Problem:Bridge + Squid+SquidGuard
-
I've problem with pfsense in mode bridge + squid +SquidGuard.
I'be 2 itwrfaces: LAN and WAN. I set Interfaces->assign->bridgeFirewall, QOS are OK.
I installed Squid:
http://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy
but squid does not work correct.I guess I have to redirect ports
1.rdr $LAN inet proto tcp from any to any port 80 -> 127.0.0.1 port 3128
2.pass in quick on $LAN route-to lo0 inet proto tcp from any to 127.0.0.1 port 3128 keep stateRdr is Port Redirect
Firewall->NAT->port redirect
But second rule? how i can set this? -
old topic..anyway..
I'm facing the same problem. you can't set that second rule via web gui but I put it in "by hand":
I added the rule in /tmp/rules.debug and then pfctl -f /tmp/rules.debugso the rules I have now are :
- rdr on bridge0 inet proto tcp from any to any port = http -> 127.0.0.1 port 3128
- pass in log quick on bridge0 route-to lo0 inet proto tcp from any to 127.0.0.1 port = 3128 flags S/SA keep state
but it's not working!
bridge0 = (em1, em2)
client is on em1 side
I can see
IP clientip.3002 > 127.0.0.1.3128: Flags SYN
on the other side of the bridge member em2. no traffic on lo0 interface.so route-to lo0 dosn't work.
or better.. it's the rest of the rule that doesn't work, if I place the (wrong and temporary) rules like:
this one: pass in log quick on bridge0 route-to lo0
or even: pass in log quick on bridge0 route-to lo0 inet proto udpthen I can see traffic on lo0.
I tested on 2.0.3 and 2.1 beta1.
it's been reported here long time ago :
pfSense bug #1620
http://redmine.pfsense.org/issues/1620 there'son FreeBSD 9.1 it works fine.