Squid: Bypass proxy for Private Address Space

firestrife23 · Jan 4, 2011, 6:03 PM

I'm currently running pfsense with squid and lightsquid as transparent proxy. However when I checked mark to bypass proxy for Private Address Space (RFC 1918) destination and for some reason local traffic still get route thru proxy while it's suppose to be bypass? any idea how I can investigate this?

Thanks,

-J

jimp · Jan 5, 2011, 1:06 PM

Not enough info there to really say for certain.

Is your local address space really part of the RFC1918 set? (192.168.0.0/16 ,10.0.0.0/8, 172.16.0.0/12)

How are your local networks connected? Multiple interfaces on pfSense? Static routes? Somewhere on the "WAN" side of the router?

firestrife23 · Jan 5, 2011, 2:27 PM

my local address is 192.168.1.0/24 and 192.168.10.0/24. Only thing on "WAN" side is cable modem. I think it could be squid not working well with dns forwarding? I was able to access my file server's ip address with specific port but if I tired it with no-ip.org domain within the network it will not redirect to 192.168.1.5 and squid is trying to go thru internet to access my file server. If I disabled squid it'll work as intended. Things I've tried adding my domain to bypass proxy for destination ip/host but it is still reproducing same problem. I hope it's more more sense than my first post.

jimp · Jan 5, 2011, 2:30 PM

Does the "no-ip.org" domain name resolve to your external IP or an internal IP?

If it resolves to the external IP, of course bypass local won't work because the destination IP that squid sees is the public IP, not a private one.

firestrife23 · Jan 5, 2011, 2:32 PM

Yes it resolved to my home's ip address, I tried it from my work's computer. I'm wondering if there's any way for squid to see it as private? or I'll have to live with ipaddress for internal use?

jimp · Jan 5, 2011, 2:34 PM

If you add an override to the DNS forwarder for that hostname that points to the internal IP it should work.