Pfsense squid not redirecting 80 to 3128 in transperant mode

hafte

Hi all,

Plase help me with this problem.
I have using pfsense squid but it stops redirecting 80 to 3128 in transperant mode.
I have tried reinstall all packages but without success.

I have the following configuration:
WAN (ext internet)- LAN1 (vlan 192.168.0.1), LAN2 (vlan 192.168.1.1), LAN3 (vlan 192.168.2.1)

How to manual create a rule to forward traffic from all LAN networks to proxy. It seems that pfsense not create it automaticaly.

Thanks

danswartz

what are you configuring squid to do?  are you selecting all 3 of the LAN interfaces for the transparent mode?

hafte

Yes all 3 of the LAN interfaces are selected in proxy interface and the transparent mode is checked.

After this problem the config was the same and worked.
I also tried to use proxy enabled only on LAN but the result is the same. Not redirecting.
If i manually select settings (proxy IP, and port) in browser it works with proxy and lightsquid without problems.

I cannot stop the machine for reinstallation of pfsense because there are ~200 user that using it all the time. Now it works without proxy and file type restrictions :-(

hafte

Anyone ???

mhab12

Make sure your webGUI is set to a port other an 80 - try HTTPS/443.

hafte

webGUI is set to a port 8080.  :-(

here is my squid.conf

Do not edit manually !

http_port 192.168.0.1:3128
http_port 192.168.1.1:3128
http_port 192.168.2.1:3128
http_port 127.0.0.1:80 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/Bulgarian
icon_directory /usr/local/etc/squid/icons
visible_hostname firewall.redcross.bg
cache_mgr admin@redcross.bg
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
logfile_rotate 30
shutdown_lifetime 3 seconds
uri_whitespace strip

cache_mem 256 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /var/squid/cache 100000 32 256
minimum_object_size 0 KB
maximum_object_size 512000 KB
offline_mode off
cache_swap_low 80
cache_swap_high 90

No redirector configured

Setup some default acls

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 8080 3128 1025-65535
acl sslports port 443 563 8080
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
acl unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl"
acl banned_hosts src "/var/squid/acl/banned_hosts.acl"
acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
cache deny dynamic
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections

http_access allow localhost

quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
reply_body_max_size 0 allow all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all

These hosts are banned

http_access deny banned_hosts

These hosts do not have any restrictions

http_access allow unrestricted_hosts

Block access to blacklist domains

http_access deny blacklist

Default block all to be sure

http_access deny all

mhab12

The redirect rules are not in squid.conf, they are located here…
/usr/local/pkg/squid.inc

hafte

The problem is solved :-)
I reinstalled pfsense and restored backup config.

Everything not works perfect.

Thanks for support