Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid & transparent proxy not working in no-transparent mode

    pfSense Packages
    3
    10
    27733
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fluca1978 last edited by

      Hi all,
      I've pfsense running squid with the "transparent proxy" checkbox enabled, and it works, but if I try to connect from a client using explicity the proxy (i.e., 192.168.1.1:8080) I got a connection refused. I've checked in the firewall logs and the firewall is not blocking traffic, any idea on what to check?

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Are you sure it's on 8080? It's usually 3128.

        Go to Diagnostics > Command, type in:

         sockstat | grep squid
        

        And see where it's actually listening

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • F
          fluca1978 last edited by

          These are the first lines of the command (you can see the machine 192.168.1.7 is listening also on 8080, if I get it right):

          
          proxy    squid      4187  6  udp4   *:52519               *:*
          proxy    squid      4187  13 tcp4   127.0.0.1:80          192.168.1.36:1783
          proxy    squid      4187  14 tcp4   192.168.1.7:8080      *:*
          proxy    squid      4187  15 tcp4   127.0.0.1:80          *:*
          proxy    squid      4187  16 tcp4   127.0.0.1:80          192.168.1.55:50197
          proxy    squid      4187  17 tcp4   127.0.0.1:80          192.168.1.178:52346
          proxy    squid      4187  18 tcp4   127.0.0.1:80          192.168.1.36:1815
          proxy    squid      4187  19 tcp4   127.0.0.1:80          192.168.1.36:1827
          proxy    squid      4187  20 tcp4   127.0.0.1:80          192.168.1.201:37406
          proxy    squid      4187  21 tcp4   127.0.0.1:80          192.168.1.88:1293
          proxy    squid      4187  22 tcp4   127.0.0.1:80          192.168.1.201:37408
          proxy    squid      4187  23 tcp4   127.0.0.1:80          192.168.1.36:1817
          
          

          I also attach a screenshot of the squid configuration page. Am I doing something wrong?


          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            That means it is only listening on port 8080 on 192.168.1.7. Is that your LAN IP?

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • F
              fluca1978 last edited by

              @jimp:

              That means it is only listening on port 8080 on 192.168.1.7. Is that your LAN IP?

              Yes it is. If in a Firefox browser I set the HTTP proxy to 192.168.1.7 on port 8080 the browser does not work. If I remove the proxy setting, than it works. I don't see any traffic dropped in the firewall logs.

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                Are you sure you were putting 1.7 in the settings? In your earlier post you said you set it to 192.168.1.1:8080.

                What do your LAN firewall rules look like? Do you allow traffic there?

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • F
                  fluca1978 last edited by

                  @jimp:

                  Are you sure you were putting 1.7 in the settings? In your earlier post you said you set it to 192.168.1.1:8080.

                  What do your LAN firewall rules look like? Do you allow traffic there?

                  Yes, I had miswritten the address in the first post, the right one is 192.168.1.7 and I've checked it is the one I'm inserting in the firefox dialog box.
                  My firewall rules have a pass-any from LAN to any, and in fact I don't see any blocked packet on 8080.

                  1 Reply Last reply Reply Quote 0
                  • jimp
                    jimp Rebel Alliance Developer Netgate last edited by

                    I just installed squid in a VM and set it up transparently, and confirmed it was working (http://www.lagado.com/proxy-test)

                    I reconfigured my browser for the proxy and it still worked.

                    Not sure what else might be going on for you, so I attached a capture of the proxy settings I put into Firefox when testing.


                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • H
                      hack2003 last edited by

                      i just got the same problem.
                      what i did was reinstalling the pfsense from scratch and then install the squid package.
                      reboot the machine
                      and it works fine.
                      i just got one problem with changing the cache and other squid settings.

                      i thing that the cause is incompleted squid removal script.
                      if i would now the exact things the install script is doing i can revert it manualy and the see what i wrong with any of the things.

                      1 Reply Last reply Reply Quote 0
                      • F
                        fluca1978 last edited by

                        The proxy started working on my deployment after a machine reboot. So before the reboot it was only working as transparent, after a reboot it was working also explicitly. I suspect there was a problem with the reloading of the squid configuration, but I didn't tested the old squid port (the default one) before the reboot.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post