Transparent proxy - some sites time out

  • Hi folks,

    Recently moved from 1.2.3 to 2.0.  Have a fairly standard (I guess) network, 3 cards LAN, WAN and DMZ.  Server or two in dmz, couple of clients on the LAN.  Never had any issues with 1.2.3, use it for general office use, remote access over VPN, that kind of thing and it works a charm.

    Since I moved to 2.0 though I have one small problem which is driving me nuts - i.e. I can't figure it out.

    I use transparent squid as a proxy for web access.  Port 443 is open on the firewall (LAN -> WAN).

    After the move to 2.0 I noticed I couldn't get on to paypal, one of my bank sites, the Dell store etc..  So I started rooting around…
    -> My first thought that I was having trouble with HTTPS sites... but that's not the case as I can browse to many other HTTPS sites, e.g. blacknight, etc.
    -> I don't see any entries in the firewall log when I attempt to access the sites - they simply time out!

    I wondered was a firewall rule blocking me... so I temporarily added a rule saying "allow all LAN -> anywhere"... and it made no difference.

    Then I wondered was it something to do with squid.  So I disabled transparent mode, threw up a WPAD.DAT (and set my webconfigurator to port 80 to serve the WPAD.DAT file) and tested that way.  Great!  All sites work perfectly if I use squid in non-transparent mode.  However:
    -> I prefer transparent mode as it suits remote working for us a bit better (the vpn clients don't need to know anything about the proxy)
    -> And changing the webconfigurator to port 80 seems to raise another issue with accessing our locally hosted site (I use nat reflection to get at our own website which is addressed using the public IP of our router).  But that's a question for another thread  ;D

    I've also tried dumping my config, then re-installing pfSense from scratch and restoring the configuration (Just in case something got corrupted on my installation)... but to no avail.

    So... where do I start to debug this!? I'm happy to tinker away and learn but in this case I'm not sure where to even start.  The only commonality I can see is that these are all financial sites, I get redirected to them and they simply time out.  I've never come across something 'wierd' like this with pfSense before, and I can't see anyone else here posting about it so I'm pretty sure I must be doing something dumb... but... emmm... for the life of me I don't know what it is!

    Any and all suggestions appreciated!

  • Hmmm… perhaps this is in the wrong forum?  As my query was browsing related and I'm using transparent squid I thought I'd post here.

    But the most closely related threads I see from other members are over in the NAT section...

    If this is the wrong spot mods let me know and I'll move this and post elsewhere - don't want to cross-post.

Log in to reply