Limiter blocks internet access (Squid transparent proxy)
-
-
What is problem
It is broken! Did you read the thread?
and what can i do?
Ditch the proxy, or wait, or get debugging and coding.
Problem is at the same time transparent mode and traffic shapper doesnt works.
If i disable limiter then no block internet. But i enable limiter block internet.
Or i disable transparent mode and enable limiter then works fine but doesnt work filter.What do I need to work both at the same time?
-
What do I need to work both at the same time?
Go re-read the previous reply a couple of times.
-
This issue persists on 2.2.2? Oh Crap :(
-
I also noticed this yesterday. After limiters added to pass all rule and logging enabled, the rule blocks all traffic for that interface and fills up the System logs.
-
Your "fills up the System logs" non-issue has nothing to do with the topic here. When you log ALL passed traffic, then yeah, your logs are going to fill up, limiters or not.
-
Hmmm? Not really sure how's this related to unbound, or even any resolver at all? When I put limiters on a NAT firewall rule, the traffic stop flowing. As simple as that.
This should be fixed in 2.2.3 snapshots.
-
Thanks, will test as soon as nanobsd becomes usable again… :D
-
@ermal:
Hmmm? Not really sure how's this related to unbound, or even any resolver at all? When I put limiters on a NAT firewall rule, the traffic stop flowing. As simple as that.
This should be fixed in 2.2.3 snapshots.
I am seeing this problem on 2.2.3-DEVELOPMENT (amd64) built on Fri Jun 19 14:25:29 CDT 2015 FreeBSD 10.1-RELEASE-p13. No traffic with limiter and transparent proxy.
-
Yeah this is still broken. Don't use limiters on NAT.
https://redmine.pfsense.org/issues/4596
https://redmine.pfsense.org/issues/4590 -
Still not working on Pfsense 2.2.3 final release. I need both, limiter and transparent squid proxy to work together for my scenario.
Regards,
Nabeel
-
I have been having this problem also. It's a BIG problem actually for me. Does anyone know if it's been fixed yet, and if not if it's been brought to the developers attention ?
-
Apparently the changes to fix this are significant so they have pushed it to 2.3. I see they're planning a 2.2.5 first so you're looking at months (at least) before limiters are usable again. Use 2.1.5 and hope no significant vulnerabilities appear since they have stated they will not be patched. Or evaluate other options, as I am.
2.2 is, for the most part, useless if you rely on dummynet limiters.
-
-
That's a pretty good question.
I just clicked around and couldn't find a 2.1.5 download.
You might want to start thinking about other products/distros if you can't wait months for the functionality you need.
I <3 pfSense but this limiter shit is getting old.
-
That's a pretty good question.
I just clicked around and couldn't find a 2.1.5 download.
You clicking skills suck. ;D :P
Just click on the "Just show me the mirrors" on the download page. Select one, and go to "old" dir.
-
Didn't see the old dir. Knew it was there somewhere. Thanks.
-
SOLVED*
I managed to find a simple fix. All I needed to do was create a pass all firewall rule on the (LAN) interface for port 3128 (my proxy port).
IPv4 TCP * * * 3128 * none Rule to allow transparent proxy to work
It worked and the speed limiter still works also.
-
SOLVED*
I managed to find a simple fix. All I needed to do was create a pass all firewall rule on the (LAN) interface for port 3128 (my proxy port).
IPv4 TCP * * * 3128 * none Rule to allow transparent proxy to work
It worked and the speed limiter still works also.
anyone else tested this ?
-
SOLVED*
I managed to find a simple fix. All I needed to do was create a pass all firewall rule on the (LAN) interface for port 3128 (my proxy port).
IPv4 TCP * * * 3128 * none Rule to allow transparent proxy to work
It worked and the speed limiter still works also.
anyone else tested this ?
Limiter still not working!