Transparent proxy not working after upgrade to 2.2
-
although it's not a squid issue, I've tried to use netcat to listen to the same port as squid and I don't receive any traffic
this is what I get with pfctl while trying to connect to google.com from a client(192.168.1.9)
rdr on fxp0 inet proto tcp from any to ! (fxp0) port = http -> 127.0.0.1 port 3128 pass in quick on fxp0 proto tcp from any to ! (fxp0) port = 3128 flags S/SA keep state fxp0 tcp 127.0.0.1:3128 (173.194.40.3:80) <- 192.168.1.9:55613 CLOSED:SYN_SENT -
What squid version are you using? Did you tried squid3?
-
-
Any clues on log files? I've tested squid3 on 2.2
-
Any clues on log files? I've tested squid3 on 2.2
no but as I said I don't think it's a squid issue, if I kill squid and run nc -l 3128 I still get nothing
I'm not too familiar with freebsd but I think that
fxp0 tcp 127.0.0.1:3128 (173.194.40.3:80) <- 192.168.1.9:55613 CLOSED:SYN_SENT
should mean that the auto created firewall rule is kinda working but maybe something else blocks it -
so I tried to create a similar nat rule to redirect outgoing connection to 8080 to the pfsense ssh port
but I have the same problemnat on fxp0 inet proto tcp from 192.168.1.0/24 to 127.0.0.1 port = 8080 -> (fxp0) round-robin rdr on fxp0 inet proto tcp from any to any port = 8080 -> 127.0.0.1 port 22 fxp0 tcp 127.0.0.1:22 (8.8.8.8:8080) <- 192.168.1.9:60274 CLOSED:SYN_SENTevery rules redirecting to pfsense itself don't work, is there a way to debug this? I don't see anything being blocked in the firewall logs
-
looks like a fw issue …
try creating a LAN firewall rule that allows lan devices to connect to 127.0.0.1:3128
 -
looks like a fw issue …
try creating a LAN firewall rule that allows lan devices to connect to 127.0.0.1:3128still not working
-
I've tried to disable all non essential rules and interfaces and this is the content of /tmp/rules.debug http://pastebin.com/M8D21nC1
I've compared it to a fresh installation and it looks kinda the same -
I've did once again a clean install, check steps I did to get it working without hacks.
https://forum.pfsense.org/index.php?topic=87424.msg480232#msg480232
-
I've did once again a clean install, check steps I did to get it working without hacks.
https://forum.pfsense.org/index.php?topic=87424.msg480232#msg480232
unfortunately a reinstall is not an option for me since it's 300km away
-
Can you try removing all packages and reapply 2.2 firmware update?
-
Can you try removing all packages and reapply 2.2 firmware update?
I'll try tonight, should I also remove the packages configuration from config.xml?
-
I don't think so. As you posted, it doesn't looks like a package issue.
-
I tried to reapply the update but it's still not working
-
for what it's worth:
I'm using squid on 2.2 in transparent mode and its working.
But I'm not caching anything.Can you output the contents of the squid.conf
-
for what it's worth:
I'm using squid on 2.2 in transparent mode and its working.
But I'm not caching anything.Can you output the contents of the squid.conf
well it's not a squid issue but here it is http://pastebin.com/2htk2jg1
-
Here is mine
# Do not edit manually ! http_port 192.168.1.254:3128 http_port 127.0.0.1:3128 transparent icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/pbi/squid-i386/etc/squid/errors/English icon_directory /usr/pbi/squid-i386/etc/squid/icons visible_hostname fw1.home cache_mgr tielens.t@gmail.com access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none logfile_rotate 7 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.1.0/255.255.255.0 uri_whitespace strip cache_mem 10 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir diskd /var/squid/cache 500 16 256 minimum_object_size 0 KB maximum_object_size 5 KB offline_mode off cache_swap_low 90 cache_swap_high 95 # No redirector configured squid.conf...skipping... # Do not edit manually ! http_port 192.168.1.254:3128 http_port 127.0.0.1:3128 transparent icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/pbi/squid-i386/etc/squid/errors/English icon_directory /usr/pbi/squid-i386/etc/squid/icons visible_hostname fw1.home cache_mgr TieT access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none logfile_rotate 7 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.1.0/255.255.255.0 uri_whitespace strip cache_mem 10 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir diskd /var/squid/cache 500 16 256 minimum_object_size 0 KB maximum_object_size 5 KB offline_mode off cache_swap_low 90 cache_swap_high 95 # No redirector configured # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535 acl sslports port 443 563 acl manager proto cache_object acl purge method PURGE -
Just to be sure, Are you selecting interfaces on squid general tab?
I'm asking because other users had this "issue".
-
Just to be sure, Are you selecting interfaces on squid general tab?
I'm asking because other users had this "issue".
yeah I had that issue as well after upgrading the other day but I fixed it soon after
