Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Limiter blocks internet access (Squid transparent proxy)

    Scheduled Pinned Locked Moved Traffic Shaping
    73 Posts 34 Posters 33.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doktornotor Banned
      last edited by

      @gringo13:

      What is problem

      It is broken! Did you read the thread?

      @gringo13:

      and what can i do?

      Ditch the proxy, or wait, or get debugging and coding.

      1 Reply Last reply Reply Quote 0
      • G
        gringo13
        last edited by

        @doktornotor:

        @gringo13:

        What is problem

        It is broken! Did you read the thread?

        @gringo13:

        and what can i do?

        Ditch the proxy, or wait, or get debugging and coding.

        Problem is at the same time transparent mode and traffic shapper doesnt works.
        If i disable limiter then no block internet. But i enable limiter block internet.
        Or i disable transparent mode and enable limiter then works fine but doesnt work filter.

        What do I need to work both at the same time?

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          @gringo13:

          What do I need to work both at the same time?

          Go re-read the previous reply a couple of times.

          1 Reply Last reply Reply Quote 0
          • R
            Riroxi
            last edited by

            This issue persists on 2.2.2? Oh Crap :(

            1 Reply Last reply Reply Quote 0
            • S
              Skegton
              last edited by

              I also noticed this yesterday. After limiters added to pass all rule and logging enabled, the rule blocks all traffic for that interface and fills up the System logs.

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                Your "fills up the System logs" non-issue has nothing to do with the topic here. When you log ALL passed traffic, then yeah, your logs are going to fill up, limiters or not.

                1 Reply Last reply Reply Quote 0
                • E
                  eri--
                  last edited by

                  @doktornotor:

                  Hmmm? Not really sure how's this related to unbound, or even any resolver at all? When I put limiters on a NAT firewall rule, the traffic stop flowing. As simple as that.

                  This should be fixed in 2.2.3 snapshots.

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    Thanks, will test as soon as nanobsd becomes usable again…  :D

                    1 Reply Last reply Reply Quote 0
                    • cwagzC
                      cwagz
                      last edited by

                      @ermal:

                      @doktornotor:

                      Hmmm? Not really sure how's this related to unbound, or even any resolver at all? When I put limiters on a NAT firewall rule, the traffic stop flowing. As simple as that.

                      This should be fixed in 2.2.3 snapshots.

                      I am seeing this problem on 2.2.3-DEVELOPMENT (amd64) built on Fri Jun 19 14:25:29 CDT 2015 FreeBSD 10.1-RELEASE-p13.  No traffic with limiter and transparent proxy.

                      Netgate 6100 MAX

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        Yeah this is still broken. Don't use limiters on NAT.

                        https://redmine.pfsense.org/issues/4596
                        https://redmine.pfsense.org/issues/4590

                        1 Reply Last reply Reply Quote 0
                        • N
                          NABAMB
                          last edited by

                          Still not working on Pfsense 2.2.3 final release. I need both, limiter and  transparent squid proxy to work together for my scenario.

                          Regards,

                          Nabeel

                          1 Reply Last reply Reply Quote 0
                          • A
                            Alfanetindo
                            last edited by

                            I have been having this problem also. It's a BIG problem actually for me. Does anyone know if it's been fixed yet, and if not if it's been brought to the developers attention ?

                            1 Reply Last reply Reply Quote 0
                            • DerelictD
                              Derelict LAYER 8 Netgate
                              last edited by

                              Apparently the changes to fix this are significant so they have pushed it to 2.3.  I see they're planning a 2.2.5 first so you're looking at months (at least) before limiters are usable again. Use 2.1.5 and hope no significant vulnerabilities appear since they have stated they will not be patched.  Or evaluate other options, as I am.

                              2.2 is, for the most part, useless if you rely on dummynet limiters.

                              Chattanooga, Tennessee, USA
                              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                              Do Not Chat For Help! NO_WAN_EGRESS(TM)

                              1 Reply Last reply Reply Quote 0
                              • A
                                Abhishek
                                last edited by

                                @doktornotor:

                                Well then stick with 2.1.5 until fixed.

                                Can any1 share 2.1.5 v pfsense usb image ?

                                2.3-RC (amd64)
                                built on Mon Apr 04 17:09:32 CDT 2016
                                FreeBSD 10.3-RELEASE
                                Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                                darkstat 3.1.2_1
                                Lightsquid 3.0.3_1
                                mailreport 3.0_1
                                pfBlockerNG 2.0.9_1  
                                RRD_Summary 1.3.1_2
                                snort 3.2.9.1_9  
                                squid 0.4.16_1  
                                squidGuard 1.14_1
                                syslog-ng 1.1.2_2

                                1 Reply Last reply Reply Quote 0
                                • DerelictD
                                  Derelict LAYER 8 Netgate
                                  last edited by

                                  That's a pretty good question.

                                  I just clicked around and couldn't find a 2.1.5 download.

                                  You might want to start thinking about other products/distros if you can't wait months for the functionality you need.

                                  I <3 pfSense but this limiter shit is getting old.

                                  Chattanooga, Tennessee, USA
                                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    doktornotor Banned
                                    last edited by

                                    @Derelict:

                                    That's a pretty good question.

                                    I just clicked around and couldn't find a 2.1.5 download.

                                    You clicking skills suck.  ;D :P

                                    Just click on the "Just show me the mirrors" on the download page. Select one, and go to "old" dir.

                                    1 Reply Last reply Reply Quote 0
                                    • DerelictD
                                      Derelict LAYER 8 Netgate
                                      last edited by

                                      Didn't see the old dir.  Knew it was there somewhere.  Thanks.

                                      Chattanooga, Tennessee, USA
                                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                      1 Reply Last reply Reply Quote 0
                                      • A
                                        Alfanetindo
                                        last edited by

                                        SOLVED*

                                        I managed to find a simple fix. All I needed to do was create a pass all firewall rule on the (LAN) interface for port 3128 (my proxy port).

                                        IPv4 TCP * * * 3128 * none   Rule to allow transparent proxy to work

                                        It worked and the speed limiter still works also.

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          Abhishek
                                          last edited by

                                          @Alfanetindo:

                                          SOLVED*

                                          I managed to find a simple fix. All I needed to do was create a pass all firewall rule on the (LAN) interface for port 3128 (my proxy port).

                                          IPv4 TCP * * * 3128 * none   Rule to allow transparent proxy to work

                                          It worked and the speed limiter still works also.

                                          anyone else tested this ?

                                          2.3-RC (amd64)
                                          built on Mon Apr 04 17:09:32 CDT 2016
                                          FreeBSD 10.3-RELEASE
                                          Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

                                          darkstat 3.1.2_1
                                          Lightsquid 3.0.3_1
                                          mailreport 3.0_1
                                          pfBlockerNG 2.0.9_1  
                                          RRD_Summary 1.3.1_2
                                          snort 3.2.9.1_9  
                                          squid 0.4.16_1  
                                          squidGuard 1.14_1
                                          syslog-ng 1.1.2_2

                                          1 Reply Last reply Reply Quote 0
                                          • G
                                            gringo13
                                            last edited by

                                            @Abhishek:

                                            @Alfanetindo:

                                            SOLVED*

                                            I managed to find a simple fix. All I needed to do was create a pass all firewall rule on the (LAN) interface for port 3128 (my proxy port).

                                            IPv4 TCP * * * 3128 * none   Rule to allow transparent proxy to work

                                            It worked and the speed limiter still works also.

                                            anyone else tested this ?

                                            Limiter still not working!

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.