Pfsense-Squid - Transparent Mode not working correctly



  • HI,
    I am having this weird problem with squid (both squid and squid 3). After installing, i forwarded all my traffic from mikrotik in port 3128 but the requests seemed to fail. After researching I noticed that even when I selected Transparent mode in gui,in config file it was missing after ip addres. http_port 192.168.88.13:3128 http_port 127.0.0.1:3128 transparent
    After modifying manually config and adding transparent, it works but it's not stable. Config now looks like this: http_port 192.168.88.13:3128 transparent http_port 127.0.0.1:3128 transparent



  • @futki:

    After modifying manually config and adding transparent, it works but it's not stable.

    Right. What do you mean by "It's not stable" exactly?



  • Well, even when I configure it manually and add blacklist sites, it doesn't block them. The same is when installing squidGuard and blocking sites!


  • Banned

    Yeah. Ditch that mess and start from scratch. By switching between completely different Squid versions, you are just breaking configuration in completely whacky ways. There's no need to add anything manually anywhere.



  • The reason why  I HAVE to edit config manually it's because when I add proxy manually  it works fine from fresh install but if I redirect traffic from Mikrotik router everything in port 80 to go in squid (3128) I get

    The following error was encountered:
    
    Invalid Request
    Some aspect of the HTTP Request is invalid. Possible problems:
    
    Missing or unknown request method
    Missing URL
    Missing HTTP Identifier (HTTP/1.0)
    Request is too large
    Content-Length missing for POST or PUT requests
    Illegal character in hostname; underscores are not allowed
    

    I can't seem to make it work otherwise!!!


  • Banned

    Dude. As noted above. Start with fresh pfSense from scratch. Alternatively, backup your configuration, remove and Squid traces from there and restore it. Cruft accumulated across tons of incompatible Squid versions is NOT debuggable. At all. By all means stop switching between Squid (2.7) and Squid3 (3.4) packages. You are breaking everything.

    Also, no idea what are you redirecting from Mikrotik. pfSense is not a Squid appliance.



  • Well I have a Mikrotik router that I can't remove it, I am using Pfsense mostly for OpenVPN and Squid. I will try installing from scratch and give updates. Thank you


  • Banned

    The package is written with an assumption that pfSense is a router. It uses firewall rules to redirect traffic from selected interfaces to localhost. If it's not a router and is not firewalling anything, it won't work. The transparent option MUST have packet filter enabled. Why are you even enabling transparent option at all? That must be dealt with on your Mikrotik, if Mikrotik is doing your routing. You need ACLs on pfSense instead, plus no transparent proxy.



  • For future reference, the Cache/Proxy forum is dedicated to Squid, squidguard and other proxy stuff like this.


Log in to reply