Squid3 Not Wanting to Allow Traffic From Specific Interfaces

  • Hello, all!

    I've got a problem with a couple of the virtual interfaces not being allowed to pass traffic through Squid (they cannot access the internet when it is enabled, and traffic from those two interfaces does not show up under the "Real time" tab). Out of 5 interfaces, 3 have no problem and the last 2 do. It worked for the longest time, then for some unknown reason it stopped working a little while back when I was making some changes (it was after an upgrade I believe). I have made a backup, removed the Squid settings from the backup file, and restored to reset all Squid settings, and it is still not working.

    When "Allow Users On Interface" is unchecked, users on the two VLANs are able to get to the internet. When it is checked, they are able to ping but not access webpages. When the interfaces are deselected from the "Transparent Proxy interface(s)" selection, they are able to get at the internet even if "Allow Users On Interface" is selected.

    Attached are the firewall rules set up for the interface… I don't believe that any real changes have been made to the rules for quite some time, so don't believe that this is affecting it, but figured I'd throw them up here anyway.

    I'm not even sure where to start with diagnosing problem. If someone could give me some commands to run, or some way to look at the automatically-generated NAT rules to see if they're being set up correctly, then I could start trying to figure it out.

    ![pfSense Firewall Rules.png](/public/imported_attachments/1/pfSense Firewall Rules.png)
    ![pfSense Firewall Rules.png_thumb](/public/imported_attachments/1/pfSense Firewall Rules.png_thumb)

  • I also experienced same problem using fresh install of pfsense 2.2 and squid3

    Anyone has a solution?

  • You didn't mention if you have any of these extra networks defined in Services - Proxy Server - ACLs - Squid Access Control Lists - Allowed Subnets

  • Just to add, i wrote the network vlan on the allowed subnet (192.168.13.x is my network and is the squid)

  • Anything in /var/squid/logs/cache.log?

Log in to reply