• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Correct method of configuring PFsense squid proxy non transparent

Scheduled Pinned Locked Moved Cache/Proxy
6 Posts 3 Posters 3.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    Abhishek
    last edited by Aug 21, 2015, 12:17 PM

    I want to configure squid proxy in non transparent mode

    Can i get and good guide for it

    -Already configured WPAD on webserver
    -I am able to access wpad file by HTTp://192.168.1.x:/wpad.dat  -<–-file is downloading

    -Configured DNS server with A record  wpad --->192.168.1.254
    --Squid Proxy installed
    --Created PFsense server CA and deployed to all computers via GPMC.msc

    I also wanted to allow 192.168.1.50-60 IP range without proxy (WIFI mobiles) and Authentication

    Remaning PC i need to be under proxy and authenticated with Radius (ALREADY CONFIGURED-And working-

    2.3-RC (amd64)
    built on Mon Apr 04 17:09:32 CDT 2016
    FreeBSD 10.3-RELEASE
    Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

    darkstat 3.1.2_1
    Lightsquid 3.0.3_1
    mailreport 3.0_1
    pfBlockerNG 2.0.9_1  
    RRD_Summary 1.3.1_2
    snort 3.2.9.1_9  
    squid 0.4.16_1  
    squidGuard 1.14_1
    syslog-ng 1.1.2_2

    1 Reply Last reply Reply Quote 0
    • K
      KOM
      last edited by Aug 21, 2015, 1:05 PM

      There is no one guide to do all that you want.

      Created PFsense server CA and deployed to all computers via GPMC.msc

      This is unnecessary if you're running in explicit mode.

      I also wanted to allow 192.168.1.50-60 IP range without proxy (WIFI mobiles) and Authentication

      Create a firewall rule on LAN that blocks ports 80/443.  Add a rule ABOVE that rule to allow your .50-.60 users to access ports 80/443.  This way they can go straight out without using the proxy.

      1 Reply Last reply Reply Quote 0
      • A
        Abhishek
        last edited by Aug 21, 2015, 1:28 PM

        explicit mode means ? i want to proxy http & https

        Found the answere here

        https://forum.pfsense.org/index.php?topic=93442.0

        thank you , i will try

        Thanks vm , its working and squid guard also in realtime logs i am able to see

        its easier than i taught

        Now i am trying to install Dansguardian

        2.3-RC (amd64)
        built on Mon Apr 04 17:09:32 CDT 2016
        FreeBSD 10.3-RELEASE
        Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

        darkstat 3.1.2_1
        Lightsquid 3.0.3_1
        mailreport 3.0_1
        pfBlockerNG 2.0.9_1  
        RRD_Summary 1.3.1_2
        snort 3.2.9.1_9  
        squid 0.4.16_1  
        squidGuard 1.14_1
        syslog-ng 1.1.2_2

        1 Reply Last reply Reply Quote 0
        • A
          Abhishek
          last edited by Aug 22, 2015, 8:21 AM

          i find all my local traffic is also router to pfsense like LAN user 1(192.168.1.2)  accessing LAN  Website (192.168.1.50) , is there any way to prevent LAN traffic is being sent to Router proxy

          this is my wpad file content

          function FindProxyForURL(url,host)
          {
          return "PROXY 192.168.1.1:3128";
          }

          thank you

          2.3-RC (amd64)
          built on Mon Apr 04 17:09:32 CDT 2016
          FreeBSD 10.3-RELEASE
          Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

          darkstat 3.1.2_1
          Lightsquid 3.0.3_1
          mailreport 3.0_1
          pfBlockerNG 2.0.9_1  
          RRD_Summary 1.3.1_2
          snort 3.2.9.1_9  
          squid 0.4.16_1  
          squidGuard 1.14_1
          syslog-ng 1.1.2_2

          1 Reply Last reply Reply Quote 0
          • A
            aGeekhere
            last edited by Aug 22, 2015, 11:34 PM

            read through this https://forum.pfsense.org/index.php?topic=93060.0

            Never Fear, A Geek is Here!

            1 Reply Last reply Reply Quote 0
            • K
              KOM
              last edited by Aug 24, 2015, 3:02 PM

              Google for 'wpad.dat example' and you will get responses that show you how to edit you wpad.dat file to handle local requests.  Your OS should already handle it if you have it set to bypass the proxy for local addresses.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received