Transparent proxy on squid3 not working

NetVicious

My squid+squidGuard don't works after the upgrade to 2.2.5, on 2.2.4 i think I was using the old squid2 but that package seems to be removed from the 2.2.5 pool.

The problem it seems to be the transparent proxy of squid. The connections of the users are not being redirected to the proxy so they're not being filtered by squidGuard.

I discovered it using the http://browserspy.dk/headers.php webpage because I cannot see the VIA header.
If I set manually the proxy on my browser the VIA header it's correctly shown and pages are filtered.

I read something related to pf.conf for allow this kind of redirection, but the pf.conf seems not been created by pfSense.

The squid3 package seems to be correctly compiled because it has the –enable-pf-transparent directive but it seems to not work.

On the transparent interfaces I set the LAN nic (tried with and without loopback).
And in the allowed subnet I added my internal networks.

doktornotor

Please, stop trying to upgrade from Squid2. Start from scratch.

NetVicious

Ditto.

After the upgrade the squid3 configuration was empty so I did it another time. But I got the error I posted.

I fixed it now. Disable the transparent proxy, saving, restart. Enable the transparent proxy, save, restart.

Sorry for bugging but all seemed ok.

doktornotor

By "start from scratch" I mean you should wipe any and all Squid references from config.xml.

killmasta93

If I were you start fresh as in format the drive + reinstall pfSense

kivimart

Here is my solution.

I onley have 1 nic

Original non transparent proxy on port 3128 on wan interface

Then i add this line below Custom ACLS (Before Auth)

"http_port IpAdressProxy:3129 accel vhost allow-direct" where ip adress is the the statick of the proxy server.

Then on mikrotik router i have Firewall rule that  redirect port 80 to port 3129

then i can use standard proxy and transparent.

doktornotor

@kivimart:

Here is my solution.
I onley have 1 nic
Then on mikrotik router i have Firewall rule

Solution for what? Has the OP mentioned he has only one NIC and Mikrotik router?  ::)

knothstine

I'm having the same problem, but with squid 4.3.9 and squidGuard 1.9.15.

kivimart, I'd like to try your solution, but I don't know where to put it.

kivimart

In squid proxy server-> general tab then below Advanced features there Custom ACLS (Before Auth) click advanced paste the line below but before change your ip adress.

http_port 172.16.10.2:3129 accel vhost allow-direct

NetVicious

There is so much work on this pfSense to start from zero.

I found on /var/squid/logs/cache.log this message (X.X.X.X was a correct Ip).
UPGRADE WARNING: URL rewriter reponded with garbage ' X.X.X.X/- - GET'. Future Squid will treat this as part of the URL.

Looking in Google I see it's a problem with the link between squid and squidGuard, due to the helper of squid and an old squidGuard
http://bugs.squid-cache.org/show_bug.cgi?id=3978

I should delete all squidGuard config too ? my SquidGuard has so much work on it. It's there any changelog of which configurations have been deprecated ? It will be easier to check that old configurations instead of starting from scratch.

NetVicious

@knothstine:

I'm having the same problem, but with squid 4.3.9 and squidGuard 1.9.15.

kivimart, I'd like to try your solution, but I don't know where to put it.

Squid 4.3.9 it's squid2, try updating to squid3.