Pfsense 2.3 + Squid Transparent + pfsense with a mulltilan configuration



  • Hello,

    I have a squid (stock version on pf 2.3), and have run into a snag.
    I have ONE lan with transparent proxy, and 4 others without.

    If form another lan (other than the transparent proxy) i specify http_proxy=http://IP:3128 i get a timeout form the proxy.
    The IP / Port is open (i can telnet into into it on port 3128).

    I don't get a timeout form the connection. I get squid reporting that it cannot access itself on that proxy IP:

    _Connection to 172.16.3.254 failed.

    The system returned: (60) Operation timed out

    The remote host or network may be down. Please try the request again._

    Is there any NAT automatically inserted on the rules that its not possible to see from the webgui?
    Is it possibe to disable those nat rules?

    I want form a not transparent proxy network, to access the IP/Port of the proxy on that lan as simple proxy.

    Thanks for a wonderful product!



  • Hello,

    It appears that the issue was being generated by squid itself and not any regarding rules.

    The behavior of the transparent vs intercept options is different on usage.

    For the workaround:

    3128 as a proxy port. No configuration whatsoever on the gui about being a transparent proxy.

    On the custom acl's add:

    http_port 3129 intercept

    restart the squid, and then on the NAT configuration redirect the transparent traffic to the 3129 port and the standard usage of 3128 to the correct port.



  • I have received the access denied message in http access.


Log in to reply