• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Limiter blocks internet access (Squid transparent proxy)

Scheduled Pinned Locked Moved Traffic Shaping
73 Posts 34 Posters 34.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    doktornotor Banned
    last edited by May 6, 2015, 8:04 AM

    @gringo13:

    What is problem

    It is broken! Did you read the thread?

    @gringo13:

    and what can i do?

    Ditch the proxy, or wait, or get debugging and coding.

    1 Reply Last reply Reply Quote 0
    • G
      gringo13
      last edited by May 6, 2015, 9:05 AM

      @doktornotor:

      @gringo13:

      What is problem

      It is broken! Did you read the thread?

      @gringo13:

      and what can i do?

      Ditch the proxy, or wait, or get debugging and coding.

      Problem is at the same time transparent mode and traffic shapper doesnt works.
      If i disable limiter then no block internet. But i enable limiter block internet.
      Or i disable transparent mode and enable limiter then works fine but doesnt work filter.

      What do I need to work both at the same time?

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by May 6, 2015, 9:34 AM

        @gringo13:

        What do I need to work both at the same time?

        Go re-read the previous reply a couple of times.

        1 Reply Last reply Reply Quote 0
        • R
          Riroxi
          last edited by Jun 4, 2015, 12:42 AM

          This issue persists on 2.2.2? Oh Crap :(

          1 Reply Last reply Reply Quote 0
          • S
            Skegton
            last edited by Jun 4, 2015, 7:05 AM

            I also noticed this yesterday. After limiters added to pass all rule and logging enabled, the rule blocks all traffic for that interface and fills up the System logs.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by Jun 4, 2015, 7:57 AM

              Your "fills up the System logs" non-issue has nothing to do with the topic here. When you log ALL passed traffic, then yeah, your logs are going to fill up, limiters or not.

              1 Reply Last reply Reply Quote 0
              • E
                eri--
                last edited by Jun 8, 2015, 3:03 AM

                @doktornotor:

                Hmmm? Not really sure how's this related to unbound, or even any resolver at all? When I put limiters on a NAT firewall rule, the traffic stop flowing. As simple as that.

                This should be fixed in 2.2.3 snapshots.

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by Jun 8, 2015, 7:35 AM

                  Thanks, will test as soon as nanobsd becomes usable again…  :D

                  1 Reply Last reply Reply Quote 0
                  • C
                    cwagz
                    last edited by Jun 20, 2015, 10:32 PM

                    @ermal:

                    @doktornotor:

                    Hmmm? Not really sure how's this related to unbound, or even any resolver at all? When I put limiters on a NAT firewall rule, the traffic stop flowing. As simple as that.

                    This should be fixed in 2.2.3 snapshots.

                    I am seeing this problem on 2.2.3-DEVELOPMENT (amd64) built on Fri Jun 19 14:25:29 CDT 2015 FreeBSD 10.1-RELEASE-p13.  No traffic with limiter and transparent proxy.

                    Netgate 6100 MAX

                    1 Reply Last reply Reply Quote 0
                    • D
                      doktornotor Banned
                      last edited by Jun 21, 2015, 10:58 AM

                      Yeah this is still broken. Don't use limiters on NAT.

                      https://redmine.pfsense.org/issues/4596
                      https://redmine.pfsense.org/issues/4590

                      1 Reply Last reply Reply Quote 0
                      • N
                        NABAMB
                        last edited by Jun 29, 2015, 6:03 AM

                        Still not working on Pfsense 2.2.3 final release. I need both, limiter and  transparent squid proxy to work together for my scenario.

                        Regards,

                        Nabeel

                        1 Reply Last reply Reply Quote 0
                        • A
                          Alfanetindo
                          last edited by Aug 1, 2015, 9:10 AM

                          I have been having this problem also. It's a BIG problem actually for me. Does anyone know if it's been fixed yet, and if not if it's been brought to the developers attention ?

                          1 Reply Last reply Reply Quote 0
                          • D
                            Derelict LAYER 8 Netgate
                            last edited by Aug 1, 2015, 9:20 AM

                            Apparently the changes to fix this are significant so they have pushed it to 2.3.  I see they're planning a 2.2.5 first so you're looking at months (at least) before limiters are usable again. Use 2.1.5 and hope no significant vulnerabilities appear since they have stated they will not be patched.  Or evaluate other options, as I am.

                            2.2 is, for the most part, useless if you rely on dummynet limiters.

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • A
                              Abhishek
                              last edited by Aug 1, 2015, 9:36 AM

                              @doktornotor:

                              Well then stick with 2.1.5 until fixed.

                              Can any1 share 2.1.5 v pfsense usb image ?

                              2.3-RC (amd64)
                              built on Mon Apr 04 17:09:32 CDT 2016
                              FreeBSD 10.3-RELEASE
                              Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                              darkstat 3.1.2_1
                              Lightsquid 3.0.3_1
                              mailreport 3.0_1
                              pfBlockerNG 2.0.9_1  
                              RRD_Summary 1.3.1_2
                              snort 3.2.9.1_9  
                              squid 0.4.16_1  
                              squidGuard 1.14_1
                              syslog-ng 1.1.2_2

                              1 Reply Last reply Reply Quote 0
                              • D
                                Derelict LAYER 8 Netgate
                                last edited by Aug 1, 2015, 9:48 AM

                                That's a pretty good question.

                                I just clicked around and couldn't find a 2.1.5 download.

                                You might want to start thinking about other products/distros if you can't wait months for the functionality you need.

                                I <3 pfSense but this limiter shit is getting old.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                1 Reply Last reply Reply Quote 0
                                • D
                                  doktornotor Banned
                                  last edited by Aug 1, 2015, 10:28 AM

                                  @Derelict:

                                  That's a pretty good question.

                                  I just clicked around and couldn't find a 2.1.5 download.

                                  You clicking skills suck.  ;D :P

                                  Just click on the "Just show me the mirrors" on the download page. Select one, and go to "old" dir.

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    Derelict LAYER 8 Netgate
                                    last edited by Aug 1, 2015, 6:00 PM

                                    Didn't see the old dir.  Knew it was there somewhere.  Thanks.

                                    Chattanooga, Tennessee, USA
                                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                    1 Reply Last reply Reply Quote 0
                                    • A
                                      Alfanetindo
                                      last edited by Aug 13, 2015, 3:19 AM

                                      SOLVED*

                                      I managed to find a simple fix. All I needed to do was create a pass all firewall rule on the (LAN) interface for port 3128 (my proxy port).

                                      IPv4 TCP * * * 3128 * none   Rule to allow transparent proxy to work

                                      It worked and the speed limiter still works also.

                                      1 Reply Last reply Reply Quote 0
                                      • A
                                        Abhishek
                                        last edited by Aug 20, 2015, 5:50 AM

                                        @Alfanetindo:

                                        SOLVED*

                                        I managed to find a simple fix. All I needed to do was create a pass all firewall rule on the (LAN) interface for port 3128 (my proxy port).

                                        IPv4 TCP * * * 3128 * none   Rule to allow transparent proxy to work

                                        It worked and the speed limiter still works also.

                                        anyone else tested this ?

                                        2.3-RC (amd64)
                                        built on Mon Apr 04 17:09:32 CDT 2016
                                        FreeBSD 10.3-RELEASE
                                        Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                                        darkstat 3.1.2_1
                                        Lightsquid 3.0.3_1
                                        mailreport 3.0_1
                                        pfBlockerNG 2.0.9_1  
                                        RRD_Summary 1.3.1_2
                                        snort 3.2.9.1_9  
                                        squid 0.4.16_1  
                                        squidGuard 1.14_1
                                        syslog-ng 1.1.2_2

                                        1 Reply Last reply Reply Quote 0
                                        • G
                                          gringo13
                                          last edited by Aug 26, 2015, 5:09 AM

                                          @Abhishek:

                                          @Alfanetindo:

                                          SOLVED*

                                          I managed to find a simple fix. All I needed to do was create a pass all firewall rule on the (LAN) interface for port 3128 (my proxy port).

                                          IPv4 TCP * * * 3128 * none   Rule to allow transparent proxy to work

                                          It worked and the speed limiter still works also.

                                          anyone else tested this ?

                                          Limiter still not working!

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            [[user:consent.lead]]
                                            [[user:consent.not_received]]