Pfsense squid not redirecting 80 to 3128 in transperant mode



  • Hi all,

    Plase help me with this problem.
    I have using pfsense squid but it stops redirecting 80 to 3128 in transperant mode.
    I have tried reinstall all packages but without success.

    I have the following configuration:
    WAN (ext internet)- LAN1 (vlan 192.168.0.1), LAN2 (vlan 192.168.1.1), LAN3 (vlan 192.168.2.1)

    How to manual create a rule to forward traffic from all LAN networks to proxy. It seems that pfsense not create it automaticaly.

    Thanks



  • what are you configuring squid to do?  are you selecting all 3 of the LAN interfaces for the transparent mode?



  • Yes all 3 of the LAN interfaces are selected in proxy interface and the transparent mode is checked.

    After this problem the config was the same and worked.
    I also tried to use proxy enabled only on LAN but the result is the same. Not redirecting.
    If i manually select settings (proxy IP, and port) in browser it works with proxy and lightsquid without problems.

    I cannot stop the machine for reinstallation of pfsense because there are ~200 user that using it all the time. Now it works without proxy and file type restrictions :-(



  • Anyone ???



  • Make sure your webGUI is set to a port other an 80 - try HTTPS/443.



  • webGUI is set to a port 8080.  :-(

    here is my squid.conf

    Do not edit manually !

    http_port 192.168.0.1:3128
    http_port 192.168.1.1:3128
    http_port 192.168.2.1:3128
    http_port 127.0.0.1:80 transparent
    icp_port 0

    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_directory /usr/local/etc/squid/errors/Bulgarian
    icon_directory /usr/local/etc/squid/icons
    visible_hostname firewall.redcross.bg
    cache_mgr admin@redcross.bg
    access_log /var/squid/log/access.log
    cache_log /var/squid/log/cache.log
    cache_store_log none
    logfile_rotate 30
    shutdown_lifetime 3 seconds
    uri_whitespace strip

    cache_mem 256 MB
    maximum_object_size_in_memory 32 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir aufs /var/squid/cache 100000 32 256
    minimum_object_size 0 KB
    maximum_object_size 512000 KB
    offline_mode off
    cache_swap_low 80
    cache_swap_high 90

    No redirector configured

    Setup some default acls

    acl all src 0.0.0.0/0.0.0.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 8080 3128 1025-65535
    acl sslports port 443 563 8080
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    acl dynamic urlpath_regex cgi-bin ?
    acl unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl"
    acl banned_hosts src "/var/squid/acl/banned_hosts.acl"
    acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
    cache deny dynamic
    http_access allow manager localhost

    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports

    Always allow localhost connections

    http_access allow localhost

    quick_abort_min 0 KB
    quick_abort_max 0 KB
    request_body_max_size 0 KB
    reply_body_max_size 0 allow all
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow all

    These hosts are banned

    http_access deny banned_hosts

    These hosts do not have any restrictions

    http_access allow unrestricted_hosts

    Block access to blacklist domains

    http_access deny blacklist

    Default block all to be sure

    http_access deny all



  • The redirect rules are not in squid.conf, they are located here…
    /usr/local/pkg/squid.inc



  • The problem is solved :-)
    I reinstalled pfsense and restored backup config.

    Everything not works perfect.

    Thanks for support


Log in to reply