Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Transparent proxy on squid3 not working

    Scheduled Pinned Locked Moved Cache/Proxy
    11 Posts 5 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NetViciousN
      NetVicious
      last edited by

      My squid+squidGuard don't works after the upgrade to 2.2.5, on 2.2.4 i think I was using the old squid2 but that package seems to be removed from the 2.2.5 pool.

      The problem it seems to be the transparent proxy of squid. The connections of the users are not being redirected to the proxy so they're not being filtered by squidGuard.

      I discovered it using the http://browserspy.dk/headers.php webpage because I cannot see the VIA header.
      If I set manually the proxy on my browser the VIA header it's correctly shown and pages are filtered.

      I read something related to pf.conf for allow this kind of redirection, but the pf.conf seems not been created by pfSense.

      The squid3 package seems to be correctly compiled because it has the –enable-pf-transparent directive but it seems to not work.

      On the transparent interfaces I set the LAN nic (tried with and without loopback).
      And in the allowed subnet I added my internal networks.

      ..//\/ e t . \/ i c i o u s ..

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Please, stop trying to upgrade from Squid2. Start from scratch.

        1 Reply Last reply Reply Quote 0
        • NetViciousN
          NetVicious
          last edited by

          Ditto.

          After the upgrade the squid3 configuration was empty so I did it another time. But I got the error I posted.

          I fixed it now. Disable the transparent proxy, saving, restart. Enable the transparent proxy, save, restart.

          Sorry for bugging but all seemed ok.

          ..//\/ e t . \/ i c i o u s ..

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            By "start from scratch" I mean you should wipe any and all Squid references from config.xml.

            1 Reply Last reply Reply Quote 0
            • K
              killmasta93
              last edited by

              If I were you start fresh as in format the drive + reinstall pfSense

              Tutorials:

              https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

              1 Reply Last reply Reply Quote 0
              • K
                kivimart
                last edited by

                Here is my solution.

                I onley have 1 nic

                Original non transparent proxy on port 3128 on wan interface

                Then i add this line below Custom ACLS (Before Auth)

                "http_port IpAdressProxy:3129 accel vhost allow-direct" where ip adress is the the statick of the proxy server.

                Then on mikrotik router i have Firewall rule that  redirect port 80 to port 3129

                then i can use standard proxy and transparent.

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  @kivimart:

                  Here is my solution.
                  I onley have 1 nic
                  Then on mikrotik router i have Firewall rule

                  Solution for what? Has the OP mentioned he has only one NIC and Mikrotik router?  ::)

                  1 Reply Last reply Reply Quote 0
                  • K
                    knothstine
                    last edited by

                    I'm having the same problem, but with squid 4.3.9 and squidGuard 1.9.15.

                    kivimart, I'd like to try your solution, but I don't know where to put it.

                    1 Reply Last reply Reply Quote 0
                    • K
                      kivimart
                      last edited by

                      In squid proxy server-> general tab then below Advanced features there Custom ACLS (Before Auth) click advanced paste the line below but before change your ip adress.

                      http_port 172.16.10.2:3129 accel vhost allow-direct

                      1 Reply Last reply Reply Quote 0
                      • NetViciousN
                        NetVicious
                        last edited by

                        There is so much work on this pfSense to start from zero.

                        I found on /var/squid/logs/cache.log this message (X.X.X.X was a correct Ip).
                        UPGRADE WARNING: URL rewriter reponded with garbage ' X.X.X.X/- - GET'. Future Squid will treat this as part of the URL.

                        Looking in Google I see it's a problem with the link between squid and squidGuard, due to the helper of squid and an old squidGuard
                        http://bugs.squid-cache.org/show_bug.cgi?id=3978

                        I should delete all squidGuard config too ? my SquidGuard has so much work on it. It's there any changelog of which configurations have been deprecated ? It will be easier to check that old configurations instead of starting from scratch.

                        ..//\/ e t . \/ i c i o u s ..

                        1 Reply Last reply Reply Quote 0
                        • NetViciousN
                          NetVicious
                          last edited by

                          @knothstine:

                          I'm having the same problem, but with squid 4.3.9 and squidGuard 1.9.15.

                          kivimart, I'd like to try your solution, but I don't know where to put it.

                          Squid 4.3.9 it's squid2, try updating to squid3.

                          ..//\/ e t . \/ i c i o u s ..

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.