Transparent proxy not working after upgrade to 2.2
-
After update to 2.2 and some fixes, seems that squid is working, but transparent mode is not available. If I configure a client to navigate through port 3128, proxy filters connection, but in transparent mode proxy doesn't listen. May be config error? Any rule to add in 2.2 not needed in 2.1?
I've x86 version and 2.1 was working like a charm.
Thx.
FIRST LINES OF squid.conf - is correct to entries with http_port at 3128?
# Do not edit manually ! http_port 192.168.0.254:3128 http_port 127.0.0.1:3128 transparent icp_port 0 -
I get the same configuration and the same problem: in transparent mode the connection doesn't work. No squid log available.
First lines of squid.conf are the same:
http_port (laninterface):3128 http_port 127.0.0.1:3138 interceptMaybe it is a routing (tcp *:80 to 127.0.0.1:3138) problem?
-
I get the same configuration and the same problem: in transparent mode the connection doesn't work. No squid log available.
First lines of squid.conf are the same:
http_port (laninterface):3128 http_port 127.0.0.1:3138 interceptMaybe it is a routing (tcp *:80 to 127.0.0.1:3138) problem?
Yes, it seems only a routing problem. But this redirection (tcp *:80 to 127.0.0.1:3138) should be done by squid itself checking transparent proxy option. I've tested squid on 3128 and it's working fine, but port 80 comunications aren't redirected. Any ideas?
Thx
-
I get the same configuration and the same problem: in transparent mode the connection doesn't work. No squid log available.
First lines of squid.conf are the same:
http_port (laninterface):3128 http_port 127.0.0.1:3138 interceptMaybe it is a routing (tcp *:80 to 127.0.0.1:3138) problem?
Yes, it seems only a routing problem. But this redirection (tcp *:80 to 127.0.0.1:3138) should be done by squid itself checking transparent proxy option. I've tested squid on 3128 and it's working fine, but port 80 comunications aren't redirected. Any ideas?
Thx
from what I remember from my tests it's a firewall issue, if you manually try to create a nat rule that redirects outgoing connections to the firewall address(either 127.0.0.1 or the LAN one) it doesn't work
the only thing I can think of is that maybe it's a driver issue with some nics since pfsense 2.2 uses freebsd 10, my lan nic is an intel 82801BA/BAM/CA/CAM (device id 2449) and is listed as fxp0 on pfsense -
I had these errors on my squid log:
2015/03/18 12:54:28 kid1| Starting Squid Cache version 3.4.10 for i386-portbld-freebsd10.1... 2015/03/18 12:54:28 kid1| commBind: Cannot bind socket FD 18 to 192.168.2.1:800: (13) Permission denied 2015/03/18 12:54:28 kid1| commBind: Cannot bind socket FD 19 to 192.168.16.1:800: (13) Permission denied FATAL: Unable to open HTTP Socket Squid Cache (Version 3.4.10): Terminated abnormally.Using sockstats I didn't have nothing on the 800 port. I lurked around and I found the solution on the Bugtracker of pfSense [1]. Run this command on console or add it to System/Advanced/Tunables
sysctl net.inet.ip.portrange.reservedhigh=0[1] https://redmine.pfsense.org/issues/4196
