Squid3 transparent proxy not intercepting traffic



  • Hi,

    I have pfsense 2.2.6 with squid 3.4.10. There is one LAN facing physical interface with two VLANs on it - native VLAN 1 and VLAN 100. I have squid configured to listen on 3128 and enable transparent proxy on both LAN interfaces. It works flawlessly on VLAN 1, but when I enable transparent proxy on VLAN100, no HTTP traffic would work (HTTPS works fine still as I don't want to intercept them). Both LAN's addresses are in the allowed subnet list.

    I tried port forwarding using NAT - any HTTP requests from VLAN100 subnet -> pfsense's VLAN100 address on port 3128. Then I'd get "Invalid URL" from squid with the host part of the URL missing.

    For both interfaces, explicitly setting the proxy works. Auto config by WPAD works too.

    Any help is appreciated.

    Thanks!



  • Turns out adding a rule to allow all hosts in VLAN100 -> 127.0.0.1:3128 made it all work. Still a bit confused on why it was needed.