How do i get Transparent Squid Proxy working?



  • Hi, im trying to get a transparent squid proxy working on my R3 test router. I have installed and enabled Squid, and if i set the browser to use the box as the proxy server address it works and blocks/allows pages as directed.

    What i would like to do is not have to set each individual machines proxy setttings and just leave the default gateway pointed at the pfsense box, i thought this was possible with transparent squid. I did read on google i needed to add a forwarding rule to redirected any outbound http traffic to the pfsense box itself. Is this correct? I couldnt find the command or script files to do this as this is bsd i only know iptables. I thought by setting the transparent option on the squid page any firewall and other settings would be done automatically… but as mentioned it only starts blocking pages when i setup the proxy address in internet explorer - even with the transparent option set.

    Would appreciate any links to short tutorials on squid under pfsense or a quick steps listed here if anyone would be kind enough to tell me.

    Many thanks in advance,

    Chris



  • It just works!

    Is your pfSense firewall not your gateway for your network?  What is the configuration of your network exactly?

    I'm using pfSense as the DHCP server and therefore all my machines get the gateway & DNS settings automatically.  I never had to set the proxy settings on IE since I turned transparent proxy on.

    Not sure if this helps, but a bit more information about your setup might be required.

    Thanks!



  • Ok, thnx for the reply. I changed some settings and now it seems to work.

    proxy interface is set to: LAN
    Allow users on interface is ticked
    Transparent proxy is ticked
    under access control Allowed subnets is 192.168.10.0/24

    it only started working when i clicked allow users on interface, excuse my ignorance but what does this setting do? I thought it would be ok as i had already entered the allow subnet as 192.168.10.0/24?

    I might take transparent mode off however after reading stuff online saying it can be a nightmare and should be used as a last resort, i have the ability to push out the proxy server for ie to use via group policy so there are no issues there.

    Perhaps you could be kind enough to tell me how i can block all websites by default, and only allow some through?

    Would i set the blacklist to: .
    and the whitelist to sites i like: .yahoo.com

    Many thanks! :)



  • I can't really say I've had any problems with transparent proxy, but then again I'm pretty new to this firewall too.

    If you are looking to block access to questionable web sites, you might want to try the SquidGuard package.  It allows you to white/black list any site you want.  The package is not quite production ready when it comes to end-user experience, but it works.


Log in to reply