Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense-Squid - Transparent Mode not working correctly

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 4 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      futki
      last edited by

      HI,
      I am having this weird problem with squid (both squid and squid 3). After installing, i forwarded all my traffic from mikrotik in port 3128 but the requests seemed to fail. After researching I noticed that even when I selected Transparent mode in gui,in config file it was missing after ip addres. http_port 192.168.88.13:3128 http_port 127.0.0.1:3128 transparent
      After modifying manually config and adding transparent, it works but it's not stable. Config now looks like this: http_port 192.168.88.13:3128 transparent http_port 127.0.0.1:3128 transparent

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        @futki:

        After modifying manually config and adding transparent, it works but it's not stable.

        Right. What do you mean by "It's not stable" exactly?

        1 Reply Last reply Reply Quote 0
        • F
          futki
          last edited by

          Well, even when I configure it manually and add blacklist sites, it doesn't block them. The same is when installing squidGuard and blocking sites!

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Yeah. Ditch that mess and start from scratch. By switching between completely different Squid versions, you are just breaking configuration in completely whacky ways. There's no need to add anything manually anywhere.

            1 Reply Last reply Reply Quote 0
            • F
              futki
              last edited by

              The reason why  I HAVE to edit config manually it's because when I add proxy manually  it works fine from fresh install but if I redirect traffic from Mikrotik router everything in port 80 to go in squid (3128) I get

              The following error was encountered:
              
              Invalid Request
              Some aspect of the HTTP Request is invalid. Possible problems:
              
              Missing or unknown request method
              Missing URL
              Missing HTTP Identifier (HTTP/1.0)
              Request is too large
              Content-Length missing for POST or PUT requests
              Illegal character in hostname; underscores are not allowed
              

              I can't seem to make it work otherwise!!!

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                Dude. As noted above. Start with fresh pfSense from scratch. Alternatively, backup your configuration, remove and Squid traces from there and restore it. Cruft accumulated across tons of incompatible Squid versions is NOT debuggable. At all. By all means stop switching between Squid (2.7) and Squid3 (3.4) packages. You are breaking everything.

                Also, no idea what are you redirecting from Mikrotik. pfSense is not a Squid appliance.

                1 Reply Last reply Reply Quote 0
                • F
                  futki
                  last edited by

                  Well I have a Mikrotik router that I can't remove it, I am using Pfsense mostly for OpenVPN and Squid. I will try installing from scratch and give updates. Thank you

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    The package is written with an assumption that pfSense is a router. It uses firewall rules to redirect traffic from selected interfaces to localhost. If it's not a router and is not firewalling anything, it won't work. The transparent option MUST have packet filter enabled. Why are you even enabling transparent option at all? That must be dealt with on your Mikrotik, if Mikrotik is doing your routing. You need ACLs on pfSense instead, plus no transparent proxy.

                    1 Reply Last reply Reply Quote 0
                    • KOMK
                      KOM
                      last edited by

                      For future reference, the Cache/Proxy forum is dedicated to Squid, squidguard and other proxy stuff like this.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.