Pfsense-Squid - Transparent Mode not working correctly

futki

HI,
I am having this weird problem with squid (both squid and squid 3). After installing, i forwarded all my traffic from mikrotik in port 3128 but the requests seemed to fail. After researching I noticed that even when I selected Transparent mode in gui,in config file it was missing after ip addres. http_port 192.168.88.13:3128 http_port 127.0.0.1:3128 transparent
After modifying manually config and adding transparent, it works but it's not stable. Config now looks like this: http_port 192.168.88.13:3128 transparent http_port 127.0.0.1:3128 transparent

muswellhillbilly

@futki:

After modifying manually config and adding transparent, it works but it's not stable.

Right. What do you mean by "It's not stable" exactly?

futki

Well, even when I configure it manually and add blacklist sites, it doesn't block them. The same is when installing squidGuard and blocking sites!

doktornotor

Yeah. Ditch that mess and start from scratch. By switching between completely different Squid versions, you are just breaking configuration in completely whacky ways. There's no need to add anything manually anywhere.

futki

The reason why  I HAVE to edit config manually it's because when I add proxy manually  it works fine from fresh install but if I redirect traffic from Mikrotik router everything in port 80 to go in squid (3128) I get

The following error was encountered:

Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:

Missing or unknown request method
Missing URL
Missing HTTP Identifier (HTTP/1.0)
Request is too large
Content-Length missing for POST or PUT requests
Illegal character in hostname; underscores are not allowed

I can't seem to make it work otherwise!!!

doktornotor

Dude. As noted above. Start with fresh pfSense from scratch. Alternatively, backup your configuration, remove and Squid traces from there and restore it. Cruft accumulated across tons of incompatible Squid versions is NOT debuggable. At all. By all means stop switching between Squid (2.7) and Squid3 (3.4) packages. You are breaking everything.

Also, no idea what are you redirecting from Mikrotik. pfSense is not a Squid appliance.

futki

Well I have a Mikrotik router that I can't remove it, I am using Pfsense mostly for OpenVPN and Squid. I will try installing from scratch and give updates. Thank you

doktornotor

The package is written with an assumption that pfSense is a router. It uses firewall rules to redirect traffic from selected interfaces to localhost. If it's not a router and is not firewalling anything, it won't work. The transparent option MUST have packet filter enabled. Why are you even enabling transparent option at all? That must be dealt with on your Mikrotik, if Mikrotik is doing your routing. You need ACLs on pfSense instead, plus no transparent proxy.

KOM

For future reference, the Cache/Proxy forum is dedicated to Squid, squidguard and other proxy stuff like this.