Squid & transparent proxy not working in no-transparent mode



  • Hi all,
    I've pfsense running squid with the "transparent proxy" checkbox enabled, and it works, but if I try to connect from a client using explicity the proxy (i.e., 192.168.1.1:8080) I got a connection refused. I've checked in the firewall logs and the firewall is not blocking traffic, any idea on what to check?


  • Rebel Alliance Developer Netgate

    Are you sure it's on 8080? It's usually 3128.

    Go to Diagnostics > Command, type in:

     sockstat | grep squid
    

    And see where it's actually listening



  • These are the first lines of the command (you can see the machine 192.168.1.7 is listening also on 8080, if I get it right):

    
    proxy    squid      4187  6  udp4   *:52519               *:*
    proxy    squid      4187  13 tcp4   127.0.0.1:80          192.168.1.36:1783
    proxy    squid      4187  14 tcp4   192.168.1.7:8080      *:*
    proxy    squid      4187  15 tcp4   127.0.0.1:80          *:*
    proxy    squid      4187  16 tcp4   127.0.0.1:80          192.168.1.55:50197
    proxy    squid      4187  17 tcp4   127.0.0.1:80          192.168.1.178:52346
    proxy    squid      4187  18 tcp4   127.0.0.1:80          192.168.1.36:1815
    proxy    squid      4187  19 tcp4   127.0.0.1:80          192.168.1.36:1827
    proxy    squid      4187  20 tcp4   127.0.0.1:80          192.168.1.201:37406
    proxy    squid      4187  21 tcp4   127.0.0.1:80          192.168.1.88:1293
    proxy    squid      4187  22 tcp4   127.0.0.1:80          192.168.1.201:37408
    proxy    squid      4187  23 tcp4   127.0.0.1:80          192.168.1.36:1817
    
    

    I also attach a screenshot of the squid configuration page. Am I doing something wrong?



  • Rebel Alliance Developer Netgate

    That means it is only listening on port 8080 on 192.168.1.7. Is that your LAN IP?



  • @jimp:

    That means it is only listening on port 8080 on 192.168.1.7. Is that your LAN IP?

    Yes it is. If in a Firefox browser I set the HTTP proxy to 192.168.1.7 on port 8080 the browser does not work. If I remove the proxy setting, than it works. I don't see any traffic dropped in the firewall logs.


  • Rebel Alliance Developer Netgate

    Are you sure you were putting 1.7 in the settings? In your earlier post you said you set it to 192.168.1.1:8080.

    What do your LAN firewall rules look like? Do you allow traffic there?



  • @jimp:

    Are you sure you were putting 1.7 in the settings? In your earlier post you said you set it to 192.168.1.1:8080.

    What do your LAN firewall rules look like? Do you allow traffic there?

    Yes, I had miswritten the address in the first post, the right one is 192.168.1.7 and I've checked it is the one I'm inserting in the firefox dialog box.
    My firewall rules have a pass-any from LAN to any, and in fact I don't see any blocked packet on 8080.


  • Rebel Alliance Developer Netgate

    I just installed squid in a VM and set it up transparently, and confirmed it was working (http://www.lagado.com/proxy-test)

    I reconfigured my browser for the proxy and it still worked.

    Not sure what else might be going on for you, so I attached a capture of the proxy settings I put into Firefox when testing.




  • i just got the same problem.
    what i did was reinstalling the pfsense from scratch and then install the squid package.
    reboot the machine
    and it works fine.
    i just got one problem with changing the cache and other squid settings.

    i thing that the cause is incompleted squid removal script.
    if i would now the exact things the install script is doing i can revert it manualy and the see what i wrong with any of the things.



  • The proxy started working on my deployment after a machine reboot. So before the reboot it was only working as transparent, after a reboot it was working also explicitly. I suspect there was a problem with the reloading of the squid configuration, but I didn't tested the old squid port (the default one) before the reboot.


Log in to reply