Non-Transparent works, transparent doesn't (@work). @home, it all works
-
Here's what I've tried so far:
v2.0.2-Release (amd64)At home, regular ISP. I create two VMs. One with WinXP on subnet 192.168.1.0/24, and another with two NICs, one Bridged, and another on the same subnet as the first.
I install pfSense on the second, configure the NICs. Install/Enable Squid3. Set Squid3 upstream proxy to a random 'anonymous' proxy. Set Chrome on the first VM to use the Squid IP/Port, go to whatismyip.com, and it has the IP of the upstream proxy. Set the Squid config to Transparent. Remove the proxy information, revisit the same page, and all is still good. To doubly check I"m using the Squid proxy, I create a FW rule to block port 80 traffic on the lan side, so I'm sure I'm using the Tproxy. All good.
Sweet, I can copy this set up at work.
Not so lucky.
–--
At work: Have a corporate proxy that we all use. Can't get around that. We have some smart LG tvs that we'd like to hook up to our network, but it can't be configured to use a proxy. No problem, I will use Squid and get a transparent proxy going. Seeing that I got this working at home, it should be simple, eh? ;)
Same type of configuration, except HyperV instead of VMWare. Either way, I have two VMs, one with pfSense and one with Win7. I set the pfSense machine to be DHCP on the WAN interface, and Static/DHCP-server on the LAN. The Win7 gets an IP just fine, with the necessary DNS/Gateway information from pfSense. I install Squid3 on the box, and leave it as default configuration.
Set the proxy information in chrome again to use the proxy (192.168.1.1:3128). Connect to google.com --- all good.
Turn ON Transparent Proxy, and turn off the proxy setting in Chrome. And this is where it all breaks apart.It all seem to point to a DNS issue. I can browse using the full IP address of google, however, when I try to use named navigation, nada (Error Resolving DNS name). I can resolve and browse local corporate names just fine (example.corp.com).
I'm sure something upstream is hosing my connection attempts with the transparent proxy, but I'm guessing it's not Squid that causing the issue (at least directly) as when I set the squid ip/port as the proxy info in the browser, it works great. I have 0 access to the upstream setup unfortunately, but since it 1/2 works, I'm hoping there's a setting I can flip that'll work for me :)
As an aside, I haven't touched any of the default settings (ie: Firewall, NAT'ing, etc). The firewall rules seem to allow everything from the LAN subnet out. DNS Fowarding is turned on.
Any magic bullets?
Cheers!
-
It's good to know that you can make the squid works with Transparent proxy mode, while it fails for me with the same version - 2.0.2-RELEASE (amd64).
There was a post in 2009 telling that squid3 doesn't work with Transparent proxy mode, and I just wonder if the problem remains not fixed.
http://forum.pfsense.org/index.php/topic,13944.msg74262/topicseen.html#msg74262
As referred to the tutorial, it should work with just a tick in the check box "Transparent HTTP Proxy". Did you try to read the access.log of the squid3 at work? Is there any hit from client?
One more point, squid 2 works like a charm with the same setting at the same pfsense box
-
Yes, it happen to me too. Iam using i386.