Need help (pfsense newbie)



  • Greeting all pfsense master,

    need help after following all your guide on pfsense and mikrotik  as follow squid.conf:

    Do not edit manually !

    http_port 192.168.2.2:3128
    http_port 127.0.0.1:3128 transparent
    icp_port 0

    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_directory /usr/pbi/squid-i386/etc/squid/errors/English
    icon_directory /usr/pbi/squid-i386/etc/squid/icons
    visible_hostname zednet
    cache_mgr zednet@zednet
    access_log /dev/null
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    logfile_rotate 0
    shutdown_lifetime 3 seconds

    Allow local network(s) on interface(s)

    acl localnet src  192.168.2.0/255.255.255.252
    uri_whitespace strip

    cache_mem 1024 MB
    maximum_object_size_in_memory 128 KB
    memory_replacement_policy heap LFUDA
    cache_replacement_policy heap LFUDA
    cache_dir aufs /var/squid/cache 70000 16 256
    minimum_object_size 0 KB
    maximum_object_size 256000 KB
    offline_mode off
    cache_swap_low 90
    cache_swap_high 95

    No redirector configured

    Setup some default acls

    acl all src 0.0.0.0/0.0.0.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 100 3128 1025-65535 80
    acl sslports port 443 563 100 443
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    acl dynamic urlpath_regex cgi-bin ?
    acl allowed_subnets src 192.168.1.0/28 192.168.2.0/30
    cache deny dynamic
    http_access allow manager localhost

    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports

    Always allow localhost connections

    http_access allow localhost

    request_body_max_size 0 KB
    reply_body_max_size 0 deny all
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow all

    Custom options

    tcp_outgoing_tos 0x30 all
    zph_mode tos
    zph_local 0x30
    zph_parent 0
    zph_option 136

    Setup allowed acls

    Allow local network(s) on interface(s)

    http_access allow allowed_subnets
    http_access allow localnet

    Default block all to be sure

    http_access deny all

    i got this when i tried to browse on internet :
    ERROR
    The requested URL could not be retrieved
    While trying to process the request:
    GET / HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive
    The following error was encountered:
    Invalid Request
    Some aspect of the HTTP Request is invalid. Possible problems:
    Missing or unknown request method
    Missing URL
    Missing HTTP Identifier (HTTP/1.0)
    Request is too large
    Content-Length missing for POST or PUT requests
    Illegal character in hostname; underscores are not allowed

    note:
    local 192.168.1.0/28
    proxy 192.168.2.0/30
    public 192.168.10.0/29
    using rb750 + pfsense 2.1.1 squid 2.7

    topologi

    192.168.10.1        192.168.1.1          192.168.1.1-192.168.1.12
    internet –------------rb750----------------client
                                      |
                                pfsense
                            192.168.2.2
    correct me if i'm wrong, still newbie on this
    thanks for your response



  • note :

    i already tried pfsense 2.1.1, 2.1.2, 2.1.5 all the same


  • Netgate Administrator

    How is the pfSense box configured? Just one NIC? Does it show it's able to check for updates on the dashboard?
    The RB750 is routing correctly between those subnets?

    Steve



  • pfsense configured for 1 nic and it show update on dashboard and rb750 already route correctly. I used pfsense 2.03 lusca cacheboy  + rb750 for 1 years and it's work fine but a few weeks ago the proxy pc got error due to electricity and i install the new pfsense but i got that error.  i read that lusca cache boy has many problem then i start using pfsense 2.1.1 using squid 2.7 , 2.1.2 using squid 2.7 but i got invalid request on browser.



  • Appears you are missing the following in the squid.conf:

    http_port 192.168.1.?:3128

    There is no squid listener on the 192.168.1.0 network

    Either allow on interface and multi-select in big box or hand code into ACL tab

    Rex



  • it work if i set 192.168.2.2 port 3128  into client browser manually



  • case closed, i got error on firewall filter in mikrotik and now it's done. thanks to all for the support  ;D


Log in to reply