Pfsense 2.2 + Squid3 Transparent HTTP proxy Not working again
-
Did a fresh install of Pfsense 2.2 installed Squid3 and once again Transparent Proxy not working. https works, but nothing else. I've tried adding NAT for all traffic from 80 to 3128 and still nothing. Soon as I turn off Transparent Proxy everything is working again, but when I go to a site to check and see if the proxy is working they all say NO Proxy Detected.
What did I do wrong?
Thanks,
Rick -
Did you selected a interface to use in trasparent mode or just enabled the checkbox?
-
Yes I have it attached to LAN
-
For me, Squid3 under pfSense 2.2 never works until I reboot after installing it. After that it works perfectly for me in standard mode.
-
A stop service and start may do the same result as reboot.
-
Tried all that. Stop Start, reboot.
-
any luck?
-
I have a same problem like Rickinfl.
After go back to version 2.1-Release and to the same setting, it's working fine.
How to get transparent Proxy work on version 2.2.1
Thanks
-
@Mr.Hitman:
How to get transparent Proxy work on version 2.2.1
The same way you do on squid3-dev on 2.1.
check log files, squid -k parse, system logs on gui.
-
This is most frustrating. Broken since 2.2 and still no fix. This isn't user error. Many people report upgrading from a perfectly working pre-2.2 config and the find transparent proxy then simply DOES NOT WORK. I provided a lot of pointers to the problem being redirection rather than squid itself, but still no resolution.
Who's responsible for firewall redirection on i386?
Steve
-
This is most frustrating. Broken since 2.2 and still no fix. This isn't user error. Many people report upgrading from a perfectly working pre-2.2 config and the find transparent proxy then simply DOES NOT WORK. I provided a lot of pointers to the problem being redirection rather than squid itself, but still no resolution.
Who's responsible for firewall redirection on i386?
Steve
yap…all non working squids should not be in pkgs list. :(
-
Has this been fixed? I don't want to add this then end up rebuilding my pfsense to remove it again.
Thanks
Rick -
Thats right too…I never able to uninstall and re install squid using gui. Every time I did try the previous configure is always their!! and as you said
ended up rebuilding my pfsense to remove it again. -
Thats right too…I never able to uninstall and re install squid using gui. Every time I did try the previous configure is always their!! and as you said
The package uninstall/reinstall will keep settings. It just removes gui files and binaries.
-
CMB has posted a fix in another thread.
Pls. search the forum.
For me it worked fine.
-
Link please. There are a large number of threads on this issue, and if each could have a link to the solution posted that would save a lot of time.
Thanks,
Steve
-
Link please. There are a large number of threads on this issue, and if each could have a link to the solution posted that would save a lot of time.
I second this - I searched and can't find any fix described by CMB.
I use pfSense in a public facility that depends on transparent proxy support mainly for logging purposes, and after upgrading to 2.2.1 last week we've lost that. I've worked around it by setting up WPAD/PAC, but not all clients honor it (and it can be switched off by the user if they choose). As many others have stated, this is not a config issue or user error - the same setup that worked fine for years in 2.0 and 2.1 simply stopped working in 2.2.
-
Is this start working in 2.2.2 ?
-
no fix about this error? i also have the same problem. :(
-
Even on Pfsense 2.2.3 Squid transparent proxy is not working. Still waiting for solution.
Regards,
Nabeel
-
Mine is working fine, I just finished the setup and AD Filter is doing well for multiple Interfaces (squidguard).
-
Somewhere in forum posts, I saw people who are using traffic shaping limiter and transparent squid proxy facing this issue. Could you confirm that?
Regards,
Nabeel
-
It's broken allright.
To make long story short - I've found out UI incorrectly configures http_port directive(s), and squid.conf has to be fixed manually.
In regular forward proxy case (no transparent), at least one port directive needs to exist:
http_port [ADDR:]3128In transparent proxy case, at least two port directives are needed:
http_port 127.0.0.1:3128 intercept
http_port ADDR:3128where ADDR is LAN interface address.
Of course, that's not enough - something needs to intercept and redirect traffic to squid.
Luckily, that's clickable, and generated rdr works just fine.
Just make sure you click on correct interface(s) on Services->Proxy Server. (Use loopback as proxy interface if using transparent proxy)HTH
-
It's broken allright.
In transparent proxy case, at least two port directives are needed:
http_port 127.0.0.1:3128 intercept
http_port ADDR:3128where ADDR is LAN interface address.
Of course, that's not enough - something needs to intercept and redirect traffic to squid.
Luckily, that's clickable, and generated rdr works just fine.
Just make sure you click on correct interface(s) on Services->Proxy Server. (Use loopback as proxy interface if using transparent proxy)HTH
I've just installed pfSense 2.2.4 with squid3, squidguard, and lightsquid. This all worked fine under pfSense 2.1 but not so much under 2.2.4 so THANK YOU for your help. Just a couple of questions: "that's clickable, and generated rdr works just fine." Sorry but, what's clickable?
Are you saying you should select "loopback" for Transparent Proxy Interface(s) instead of LAN?
I still can't get lightsquid to work, even with these changes. But, I'll take all the help I can get with this!
-
I have the same issue. :( pfsense 2.2.4 64bits transparent proxy + limiter
-
I'm having the same problem whenever I activate transparent proxy pages won't open, this is my first time installing and using pfsense and I thought I configured something wrongly and luckily I came across this page in a search after a day of wrestling with this problem, I'm wondering is there going to be a work around or an update to squid because that is one of the main reasons for installing pfsense.
EDIT: I forgot to mention this is on i386 platform
-
The solution is to stop using transparent mode. Worst thing in the world. It won't handle any HTTPS sites without MitM warnings, and you really don't want to screw around with having to install certificates on every client that will use the proxy. Put squid in explicit mode (uncheck Transparent mode) and then implement WPAD to enable auto-detection of the proxy.
-
@KOM:
The solution is to stop using transparent mode. Worst thing in the world. It won't handle any HTTPS sites without MitM warnings, and you really don't want to screw around with having to install certificates on every client that will use the proxy. Put squid in explicit mode (uncheck Transparent mode) and then implement WPAD to enable auto-detection of the proxy.
But in non transparent proxy mode, the Lightsquid doesn't work :(
