Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pfsense 2.2 + Squid3 Transparent HTTP proxy Not working again

    Cache/Proxy
    17
    28
    18342
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Rickinfl last edited by

      Did a fresh install of Pfsense 2.2 installed Squid3 and once again Transparent Proxy not working. https works, but nothing else. I've tried adding NAT for all traffic from 80 to 3128 and still nothing.  Soon as I turn off Transparent Proxy everything is working again, but when I go to a site to check and see if the proxy is working they all say NO Proxy Detected.

      What did I do wrong?

      Thanks,
      Rick

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        Did you selected a interface to use in trasparent mode or just enabled the checkbox?

        1 Reply Last reply Reply Quote 0
        • R
          Rickinfl last edited by

          Yes I have it attached to LAN

          1 Reply Last reply Reply Quote 0
          • KOM
            KOM last edited by

            For me, Squid3 under pfSense 2.2 never works until I reboot after installing it.  After that it works perfectly for me in standard mode.

            1 Reply Last reply Reply Quote 0
            • marcelloc
              marcelloc last edited by

              A stop service and start may do the same result as reboot.

              1 Reply Last reply Reply Quote 0
              • R
                Rickinfl last edited by

                Tried all that. Stop Start, reboot.

                1 Reply Last reply Reply Quote 0
                • M
                  messerchmidt last edited by

                  any luck?

                  1 Reply Last reply Reply Quote 0
                  • K
                    kiartp last edited by

                    I have a same problem like Rickinfl.

                    After go back to version 2.1-Release and to the same setting, it's working fine.

                    How to get transparent Proxy work on version 2.2.1

                    Thanks

                    1 Reply Last reply Reply Quote 0
                    • marcelloc
                      marcelloc last edited by

                      @Mr.Hitman:

                      How to get transparent Proxy work on version 2.2.1

                      The same way you do on squid3-dev on 2.1.

                      check log files, squid -k parse, system logs on gui.

                      1 Reply Last reply Reply Quote 0
                      • S
                        Steve Evans last edited by

                        This is most frustrating. Broken since 2.2 and still no fix. This isn't user error. Many people report upgrading from a perfectly working pre-2.2 config and the find transparent proxy then simply DOES NOT WORK. I provided a lot of pointers to the problem being redirection rather than squid itself, but still no resolution.

                        Who's responsible for firewall redirection on i386?

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • S
                          sujyo1 last edited by

                          @Steve:

                          This is most frustrating. Broken since 2.2 and still no fix. This isn't user error. Many people report upgrading from a perfectly working pre-2.2 config and the find transparent proxy then simply DOES NOT WORK. I provided a lot of pointers to the problem being redirection rather than squid itself, but still no resolution.

                          Who's responsible for firewall redirection on i386?

                          Steve

                          yap…all non working squids should not be in pkgs list.  :(

                          1 Reply Last reply Reply Quote 0
                          • R
                            Rickinfl last edited by

                            Has this been fixed? I don't want to add this then end up rebuilding my pfsense to remove it again.

                            Thanks
                            Rick

                            1 Reply Last reply Reply Quote 0
                            • S
                              sujyo1 last edited by

                              Thats right too…I never able to uninstall and re install squid using gui. Every time I did try the previous configure is always their!! and as you said
                              ended up rebuilding my pfsense to remove it again.

                              1 Reply Last reply Reply Quote 0
                              • marcelloc
                                marcelloc last edited by

                                @sujyo1:

                                Thats right too…I never able to uninstall and re install squid using gui. Every time I did try the previous configure is always their!! and as you said

                                The package uninstall/reinstall will keep settings. It just removes gui files and binaries.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  Supermule Banned last edited by

                                  CMB has posted a fix in another thread.

                                  Pls. search the forum.

                                  For me it worked fine.

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    Steve Evans last edited by

                                    Link please. There are a large number of threads on this issue, and if each could have a link to the solution posted that would save a lot of time.

                                    Thanks,

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      s13 last edited by

                                      @Steve:

                                      Link please. There are a large number of threads on this issue, and if each could have a link to the solution posted that would save a lot of time.

                                      I second this - I searched and can't find any fix described by CMB.

                                      I use pfSense in a public facility that depends on transparent proxy support mainly for logging purposes, and after upgrading to 2.2.1 last week we've lost that. I've worked around it by setting up WPAD/PAC, but not all clients honor it (and it can be switched off by the user if they choose). As many others have stated, this is not a config issue or user error - the same setup that worked fine for years in 2.0 and 2.1 simply stopped working in 2.2.

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        sujyo1 last edited by

                                        Is this start working in 2.2.2 ?

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          agismaniax last edited by

                                          no fix about this error? i also have the same problem. :(

                                          1 Reply Last reply Reply Quote 0
                                          • N
                                            NABAMB last edited by

                                            Even on Pfsense 2.2.3 Squid transparent proxy is not working. Still waiting for solution.

                                            Regards,

                                            Nabeel

                                            1 Reply Last reply Reply Quote 0
                                            • M
                                              Marvho last edited by

                                              Mine is working fine, I just finished the setup and AD Filter is doing well for multiple Interfaces (squidguard).

                                              1 Reply Last reply Reply Quote 0
                                              • N
                                                NABAMB last edited by

                                                Somewhere in forum posts, I saw people who are using traffic shaping limiter and transparent squid proxy facing this issue. Could you confirm that?

                                                Regards,

                                                Nabeel

                                                1 Reply Last reply Reply Quote 0
                                                • J
                                                  jalmasi last edited by

                                                  It's broken allright.

                                                  To make long story short - I've found out UI incorrectly configures http_port directive(s), and squid.conf has to be fixed manually.

                                                  In regular forward proxy case (no transparent), at least one port directive needs to exist:
                                                  http_port [ADDR:]3128

                                                  In transparent proxy case, at least two port directives are needed:
                                                  http_port 127.0.0.1:3128 intercept
                                                  http_port ADDR:3128

                                                  where ADDR is LAN interface address.

                                                  Of course, that's not enough - something needs to intercept and redirect traffic to squid.
                                                  Luckily, that's clickable, and generated rdr works just fine.
                                                  Just make sure you click on correct interface(s) on Services->Proxy Server. (Use loopback as proxy interface if using transparent proxy)

                                                  HTH

                                                  1 Reply Last reply Reply Quote 0
                                                  • B
                                                    bpb21 last edited by

                                                    @jalmasi:

                                                    It's broken allright.

                                                    In transparent proxy case, at least two port directives are needed:
                                                    http_port 127.0.0.1:3128 intercept
                                                    http_port ADDR:3128

                                                    where ADDR is LAN interface address.

                                                    Of course, that's not enough - something needs to intercept and redirect traffic to squid.
                                                    Luckily, that's clickable, and generated rdr works just fine.
                                                    Just make sure you click on correct interface(s) on Services->Proxy Server. (Use loopback as proxy interface if using transparent proxy)

                                                    HTH

                                                    I've just installed pfSense 2.2.4 with squid3, squidguard, and lightsquid.  This all worked fine under pfSense 2.1 but not so much under 2.2.4 so THANK YOU for your help.  Just a couple of questions: "that's clickable, and generated rdr works just fine."  Sorry but, what's clickable?

                                                    Are you saying you should select "loopback" for Transparent Proxy Interface(s) instead of LAN?

                                                    I still can't get lightsquid to work, even with these changes.  But, I'll take all the help I can get with this!

                                                    1 Reply Last reply Reply Quote 0
                                                    • W
                                                      wesmp3 last edited by

                                                      I have the same issue. :( pfsense 2.2.4 64bits transparent proxy + limiter

                                                      1 Reply Last reply Reply Quote 0
                                                      • I
                                                        irajames last edited by

                                                        I'm having the same problem whenever I activate transparent proxy pages won't open, this is my first time installing and using pfsense and I thought I configured something wrongly and luckily I came across this page in a search after a day of wrestling with this problem, I'm wondering is there going to be a work around or an update to squid because that is one of the main reasons for installing pfsense.

                                                        EDIT: I forgot to mention this is on i386 platform

                                                        1 Reply Last reply Reply Quote 0
                                                        • KOM
                                                          KOM last edited by

                                                          The solution is to stop using transparent mode.  Worst thing in the world.  It won't handle any HTTPS sites without MitM warnings, and you really don't want to screw around with having to install certificates on every client that will use the proxy.  Put squid in explicit mode (uncheck Transparent mode) and then implement WPAD to enable auto-detection of the proxy.

                                                          1 Reply Last reply Reply Quote 0
                                                          • R
                                                            rafaelrenan last edited by

                                                            @KOM:

                                                            The solution is to stop using transparent mode.  Worst thing in the world.  It won't handle any HTTPS sites without MitM warnings, and you really don't want to screw around with having to install certificates on every client that will use the proxy.  Put squid in explicit mode (uncheck Transparent mode) and then implement WPAD to enable auto-detection of the proxy.

                                                            But in non transparent proxy mode, the Lightsquid doesn't work :(

                                                            1 Reply Last reply Reply Quote 0
                                                            • First post
                                                              Last post

                                                            Products

                                                            • Platform Overview
                                                            • TNSR
                                                            • pfSense
                                                            • Appliances

                                                            Services

                                                            • Training
                                                            • Professional Services

                                                            Support

                                                            • Subscription Plans
                                                            • Contact Support
                                                            • Product Lifecycle
                                                            • Documentation

                                                            News

                                                            • Media Coverage
                                                            • Press
                                                            • Events

                                                            Resources

                                                            • Blog
                                                            • FAQ
                                                            • Find a Partner
                                                            • Resource Library
                                                            • Security Information

                                                            Company

                                                            • About Us
                                                            • Careers
                                                            • Partners
                                                            • Contact Us
                                                            • Legal
                                                            Our Mission

                                                            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                                            Subscribe to our Newsletter

                                                            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                                            © 2021 Rubicon Communications, LLC | Privacy Policy