Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid2.7.9 transparent mode NAT rules

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    4 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      I've installed the Squid package (Squid 2.79) and set it to transparent mode.

      That's working fine - I can see the requests in the access log in /var/squid/log

      However, I can't see the firewall NAT rules for the redirect from 80 to 3128 in the Firewall section?  I'd like to have some subnets (on the same pfSense LAN interface) bypass the squid proxy, but there's no visible rule to modify?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Use the "Bypass proxy" option in Squid and it'll do that automatically. Alternatively, disable transparent proxying in Squid, and add your own port forward to handle the transparent proxy redirect.

        1 Reply Last reply Reply Quote 0
        • ?
          A Former User
          last edited by

          Thanks CMB for the reply.

          @cmb:

          Use the "Bypass proxy" option in Squid and it'll do that automatically.

          Cool, I hadn't noticed the bypass proxy settings in squid - I've only run Squid3 before on pfsense 2.1 and that had an explicit firewall rule for the redirect to the transparent proxy.  So I can apply the solution I wanted.  I'm using Squid2 for now on the 2.2 beta until the install issues with Squid3 are sorted out, and testing various network configs with 2.2b so that we can migrate across as soon as its release ready. After >10 years of Squid on Linux and custom iptables rulesets, we've been using pfsense for the last year to great effect.

          It does seem a bit logically inconsistent to not have a visible firewall NAT rule for the redirect of port 80 to the squid port for Squid2, but at least it works the way I wanted.  The current implicit redirect behaviour could cause issues for someone troubleshooting multiple proxy servers on the network?

          Talk of which, my next testing step after sorting out the OpenVPN connection overseas is working out whether I can run multiple instances of Squid2 on the same pfsense box, so we can have one http proxy per gateway being routed off the pfsense box.

          @cmb:

          Alternatively, disable transparent proxying in Squid, and add your own port forward to handle the transparent proxy redirect.

          I thought this doesn't work as there's a change in the proxy protocol - doing a redirect without squid configured for transparent mode would require configuring all clients to use the proxy.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            The only thing configuring squid for transparent mode does is automatically add the same redirect you can add manually.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.