Pfsense and squid - problem with internal address with ports


  • Hi all!
    I've installed pfsense 1.2.2 with squid 2.6.21_10 package and i have some problem with my configuration.

    The browser under proxy go in internet without problem, but when i try to access at some internal address (ex: http://192.168.1.12:81/) i receive an "Access Denied" page .

    What configuration i must touch?

    Thanks and sorry for my english.
    Ciao,
    andrea


  • what are you trying to do by going to that address/port?


  • I have same website internal use in local machine and the webserver on this machine going on the port 81.

    If the browser use the proxy and i try local address with port(i don't know if work with external address) they return this error:

    ERROR
    The requested URL could not be retrieved

    –------------------------------------------------------------------------------

    While trying to retrieve the URL: http://192.168.1.8:81/

    The following error was encountered:

    •Access Denied.
    Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

    I have the same problem with address www.mylocalwebsite.com:81 (the dns forward seem ok)
    If i try without proxy they work correctly.

    Thanks for answer!!
    andrea


  • Per raggiungere quell'URL devi editare il file usr/local/pkg/squid.inc e aggiungere la porta 81 in coda alle safeports.
    Salvi e riavvia squid, dovrebbe funzionare.

    Setup some default acls

    acl all src 0.0.0.0/0.0.0.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 $webgui_port $port 1025-65535
    acl sslports port 443 563 $webgui_port
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    acl dynamic urlpath_regex cgi-bin ?


  • add this to your custom configuration.

    acl safeports port 81;
    

    if won't work..
    then hack your squid.inc and add port 81 to safeports that would look like this.

    acl safeports port 21 70 80 81 210 280 443 488 563 591 631 777 901  3128 1025-65535
    

  • Grazie 1000, funziona benissimo, mi avete tolto entrambi un bel grattacapo!

    i've used -acl safeports port 81;- in webadmin.

    Thanks at both!!

    A buon rendere! olè!