5. Transparent proxy on latest BETA

Transparent proxy on latest BETA

  • P

    If I upgrade from 1.2.3 where transparent proxy works just fine to the latest v2 BETA, it does not work in transparent mode anymore.  If I perform a clean install of v2, then it does work.  Please help me understand what I can do to fix it.  Here are some details.  Transparent is turned on in the webgui.  vr1 is my WAN, vr0 is LAN and re0 is WiFi.  That 96.xxx is my WAN IP.

    
# pfctl -sn |grep http
rdr on vr1 inet proto tcp from any to 96.55.182.244 port = http -> 192.168.0.72
rdr on vr0 inet proto tcp from any to 96.55.182.244 port = http tag PFREFLECT -> 127.0.0.1 port 19002
rdr on re0 inet proto tcp from any to 96.55.182.244 port = http tag PFREFLECT -> 127.0.0.1 port 19002
rdr on vr1 inet proto tcp from any to 96.55.182.244 port = https -> 192.168.0.39
rdr on vr0 inet proto tcp from any to 96.55.182.244 port = https tag PFREFLECT -> 127.0.0.1 port 19006
rdr on re0 inet proto tcp from any to 96.55.182.244 port = https tag PFREFLECT -> 127.0.0.1 port 19006

# netstat -nab | grep 3128
tcp4       0      0 192.168.1.10.3128      *.*                    LISTEN
tcp4       0      0 192.168.0.10.3128      *.*                    LISTEN

# netstat -nab | grep 80
tcp4       0      0 127.0.0.1.80           *.*                    LISTEN
tcp4       0      0 *.80                   *.*                    LISTEN

# squidclient -p 80 cache_object://localhost/info
HTTP/1.0 200 OK
Server: squid/2.7.STABLE8
Date: Thu, 08 Apr 2010 06:06:09 GMT
Content-Type: text/plain
Expires: Thu, 08 Apr 2010 06:06:09 GMT
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost:3128 (squid/2.7.STABLE8)
Connection: close

Squid Object Cache: Version 2.7.STABLE8
Start Time:	Thu, 08 Apr 2010 03:45:19 GMT
Current Time:	Thu, 08 Apr 2010 06:06:09 GMT
Connection information for squid:
	Number of clients accessing cache:	2
	Number of HTTP requests received:	2
	Number of ICP messages received:	0
	Number of ICP messages sent:	0
	Number of queued ICP replies:	0
	Number of HTCP messages received:	0
	Number of HTCP messages sent:	0
	Request failure ratio:	 0.00
	Average HTTP requests per minute since start:	0.0
	Average ICP messages per minute since start:	0.0
	Select loop called: 11779 times, 717.334 ms avg
Cache information for squid:
	Request Hit Ratios:	5min: 0.0%, 60min: 0.0%
	Byte Hit Ratios:	5min: -0.0%, 60min: 100.0%
	Request Memory Hit Ratios:	5min: 0.0%, 60min: 0.0%
	Request Disk Hit Ratios:	5min: 0.0%, 60min: 0.0%
	Storage Swap size:	3124208 KB
	Storage Mem size:	252 KB
	Mean Object Size:	92.57 KB
	Requests given to unlinkd:	0
Median Service Times (seconds)  5 min    60 min:
	HTTP Requests (All):   0.00000  0.00000
	Cache Misses:          0.00000  0.00000
	Cache Hits:            0.00000  0.00000
	Near Hits:             0.00000  0.00000
	Not-Modified Replies:  0.00000  0.00000
	DNS Lookups:           0.00000  0.00000
	ICP Queries:           0.00000  0.00000
Resource usage for squid:
	UP Time:	8449.479 seconds
	CPU Time:	1.020 seconds
	CPU Usage:	0.01%
	CPU Usage, 5 minute avg:	0.01%
	CPU Usage, 60 minute avg:	0.01%
	Process Data Segment Size via sbrk(): 0 KB
	Maximum Resident Size: 10744 KB
	Page faults with physical i/o: 7
Memory accounted for:
	Total accounted:         2570 KB
	memPoolAlloc calls: 156823
	memPoolFree calls: 88515
File descriptor usage for squid:
	Maximum number of file descriptors:   11095
	Largest file desc currently in use:     24
	Number of file desc currently in use:   15
	Files queued for open:                   0
	Available number of file descriptors: 11080
	Reserved number of file descriptors:   100
	Store Disk files open:                   0
	IO loop method:                     kqueue
Internal Data Structures:
	 33777 StoreEntries
	    27 StoreEntries with MemObjects
	    26 Hot Object Cache Items
	 33750 on-disk objects
# squidclient mgr:info
^C
(Times out)

cache.log
2010/04/07 20:45:37| Accepting proxy HTTP connections at 192.168.0.10, port 3128, FD 14.
2010/04/07 20:45:37| Accepting proxy HTTP connections at 192.168.1.10, port 3128, FD 15.
2010/04/07 20:45:37| Accepting transparently proxied HTTP connections at 127.0.0.1, port 80, FD 16.
2010/04/07 20:45:37| Accepting HTCP messages on port 4827, FD 21.
2010/04/07 20:45:37| Accepting SNMP messages on port 3401, FD 22.
2010/04/07 20:45:37| WCCP Disabled.
2010/04/07 20:45:37| Loaded Icons.
2010/04/07 20:45:37| Ready to serve requests.

Web configurator is on 443.

    Any ideas?

    0
  • Rebel Alliance Developer Netgate

    Did you reinstall the squid package after upgrading?

    You may have to remove it, and then add it back again. The squid package on pfSense 2.0 is in a different location. I'm not sure if the automatic reinstall will handle that part.

    0
  • P

    Did try that - makes no difference.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy