Pfsense 2.2 + Squid3 Transparent HTTP proxy Not working again

sujyo1

@Steve:

This is most frustrating. Broken since 2.2 and still no fix. This isn't user error. Many people report upgrading from a perfectly working pre-2.2 config and the find transparent proxy then simply DOES NOT WORK. I provided a lot of pointers to the problem being redirection rather than squid itself, but still no resolution.

Who's responsible for firewall redirection on i386?

Steve

yap…all non working squids should not be in pkgs list.  :(

Rickinfl

Has this been fixed? I don't want to add this then end up rebuilding my pfsense to remove it again.

Thanks
Rick

sujyo1

Thats right too…I never able to uninstall and re install squid using gui. Every time I did try the previous configure is always their!! and as you said
ended up rebuilding my pfsense to remove it again.

marcelloc

@sujyo1:

Thats right too…I never able to uninstall and re install squid using gui. Every time I did try the previous configure is always their!! and as you said

The package uninstall/reinstall will keep settings. It just removes gui files and binaries.

Supermule

CMB has posted a fix in another thread.

Pls. search the forum.

For me it worked fine.

Steve Evans

Link please. There are a large number of threads on this issue, and if each could have a link to the solution posted that would save a lot of time.

Thanks,

Steve

s13

@Steve:

Link please. There are a large number of threads on this issue, and if each could have a link to the solution posted that would save a lot of time.

I second this - I searched and can't find any fix described by CMB.

I use pfSense in a public facility that depends on transparent proxy support mainly for logging purposes, and after upgrading to 2.2.1 last week we've lost that. I've worked around it by setting up WPAD/PAC, but not all clients honor it (and it can be switched off by the user if they choose). As many others have stated, this is not a config issue or user error - the same setup that worked fine for years in 2.0 and 2.1 simply stopped working in 2.2.

sujyo1

Is this start working in 2.2.2 ?

agismaniax

no fix about this error? i also have the same problem. :(

NABAMB

Even on Pfsense 2.2.3 Squid transparent proxy is not working. Still waiting for solution.

Regards,

Nabeel

Marvho

Mine is working fine, I just finished the setup and AD Filter is doing well for multiple Interfaces (squidguard).

NABAMB

Somewhere in forum posts, I saw people who are using traffic shaping limiter and transparent squid proxy facing this issue. Could you confirm that?

Regards,

Nabeel

jalmasi

It's broken allright.

To make long story short - I've found out UI incorrectly configures http_port directive(s), and squid.conf has to be fixed manually.

In regular forward proxy case (no transparent), at least one port directive needs to exist:
http_port [ADDR:]3128

In transparent proxy case, at least two port directives are needed:
http_port 127.0.0.1:3128 intercept
http_port ADDR:3128

where ADDR is LAN interface address.

Of course, that's not enough - something needs to intercept and redirect traffic to squid.
Luckily, that's clickable, and generated rdr works just fine.
Just make sure you click on correct interface(s) on Services->Proxy Server. (Use loopback as proxy interface if using transparent proxy)

HTH

bpb21

@jalmasi:

It's broken allright.

In transparent proxy case, at least two port directives are needed:
http_port 127.0.0.1:3128 intercept
http_port ADDR:3128

where ADDR is LAN interface address.

Of course, that's not enough - something needs to intercept and redirect traffic to squid.
Luckily, that's clickable, and generated rdr works just fine.
Just make sure you click on correct interface(s) on Services->Proxy Server. (Use loopback as proxy interface if using transparent proxy)

HTH

I've just installed pfSense 2.2.4 with squid3, squidguard, and lightsquid.  This all worked fine under pfSense 2.1 but not so much under 2.2.4 so THANK YOU for your help.  Just a couple of questions: "that's clickable, and generated rdr works just fine."  Sorry but, what's clickable?

Are you saying you should select "loopback" for Transparent Proxy Interface(s) instead of LAN?

I still can't get lightsquid to work, even with these changes.  But, I'll take all the help I can get with this!

wesmp3

I have the same issue. :( pfsense 2.2.4 64bits transparent proxy + limiter

irajames

I'm having the same problem whenever I activate transparent proxy pages won't open, this is my first time installing and using pfsense and I thought I configured something wrongly and luckily I came across this page in a search after a day of wrestling with this problem, I'm wondering is there going to be a work around or an update to squid because that is one of the main reasons for installing pfsense.

EDIT: I forgot to mention this is on i386 platform

KOM

The solution is to stop using transparent mode.  Worst thing in the world.  It won't handle any HTTPS sites without MitM warnings, and you really don't want to screw around with having to install certificates on every client that will use the proxy.  Put squid in explicit mode (uncheck Transparent mode) and then implement WPAD to enable auto-detection of the proxy.

rafaelrenan

@KOM:

The solution is to stop using transparent mode.  Worst thing in the world.  It won't handle any HTTPS sites without MitM warnings, and you really don't want to screw around with having to install certificates on every client that will use the proxy.  Put squid in explicit mode (uncheck Transparent mode) and then implement WPAD to enable auto-detection of the proxy.

But in non transparent proxy mode, the Lightsquid doesn't work :(