Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid ,two subnets, domain login

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brcisna
      last edited by

      Hello All,

      The setup:

      pfSense 1.2.3-RELEASE
      squid
      squiGuard
      LightSquid
      ,,X 2 ( one each two different buildings.)

      ,,Two school building connected via IPSEC vpn with the two pfSense boxes.
      Building A subnet 172.28.8.x
      Building B subnet 192.168.1.x

      Findings.
      This is not exactly pfSense specific,but more so Squid issue.  After several minutes of fumbling with squid trying to figure out why users * at Building B only*,that does an WIN2k3 domain login was getting "access denied" when opening their web browser,this is what I found. Just by accident i tried this( below) and made web browsing work.

      Documentation possibly:
      Simply had to enter the opposite subnet in each of the pfSense box's of the listed ACL  available in squid.
      There was no problem web browsing if logged into the same workstation as a local user.  
      The master domain controller resides in Building A, although there is a domain controller(replicating to Building A) residing at Building B as well. Each building uses its DC as the dns server.

      I can not for the life of me figure out why doing the domain login causes the squid running proxy server to have this behavior.

      Anyone?
      I am guessing possibly someone has this documented but I was unable to find this scenario on the site here.

      Edit:
      Showing my own stupidity here.:) After typing this up,,got to thinking I may have made up in GPO to force the proxy server (of Building A) in Active Directory,to a domain login. Sure ,enough, this was the case. Makes perfect sense after It hit me,that this is why the Building A subnet had to be allowed in ACL of Building B. Albeit that the Building B workstations do show up in LightSquid report of Building B pfSense box.
      Hope this makes sense.

      Thanks,
      Barry

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.