Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with Squid-Reverse proxy

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dan104
      last edited by

      I am trying to use squid reverse proxy on latest pfsense I386

      • Has DNS and mixed set of port gateways forwarded

      I have installed the squid3 20_1_5 package and try as I may I can not get things to work.

      Here is my config concepts
      Pfsence is public IP on WAN side
      Backside is basic  private lan (192.168.0.x)
      4 servers with mixed ports
      .69:80 -> IIS box using headers to select from a handful of sites
      .69:81 ->Yawcam live feed
      .40:8080 -> Remote controlled Webcam
      .40:80 -> IIS box using headers to select from addional and failover sites (disregarded at this point)
      .140:5150 -> Rabit based sensor collection box – Web interface
      .120:80  -> Webmail site

      Objectives:
      Birdcam.domain.com -> .69:81
      www.domain.com ->.69:80
      wel.domain.com -.140:5150
      www.*.domain.com ->.69:80
      backyardcam.domain -> .40:8080

      Steps I took:

      1. Installed squid3 pkg from pfsense
      2. Defined 4 servers
      3. Mapped sites based on url to server
      4. Set listen port to 80 and IP to 127.0.0.1
      5. Set PF Webgui to port 180 and turned off redirect
      6. Created firewall rule for Wan side input on 80 -> 127.0.0.1
      7. Enabled squid logging
      8. Enabled Squid and all of the mapping and servers
      9. Started Squid service watched real-time log viewer
      10. Injected http requests from outside source

      Results:
      From SSH terminal ps –a shows no squid processes
      Realtime log shows nothing
      Services show squid running
      http request time out

      smels like either squid is not starting or I am not listening on right ports.

      Thoughts??????

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        dan104,

        If you listen squid on loopback, you need a nat rule to forward traffic from wan to 127.0.0.1 but if you listen on wan address, you just need the firewall rule.

        You have 6 ports to forward, so I suggest you to create servers based on your ports.

        host_69_81 (host .69 port 81)
        host_69_80 (host .69 port 80)
        host_40_8080 (host .40 port 8080)
        host_40_80    (host .40 port 80)
        host_140_5150 (host .140 port 5150)
        host_120_80    (host .120 port 80)

        Currente package version, creates only one squid conf instead of multiple daemons. This way, you need to publish all your sites on wan_ip:80 for all http traffic and wan_ip:443 for all ssl traffic.

        The host header on mappings will forward the request to the server the way you want:

        uri: Birdcam.domain.com host:host_69_81
        uri: www.domain.com     host:host_69_80
        uri: wel.domain.com       host:host_140_5150
        uri: www.*.domain.com  host:host_69_80
        uri: backyardcam.domain  host:host_40_8080

        att,
        Marcello Coutinho

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • D
          dan104
          last edited by

          Thank you for the prompt answers!

          When you say lisen on wan address I assume you are saying the public ID, which I tried but maybe I had other errors.

          My current set up is almost the same as you suggested, except the 127…. I do have a firewall rule forwarding port 80 on WAN to 127....  But need to go look at the NAT settings tonight.

          There are lots of option on the GEN tab, any ones that are must do's and other that are avoid for nows?

          Thank you again
          Dan

          1 Reply Last reply Reply Quote 0
          • D
            dan104
            last edited by

            Tried what I thought you said and still no traffic Attaching my config.xml file
            Any thoughts?

            Dan

            Still_not_working.txt

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              dan104,

              Remove your xml from previous post, It's not safe exposing your firewall config to the world  :(

              I've tried to access your ip on http and https without success.

              try these steps:

              • Remove the nats for your internal web servers

              • listen reverse squid on 80

              • apply a firewall rule on wan allowing access from any to interface_address port 80 and port 443

              • check on console/ssh if squid is running and listening on ports 80/443 using netstat -an | grep -i listen

              • test using tcpdump(on console/ssh) if you get any http/https traffic to wan_address at port 80,443

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.