Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3-dev transparent mode

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      webstor
      last edited by

      Hi folks,

      I tried to install squid-3-dev.
      But it is not working in transparent mode.

      Here is my squid log from the gui:
      Squid Logs
      Date IP Status Address User Destination
      17.07.2014 21:03:11 192.168.66.99 TCP_DENIED/403 cache_object://localhost/active_requests - -
      17.07.2014 21:03:06 192.168.66.99 TCP_DENIED/403 cache_object://localhost/active_requests - -
      17.07.2014 21:03:03 192.168.66.99 TCP_DENIED/403 cache_object://localhost/active_requests - -
      12.07.2014 20:49:11 192.168.66.99 TCP_DENIED/403 cache_object://localhost/active_requests - -

      Here is my squid.conf

      This file is automatically generated by pfSense

      Do not edit manually !

      http_port 192.168.66.99:3128
      http_port 127.0.0.1:3128 intercept
      icp_port 0
      dns_v4_first off
      pid_filename /var/run/squid.pid
      cache_effective_user proxy
      cache_effective_group proxy
      error_default_language de
      icon_directory /usr/pbi/squid-amd64/etc/squid/icons
      visible_hostname darkfirewall.darkdesire.local
      cache_mgr admin@localhost
      access_log /var/squid/logs/access.log
      cache_log /var/squid/logs/cache.log
      cache_store_log none
      netdb_filename /var/squid/logs/netdb.state
      pinger_enable on
      pinger_program /usr/pbi/squid-amd64/libexec/squid/pinger

      logfile_rotate 0
      debug_options rotate=0
      shutdown_lifetime 3 seconds
      httpd_suppress_version_string on
      uri_whitespace strip

      acl dynamic urlpath_regex cgi-bin ?
      cache deny dynamic

      cache_mem 2048 MB
      maximum_object_size_in_memory 128 KB
      memory_replacement_policy lru
      cache_replacement_policy heap LFUDA
      cache_dir aufs /var/squid/cache 100 16 256
      minimum_object_size 4 KB
      maximum_object_size 102400 KB
      offline_mode off
      cache_swap_low 90
      cache_swap_high 95
      cache allow all

      No redirector configured

      #Remote proxies

      Setup some default acls

      From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.

      acl localhost src 127.0.0.1/32

      acl allsrc src all
      acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 8443 3128 3127 1025-65535
      acl sslports port 443 563 8443

      From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.

      #acl manager proto cache_object

      acl purge method PURGE
      acl connect method CONNECT

      Define protocols used for redirects

      acl HTTP proto HTTP
      acl HTTPS proto HTTPS
      acl allowed_subnets src 192.168.66.0/24 192.168.67.0/24
      acl unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl"
      http_access allow manager localhost

      http_access deny manager
      http_access allow purge localhost
      http_access deny purge
      http_access deny !safeports
      http_access deny CONNECT !sslports

      Always allow localhost connections

      From 3.2 further configuration cleanups have been done to make things easier and safer.

      The manager, localhost, and to_localhost ACL definitions are now built-in.

      http_access allow localhost

      quick_abort_min 0 KB
      quick_abort_max 0 KB
      request_body_max_size 0 KB
      delay_pools 1
      delay_class 1 2
      delay_parameters 1 -1/-1 -1/-1
      delay_initial_bucket_level 100
      delay_access 1 allow allsrc

      Reverse Proxy settings

      Package Integration

      url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf
      url_rewrite_bypass off
      url_rewrite_children 5

      Custom options before auth

      These hosts do not have any restrictions

      http_access allow unrestricted_hosts

      Setup allowed acls

      http_access allow allowed_subnets

      Default block all to be sure

      http_access deny allsrc

      icap_enable on
      icap_send_client_ip off
      icap_send_client_username off
      icap_client_username_encode off
      icap_client_username_header X-Authenticated-User
      icap_preview_enable on
      icap_preview_size 1024

      icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
      icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav

      adaptation_access service_req allow all
      adaptation_access service_resp allow all

      Thanx for your help.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.