Pfsense 2.3 + Squid Transparent + pfsense with a mulltilan configuration
-
Hello,
I have a squid (stock version on pf 2.3), and have run into a snag.
I have ONE lan with transparent proxy, and 4 others without.If form another lan (other than the transparent proxy) i specify http_proxy=http://IP:3128 i get a timeout form the proxy.
The IP / Port is open (i can telnet into into it on port 3128).I don't get a timeout form the connection. I get squid reporting that it cannot access itself on that proxy IP:
_Connection to 172.16.3.254 failed.
The system returned: (60) Operation timed out
The remote host or network may be down. Please try the request again._
Is there any NAT automatically inserted on the rules that its not possible to see from the webgui?
Is it possibe to disable those nat rules?I want form a not transparent proxy network, to access the IP/Port of the proxy on that lan as simple proxy.
Thanks for a wonderful product!
-
Hello,
It appears that the issue was being generated by squid itself and not any regarding rules.
The behavior of the transparent vs intercept options is different on usage.
For the workaround:
3128 as a proxy port. No configuration whatsoever on the gui about being a transparent proxy.
On the custom acl's add:
http_port 3129 intercept
restart the squid, and then on the NAT configuration redirect the transparent traffic to the 3129 port and the standard usage of 3128 to the correct port.
-
I have received the access denied message in http access.