Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help (pfsense newbie)

    Off-Topic & Non-Support Discussion
    3
    7
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zedn
      last edited by

      Greeting all pfsense master,

      need help after following all your guide on pfsense and mikrotik  as follow squid.conf:

      Do not edit manually !

      http_port 192.168.2.2:3128
      http_port 127.0.0.1:3128 transparent
      icp_port 0

      pid_filename /var/run/squid.pid
      cache_effective_user proxy
      cache_effective_group proxy
      error_directory /usr/pbi/squid-i386/etc/squid/errors/English
      icon_directory /usr/pbi/squid-i386/etc/squid/icons
      visible_hostname zednet
      cache_mgr zednet@zednet
      access_log /dev/null
      cache_log /var/squid/logs/cache.log
      cache_store_log none
      logfile_rotate 0
      shutdown_lifetime 3 seconds

      Allow local network(s) on interface(s)

      acl localnet src  192.168.2.0/255.255.255.252
      uri_whitespace strip

      cache_mem 1024 MB
      maximum_object_size_in_memory 128 KB
      memory_replacement_policy heap LFUDA
      cache_replacement_policy heap LFUDA
      cache_dir aufs /var/squid/cache 70000 16 256
      minimum_object_size 0 KB
      maximum_object_size 256000 KB
      offline_mode off
      cache_swap_low 90
      cache_swap_high 95

      No redirector configured

      Setup some default acls

      acl all src 0.0.0.0/0.0.0.0
      acl localhost src 127.0.0.1/255.255.255.255
      acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 100 3128 1025-65535 80
      acl sslports port 443 563 100 443
      acl manager proto cache_object
      acl purge method PURGE
      acl connect method CONNECT
      acl dynamic urlpath_regex cgi-bin ?
      acl allowed_subnets src 192.168.1.0/28 192.168.2.0/30
      cache deny dynamic
      http_access allow manager localhost

      http_access deny manager
      http_access allow purge localhost
      http_access deny purge
      http_access deny !safeports
      http_access deny CONNECT !sslports

      Always allow localhost connections

      http_access allow localhost

      request_body_max_size 0 KB
      reply_body_max_size 0 deny all
      delay_pools 1
      delay_class 1 2
      delay_parameters 1 -1/-1 -1/-1
      delay_initial_bucket_level 100
      delay_access 1 allow all

      Custom options

      tcp_outgoing_tos 0x30 all
      zph_mode tos
      zph_local 0x30
      zph_parent 0
      zph_option 136

      Setup allowed acls

      Allow local network(s) on interface(s)

      http_access allow allowed_subnets
      http_access allow localnet

      Default block all to be sure

      http_access deny all

      i got this when i tried to browse on internet :
      ERROR
      The requested URL could not be retrieved
      While trying to process the request:
      GET / HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive
      The following error was encountered:
      Invalid Request
      Some aspect of the HTTP Request is invalid. Possible problems:
      Missing or unknown request method
      Missing URL
      Missing HTTP Identifier (HTTP/1.0)
      Request is too large
      Content-Length missing for POST or PUT requests
      Illegal character in hostname; underscores are not allowed

      note:
      local 192.168.1.0/28
      proxy 192.168.2.0/30
      public 192.168.10.0/29
      using rb750 + pfsense 2.1.1 squid 2.7

      topologi

      192.168.10.1        192.168.1.1          192.168.1.1-192.168.1.12
      internet –------------rb750----------------client
                                        |
                                  pfsense
                              192.168.2.2
      correct me if i'm wrong, still newbie on this
      thanks for your response

      1 Reply Last reply Reply Quote 0
      • Z
        zedn
        last edited by

        note :

        i already tried pfsense 2.1.1, 2.1.2, 2.1.5 all the same

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          How is the pfSense box configured? Just one NIC? Does it show it's able to check for updates on the dashboard?
          The RB750 is routing correctly between those subnets?

          Steve

          1 Reply Last reply Reply Quote 0
          • Z
            zedn
            last edited by

            pfsense configured for 1 nic and it show update on dashboard and rb750 already route correctly. I used pfsense 2.03 lusca cacheboy  + rb750 for 1 years and it's work fine but a few weeks ago the proxy pc got error due to electricity and i install the new pfsense but i got that error.  i read that lusca cache boy has many problem then i start using pfsense 2.1.1 using squid 2.7 , 2.1.2 using squid 2.7 but i got invalid request on browser.

            1 Reply Last reply Reply Quote 0
            • R
              rexki
              last edited by

              Appears you are missing the following in the squid.conf:

              http_port 192.168.1.?:3128

              There is no squid listener on the 192.168.1.0 network

              Either allow on interface and multi-select in big box or hand code into ACL tab

              Rex

              pfSense 2.3.4-Release(amd64) - 31 watts Min d-power mode - 843-853 mbps across LANs -  i5-2400 3xGigE - Asus P8H61-M -All slotted Intel single NICS EM drivers -  shooting for 6 watts - to save $27/year in electricity.  In Hawaii $50 per year savings over 20 watt delta!!

              1 Reply Last reply Reply Quote 0
              • Z
                zedn
                last edited by

                it work if i set 192.168.2.2 port 3128  into client browser manually

                1 Reply Last reply Reply Quote 0
                • Z
                  zedn
                  last edited by

                  case closed, i got error on firewall filter in mikrotik and now it's done. thanks to all for the support  ;D

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post