Squid & transparent proxy not working in no-transparent mode
-
Hi all,
I've pfsense running squid with the "transparent proxy" checkbox enabled, and it works, but if I try to connect from a client using explicity the proxy (i.e., 192.168.1.1:8080) I got a connection refused. I've checked in the firewall logs and the firewall is not blocking traffic, any idea on what to check? -
Are you sure it's on 8080? It's usually 3128.
Go to Diagnostics > Command, type in:
sockstat | grep squidAnd see where it's actually listening
-
These are the first lines of the command (you can see the machine 192.168.1.7 is listening also on 8080, if I get it right):
proxy squid 4187 6 udp4 *:52519 *:* proxy squid 4187 13 tcp4 127.0.0.1:80 192.168.1.36:1783 proxy squid 4187 14 tcp4 192.168.1.7:8080 *:* proxy squid 4187 15 tcp4 127.0.0.1:80 *:* proxy squid 4187 16 tcp4 127.0.0.1:80 192.168.1.55:50197 proxy squid 4187 17 tcp4 127.0.0.1:80 192.168.1.178:52346 proxy squid 4187 18 tcp4 127.0.0.1:80 192.168.1.36:1815 proxy squid 4187 19 tcp4 127.0.0.1:80 192.168.1.36:1827 proxy squid 4187 20 tcp4 127.0.0.1:80 192.168.1.201:37406 proxy squid 4187 21 tcp4 127.0.0.1:80 192.168.1.88:1293 proxy squid 4187 22 tcp4 127.0.0.1:80 192.168.1.201:37408 proxy squid 4187 23 tcp4 127.0.0.1:80 192.168.1.36:1817I also attach a screenshot of the squid configuration page. Am I doing something wrong?
-
That means it is only listening on port 8080 on 192.168.1.7. Is that your LAN IP?
-
That means it is only listening on port 8080 on 192.168.1.7. Is that your LAN IP?
Yes it is. If in a Firefox browser I set the HTTP proxy to 192.168.1.7 on port 8080 the browser does not work. If I remove the proxy setting, than it works. I don't see any traffic dropped in the firewall logs.
-
Are you sure you were putting 1.7 in the settings? In your earlier post you said you set it to 192.168.1.1:8080.
What do your LAN firewall rules look like? Do you allow traffic there?
-
Are you sure you were putting 1.7 in the settings? In your earlier post you said you set it to 192.168.1.1:8080.
What do your LAN firewall rules look like? Do you allow traffic there?
Yes, I had miswritten the address in the first post, the right one is 192.168.1.7 and I've checked it is the one I'm inserting in the firefox dialog box.
My firewall rules have a pass-any from LAN to any, and in fact I don't see any blocked packet on 8080. -
I just installed squid in a VM and set it up transparently, and confirmed it was working (http://www.lagado.com/proxy-test)
I reconfigured my browser for the proxy and it still worked.
Not sure what else might be going on for you, so I attached a capture of the proxy settings I put into Firefox when testing.
-
i just got the same problem.
what i did was reinstalling the pfsense from scratch and then install the squid package.
reboot the machine
and it works fine.
i just got one problem with changing the cache and other squid settings.i thing that the cause is incompleted squid removal script.
if i would now the exact things the install script is doing i can revert it manualy and the see what i wrong with any of the things. -
The proxy started working on my deployment after a machine reboot. So before the reboot it was only working as transparent, after a reboot it was working also explicitly. I suspect there was a problem with the reloading of the squid configuration, but I didn't tested the old squid port (the default one) before the reboot.
