Correct method of configuring PFsense squid proxy non transparent



  • I want to configure squid proxy in non transparent mode

    Can i get and good guide for it

    -Already configured WPAD on webserver
    -I am able to access wpad file by HTTp://192.168.1.x:/wpad.dat  -<–-file is downloading

    -Configured DNS server with A record  wpad --->192.168.1.254
    --Squid Proxy installed
    --Created PFsense server CA and deployed to all computers via GPMC.msc

    I also wanted to allow 192.168.1.50-60 IP range without proxy (WIFI mobiles) and Authentication

    Remaning PC i need to be under proxy and authenticated with Radius (ALREADY CONFIGURED-And working-



  • There is no one guide to do all that you want.

    Created PFsense server CA and deployed to all computers via GPMC.msc

    This is unnecessary if you're running in explicit mode.

    I also wanted to allow 192.168.1.50-60 IP range without proxy (WIFI mobiles) and Authentication

    Create a firewall rule on LAN that blocks ports 80/443.  Add a rule ABOVE that rule to allow your .50-.60 users to access ports 80/443.  This way they can go straight out without using the proxy.



  • explicit mode means ? i want to proxy http & https

    Found the answere here

    https://forum.pfsense.org/index.php?topic=93442.0

    thank you , i will try

    Thanks vm , its working and squid guard also in realtime logs i am able to see

    its easier than i taught

    Now i am trying to install Dansguardian



  • i find all my local traffic is also router to pfsense like LAN user 1(192.168.1.2)  accessing LAN  Website (192.168.1.50) , is there any way to prevent LAN traffic is being sent to Router proxy

    this is my wpad file content

    function FindProxyForURL(url,host)
    {
    return "PROXY 192.168.1.1:3128";
    }

    thank you





  • Google for 'wpad.dat example' and you will get responses that show you how to edit you wpad.dat file to handle local requests.  Your OS should already handle it if you have it set to bypass the proxy for local addresses.


Log in to reply