Transparent proxy - bypassing certain hosts



  • Hi,

    I'm running 2.0.1-RELEASE (i386) with Squid as a transparent proxy, basically using the default values. The only problem I have encountered is with some users of iChat using port 80, because that tends to work better in hotels etc. The problem is that those users can't use iChat with the transparent proxy.

    I tried adding the server hostname 'login.oscar.aol.com' to the the field labeled "Bypass proxy for these destination IPs" but it doesn't seem to work. I wonder if it just doesn't work or if I'm doing something wrong. I tried using the IP address of that host with no luck.

    As another test, I put my own IP address to the field above, labeled "Bypass proxy for these source IPs" and that worked. I hope someone can give me some pointers.

    Thanks.


  • Rebel Alliance Developer Netgate

    If it worked when you bypassed by source, but not destination, then odds are the destination host/IP wasn't right.

    You may have to look at the states and/or a packet capture to confirm what IP it's actually attempting to connect to for that. If the IP changes over time, you may have to list entire subnets or groups of IPs as you find them. Or make an alias, include that hostname, and then use the alias name in the squid settings (I think that works… I can't remember if I tried that when I last worked on those fields)



  • Thanks a lot. You were right about it. There's a ton of servers in the 205.188.0.0/16 range that handle the iChat traffic. So I had to use the CIDR notation 205.188.0.0/16;64.12.202.116; for the bypass field an it works now, the latter one being login.oscar.aol.com.

    I'm assuming there's no way to comment those IP addresses in the field? It would be nice to know what they all are later on. I also hope they won't change over time.

    Looking forward to start using more of the pfSense features, great product.


  • Rebel Alliance Developer Netgate

    Not there, no, but if you make an alias with a recognizable name and document it there, then use the alias in that box, it may make more sense later.


Log in to reply