Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Transparent proxy - bypassing certain hosts

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      martta
      last edited by

      Hi,

      I'm running 2.0.1-RELEASE (i386) with Squid as a transparent proxy, basically using the default values. The only problem I have encountered is with some users of iChat using port 80, because that tends to work better in hotels etc. The problem is that those users can't use iChat with the transparent proxy.

      I tried adding the server hostname 'login.oscar.aol.com' to the the field labeled "Bypass proxy for these destination IPs" but it doesn't seem to work. I wonder if it just doesn't work or if I'm doing something wrong. I tried using the IP address of that host with no luck.

      As another test, I put my own IP address to the field above, labeled "Bypass proxy for these source IPs" and that worked. I hope someone can give me some pointers.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If it worked when you bypassed by source, but not destination, then odds are the destination host/IP wasn't right.

        You may have to look at the states and/or a packet capture to confirm what IP it's actually attempting to connect to for that. If the IP changes over time, you may have to list entire subnets or groups of IPs as you find them. Or make an alias, include that hostname, and then use the alias name in the squid settings (I think that works… I can't remember if I tried that when I last worked on those fields)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M
          martta
          last edited by

          Thanks a lot. You were right about it. There's a ton of servers in the 205.188.0.0/16 range that handle the iChat traffic. So I had to use the CIDR notation 205.188.0.0/16;64.12.202.116; for the bypass field an it works now, the latter one being login.oscar.aol.com.

          I'm assuming there's no way to comment those IP addresses in the field? It would be nice to know what they all are later on. I also hope they won't change over time.

          Looking forward to start using more of the pfSense features, great product.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Not there, no, but if you make an alias with a recognizable name and document it there, then use the alias in that box, it may make more sense later.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.