1. Home
  2. pfSense® Software
  3. General pfSense Questions
  4. Pfsense-Squid - Transparent Mode not working correctly

Pfsense-Squid - Transparent Mode not working correctly

  • F

    HI,
    I am having this weird problem with squid (both squid and squid 3). After installing, i forwarded all my traffic from mikrotik in port 3128 but the requests seemed to fail. After researching I noticed that even when I selected Transparent mode in gui,in config file it was missing after ip addres. http_port 192.168.88.13:3128 http_port 127.0.0.1:3128 transparent
    After modifying manually config and adding transparent, it works but it's not stable. Config now looks like this: http_port 192.168.88.13:3128 transparent http_port 127.0.0.1:3128 transparent

    0
  • M

    @futki:

    After modifying manually config and adding transparent, it works but it's not stable.

    Right. What do you mean by "It's not stable" exactly?

    0
  • F

    Well, even when I configure it manually and add blacklist sites, it doesn't block them. The same is when installing squidGuard and blocking sites!

    0
  • D
    Banned

    Yeah. Ditch that mess and start from scratch. By switching between completely different Squid versions, you are just breaking configuration in completely whacky ways. There's no need to add anything manually anywhere.

    0
  • F

    The reason why  I HAVE to edit config manually it's because when I add proxy manually  it works fine from fresh install but if I redirect traffic from Mikrotik router everything in port 80 to go in squid (3128) I get

    The following error was encountered:

Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:

Missing or unknown request method
Missing URL
Missing HTTP Identifier (HTTP/1.0)
Request is too large
Content-Length missing for POST or PUT requests
Illegal character in hostname; underscores are not allowed

    I can't seem to make it work otherwise!!!

    0
  • D
    Banned

    Dude. As noted above. Start with fresh pfSense from scratch. Alternatively, backup your configuration, remove and Squid traces from there and restore it. Cruft accumulated across tons of incompatible Squid versions is NOT debuggable. At all. By all means stop switching between Squid (2.7) and Squid3 (3.4) packages. You are breaking everything.

    Also, no idea what are you redirecting from Mikrotik. pfSense is not a Squid appliance.

    0
  • F

    Well I have a Mikrotik router that I can't remove it, I am using Pfsense mostly for OpenVPN and Squid. I will try installing from scratch and give updates. Thank you

    0
  • D
    Banned

    The package is written with an assumption that pfSense is a router. It uses firewall rules to redirect traffic from selected interfaces to localhost. If it's not a router and is not firewalling anything, it won't work. The transparent option MUST have packet filter enabled. Why are you even enabling transparent option at all? That must be dealt with on your Mikrotik, if Mikrotik is doing your routing. You need ACLs on pfSense instead, plus no transparent proxy.

    0
  • KOM

    For future reference, the Cache/Proxy forum is dedicated to Squid, squidguard and other proxy stuff like this.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy