Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid in transparent mode do not forward packets through a bridged interface

    pfSense Packages
    2
    2
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      derekwildstar
      last edited by

      Yes it's so simple like in the subject Pfsense do not permit to squid to forward packets if configured in transparent mode and toward a briget interface. This is a known issue from when Pfsense is borned, there are already other signaling about this but until today this las version 2.0.3 this issue continue to be present.
      Someone have some other alternative for work around this problem ?

      Thank to everyone that have a solution

      1 Reply Last reply Reply Quote 0
      • A
        ar4uall
        last edited by

        Yes it does work… with some tweaking...

        Here's what i did, create bridge between LAN and WAN, assign interface to Bridge, set ip to bridge interface set firewall to bridge interface to any any allow, set ip interface on LAN and WAN to none.
        Enable bridge to 1 on Advanced/System Tunables.
        Set default gateway on bridge interface.
        Set NAT to manual and erase all rules.
        Sometimes i do loose connectivity to the ip on the bridge interface, if that happens, go to console and reassign ip on the bridge again from there, that fixes the issue. Don't forget to set you default gateway again.
        Bridge part all set, now install squid and set it to transparent and set your ACL.
        Now on the stations using squid set the default gateway to be the ip of the bridge interface of PfSense.
        Now transparent proxy should work, look at the squid access.log and everything should go trough the proxy.
        In my case i wanted to make sure that if PfSense were to be down or crashed, the users still had a working gateway.
        So i defined my L3 switch to be the users default gateway, set up RIP on the L3 switch and on PfSense in a way that if PfSense is up and running the default gateway to the switch is PfSense's bridge interface, but in case it goes down or it's offline, the gateway of the switch changes to my router's interface.
        If you do this make sure that the default gateway on your PfSense bridge interface it's your internet Router and not the L3 switch, or else you will have a loop on the router redirects.

        Hope this helps,
        If anyone has a better solution please post.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.