Need help with Squid transparent proxy
I tried to get help for this issue in the "packages" section of the forum but I didn't get anywhere. So, I'm going to try it here in the general section.
Here's my situation: I am running pfsense 2.1 with transparent squid proxy and squidguard (using a shalla blacklist) and almost everything is working perfectly. I'm blocking the following categories: adv, aggressive, costtraps, dating, drugs, fortunetelling, gamble, models, porn, sex education, sex lingerie, spyware, tracker, and violence.
I'm having difficulty figuring out how to unblock my son's game (deadz reborn). Login fails every time unless I turn Squidguard off, which I obviously don't want to do.
So, I thought I would add an exception to the blacklist and learned how to do that. I added deadz.com and deadz.entitygaming.com but that does not seem to have helped. I suspect the actual game login is an entirely different domain or url than the games public web site. So then I thought I could find the correct URL, domain, or IP address that was blocked by looking at the squidguard logs. Ughhh… and WOW, it's all greek to me, plus I'm not sure I'm looking in the right place.
So, will I find the information I need in the Squidguard log? If yes, where do I look, and how do I understand it? If no, how can I figure out what needs to be whitelisted in order to allow the exception for this game?
Any help is greatly appreciated!
Well, in spite of no responses I have tried a few things and discovered that it is apparently NOT squidguard that is causing the problem. I turned squidguard off entirely and the transparent squid proxy seems to be causing the login failures for the deadz game.
Anyone know why?
I'm surprised I haven't had any responses yet. Is this because so few people use squid proxy?
So, in an effort to be proactive I took a packet capture of the 10-15 seconds when my son is logging into the game that seems to have a problem with squid proxy. There are two public ip addresses involved in that transaction, but I don't really know what to do with that information.
I'm willing to gather additional data if there is someone out there who would be willing to help.
I realize my issue is not life or death, but I truly want to learn about squid transparent proxy and this is hindering my progress.
I think it's safe to say I'm being patient. Anyone, please??
I played with Squid a long time ago, but am not at all familiar with it. You will get better response posting in the packages forum, the guys who help and maintain Squid may not look in the General forum too often.
is there an "Access denied" appears on page?
if it is there, look down and you will find a "Target Group" with the category that is being blocked.
No, that's not what happens. It's not a regular browser screen. He's logging into a game through a game login dialog which gives him a small error dialog that says something like, "login failed: check your proxy service or contact your network admin". It's not a very helpful error, which is why I took a packet capture to see if I could sort through the issue.
I would like to allow a couple of the ip addresses in question to bypass squid proxy, but I don't know how to do that. Anyone know how?
Are you sure it's squid that is causing the problem? The reference to a proxy in the games error could be any upstream proxy not just a web proxy. Have you tried disabling squid altogether?
You should be able to view the Squid logs immediately after starting the game to see what is blocked (or at least what is proxied). As long as nothing else is happening on your network it should be fairly obvious. You could also check the system state table to see what connections the game machine is opening (or trying to).
I am certain it is related to the squid proxy, because it only happens when I turn squid on. As soon as I disable it he can login without issue. Just to clarify, I am dealing with squid proxy only and have given up on squidguard until I get this figured out.
How do I view the squid logs? Where are they?
I will take a look at the states table and see if I can gather any useful information there.
Can someone help me find the squid proxy logs?
It sounds like the transparent proxy is blocking port 443 which the game login might be using to authenticate. You either need to apply the proxy settings in the game itself or create an exception in the firewall rules for the game server IP address. Just my thoughts.
Look at this post: https://forum.pfsense.org/index.php?topic=62256.msg405719#msg405719 and reply #243. This should also work for your situation.