this possible, and if so how do I accomplish it?
Thanks
PS: I don't think that pfsense problem.
I'm not an expert with policy rule