Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid and captive portal

    pfSense Packages
    2
    5
    2085
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rexis last edited by

      Greetings,

      I have noticed that the current squid package do things differently compare to a year ago before 2.0 was released.

      I am still using 1.2.3, due to that I have rolled out live servers before 2.0 was around, and there was some customization. So I would temporarily stick with 1.2.3 for the time being.

      Here are my observations:

      • If squid is set to transparent mode, CP will not redirect to the default CP login page. When transparent mode is removed, CP redirects happily.
      • By comparing to one of my previously set up machines that run transparent squid and CP together(and works), looking at the /usr/local/etc/squid/squid.conf I noticed there has been some difference, the most obvious part is at the 3rd line of the config file:

      –--

      (old pfsense that set up a year ago)

      Do not edit manually !

      http_port 192.168.59.1:3128
      http_port 127.0.0.1:80 transparent

      (set up yesterday with a 1.2.3 iso and added squid package)

      Do not edit manually !

      http_port 192.168.160.1:3128
      http_port 127.0.0.1:3128 transparent


      You can see that now squid transparent mode is by default listening to the same port setting entered at the webgui "Proxy port" field. That doesn't sound right. Does it has anything to do with how the way 2.0 worked?

      As workaround, if I put entered "80" as Proxy port, the CP will work happily, but then users can bypass CP by setting proxy setting with port 80 at web browser. I would like to keep the port at 3128 so I can block it from Firewall.

      Any ideas what happening here?

      nix noob

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        Take a look on /tmp/rules.debug on both and compare rdr rules.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • R
          rexis last edited by

          Here are the lines with "rdr":

          Newly set up pfsense 1.2.3 box:

          rdr-anchor "pftpx/*"

          Load balancing anchor - slbd updates

          rdr-anchor "slb"

          FTP Proxy/helper

          table <vpns>{    }
          no rdr on rl0 proto tcp from any to <vpns>port 21
          rdr on rl0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021

          Setup Squid proxy redirect

          rdr on rl0 proto tcp from any to !(rl0) port 80 -> 127.0.0.1 port 80

          IMSpector rdr anchor

          rdr-anchor "imspector"

          UPnPd rdr anchor

          rdr-anchor "miniupnpd"

          Old pfsense 1.2.3 box that is running wifi service currently:

          rdr-anchor "pftpx/*"

          Load balancing anchor - slbd updates

          rdr-anchor "slb"

          FTP Proxy/helper

          table <vpns>{    }
          no rdr on rl0 proto tcp from any to <vpns>port 21
          rdr on rl0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021

          Setup Squid proxy redirect

          rdr on rl0 proto tcp from any to !(rl0) port 80 -> 127.0.0.1 port 80

          IMSpector rdr anchor

          rdr-anchor "imspector"

          UPnPd rdr anchor

          rdr-anchor "miniupnpd"

          ===============================================================

          Couldn't spot any difference thou!

          Btw, if I restore with the configuration xml file obtained from the old PfSense box, captive portal page won't show unless you key in the URL manually.

          Thanks! Happy new year!</vpns></vpns></vpns></vpns>

          nix noob

          1 Reply Last reply Reply Quote 0
          • marcelloc
            marcelloc last edited by

            And between 1.2.3 and 2.0.1 can you see any differences in rdr rules that conflicts captive portal and squid transparent?

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • R
              rexis last edited by

              I do not have any 2.0 running atm. Would try so in near future…

              nix noob

              1 Reply Last reply Reply Quote 0
              • First post
                Last post