• How do I remove the default Squid redirect rule?


  • It is only put into place if:

    1. Squid is installed
    2. Squid is running


  • I have Squid running on 3128 but I also want to be able to access the Internet directly. It looks as if this rule: "rdr on fxp1 inet proto tcp from any to !(lan_IP) port www -> 127.0.0.1 port 3128" is redirecting all my requests for port 80 to 127.0.0.1 port 3128 .  Can I change this? or I am totally lost?

    Thanks for your help.


  • disable transperend proxy in the squid setup


  • @crazyoax:

    How do I remove the default Squid redirect rule?

    Another question, how can i add the redirection rule, when squid is working, but the transparent proxy mode makes no changes?

    Sorry for crosspost.


  • @techatdd:

    @crazyoax:

    How do I remove the default Squid redirect rule?

    Another question, how can i add the redirection rule, when squid is working, but the transparent proxy mode makes no changes?

    Sorry for crosspost.

    The transparent proxy mode makes no change? So do you want to report a bug? However you can create a portforward at firewall>nat, portforward tab. choose interface lan and redirect port 80 to 127.0.0.1 to the squid port or maybe to <lan ip="" of="" pfsense="">. Haven't tried that yet but it should not be needed when transparent mode is enabled. Also make sure your webgui is not running at port 80 if you do that or you might lock yourself out.</lan>


  • @techatdd:

    @crazyoax:

    How do I remove the default Squid redirect rule?

    but the transparent proxy mode makes no changes?

    Sorry for crosspost.

    This was fixed in one of the snapshots after beta2. Ensure your running the latest snapshot RELENG_1_SNAPSHOT_03-19-2006 before submitting a bug. BTW squid binds to the interface that is selected if transparent mode is disabled so your custom redirect rules would need to apply to that interface ip.


  • @Leoandru:

    This was fixed in one of the snapshots after beta2. Ensure your running the latest snapshot RELENG_1_SNAPSHOT_03-19-2006 before submitting a bug. BTW squid binds to the interface that is selected if transparent mode is disabled so your custom redirect rules would need to apply to that interface ip.

    Oh, then it is broken again. Bug reported. Also the Bandwidth Limit Per Host and Download Throttle on Interface does not work.

    Also the Portforwarding seems to dont work.
    Is it right this way:

    If    Proto  Ext. port range  NAT IP                  Int. port range
    LAN TCP       80 (HTTP)       10.10.10.1 (ext.: any)         3128


  • @techatdd:

    @Leoandru:

    This was fixed in one of the snapshots after beta2. Ensure your running the latest snapshot RELENG_1_SNAPSHOT_03-19-2006 before submitting a bug. BTW squid binds to the interface that is selected if transparent mode is disabled so your custom redirect rules would need to apply to that interface ip.

    Oh, then it is broken again. Bug reported. Also the Bandwidth Limit Per Host and Download Throttle on Interface does not work.

    Also the Portforwarding seems to dont work.
    Is it right this way:

    If     Proto  Ext. port range  NAT IP                  Int. port range
    LAN TCP       80 (HTTP)       10.10.10.1 (ext.: any)         3128

    Can anybody help? My admin port is on 445 Anti webgui logout is off and 10.10.10.1 is my lan ip adress. But it does not work.


  • Ok, I'll take a look at it as soon as I get to a pfSense box. I'm sure the trasparent mode disabling was fixed as I tested it myself, but I'll check again. I'll also try a custom redirect to squid to see what the problem could be.


  • @Leoandru:

    Ok, I'll take a look at it as soon as I get to a pfSense box. I'm sure the trasparent mode disabling was fixed as I tested it myself, but I'll check again. I'll also try a custom redirect to squid to see what the problem could be.

    Sorry, i got the per user limit to work and so i can see, that transparent mode works. I was confused because there are no squid error on unknowned servers… But I can see it works with with bandwitdh limit acls.


  • Ok the squid works fine, Tranparent Mode and the portforwarding. But wenn I configure an other pfsense box, wich is the defaulf gateway in my lan, to forward every port 80 traffic (with the same portforwarding rule) to the squid pfsense box with an other PPPOE connection to the net it does not work. Something wrong in my mind?


  • Ok the squid works fine, Tranparent Mode and the portforwarding. But wenn I configure an other pfsense box, wich is the defaulf gateway in my lan, to forward every port 80 traffic (with the same portforwarding rule) to the squid pfsense box with an other PPPOE connection to the net it does not work. Something wrong in my mind?