Squid only works in transparent mode



  • Probably user error, sorry. Transparent mode works fine, tested it with Squidgaurd and it works, but everyone says to not use transparent mode (and for the setup I will need, I think I'll need it disabled), and I can't get it to work. I've simplified my config now for testing.

    Config is as follows.

    Squid:
    Squid3 is the only package installed. Did a reinstall of the package following the "troubleshooting Squid" doc page on this site. The service is running. Interface is set to LAN. Port is 3128. "Allow users on interface" is checked. Everything else is default. Authentication is none.

    Firewall:
    Allow any to any on LAN

    Workstation:
    Proxy config manually disabled, internet works.
    Proxy config manually enabled (set to IP of firewall, port 3128), internet doesn't work.

    Nmap scan shows port 80 open and port 3128 filtered (meaning no response)

    What am I doing wrong?



  • What am I doing wrong?

    After installing the package, you have to either restart squid via the control buttons in the top-right corner of the Proxy server: General settings page, or reboot pfSense.  Squid will consistently give you an access denied error until you do one of the two.



  • Well, that's good to know. Thank you. However, now it only works when I use the address of the firewall. Using the CARP address still shows the port as down. Do I need to manually add a NAT rule or is there a way to do this automatically?

    (or is it user error?)



  • You didn't mention anything about CARP in the OP.  I don't have a CARP config and don't really have any answers in that regard.  I would think that, if your CARP config is working in general, then having squid running on both nodes should work but with some issues like the caches not having the same contents.



  • Honestly, I forgot about it.

    I've added a NAT rule to change the destination CARP address to the firewall address and that seems to make it work.