Transparent Squid proxy error - not-transparent is working



  • Hi there,

    I recently installed pfSense 2.0 RC3 on a box as a MultiWAN-Router (WAN1 PPPoE 25Mbit down/5Mbit up dynamic IP, WAN2 PPPoE 16Mbit down/1Mbit up static IP). Everything run's fine. Even if I configure a webbrowser on a client to use the Squid on the pfSense box directly. But if I enable the transparent mode, clients get this error message:

    ERROR
    The requested URL could not be retrieved
    
    While trying to process the request:
    
    GET / HTTP/1.1
    Host: some.host.domain.net
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
    Accept-Encoding: gzip, deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Connection: keep-alive
    Cookie: _pk_id.3.e71d=jkdg8gd8kj9.1315473826.1.asfa882626.1315473826.
    
    The following error was encountered:
    
        Invalid Request 
    
    Some aspect of the HTTP Request is invalid. Possible problems:
    
        Missing or unknown request method
        Missing URL
        Missing HTTP Identifier (HTTP/1.0)
        Request is too large
        Content-Length missing for POST or PUT requests
        Illegal character in hostname; underscores are not allowed 
    
    Your cache administrator is edv@xyzdomain.com.
    Generated Fri, 09 Sep 2011 08:12:34 GMT by fw1.office.xyzdomain.com (squid/2.7.STABLE9) 
    

    Actually, I must say that I don't have an idea so far. Proxy-"Additions" like HAVP and / or Squidguard don't have an impact on that problem, so regardless if those modules are installed and / or configured, the problem resides.

    Thanks for any help in advance.

    Regards, Tim


  • Netgate Administrator

    Running Squid with multiwan is a special case. Have you read this: http://forum.pfsense.org/index.php?topic=37083.0

    Steve



  • Hi Steve,

    thanks for that hint. I didn't see this before. I'll give it a try. Great, thanks.

    Tim


Log in to reply