Squid non-functional in transparent mode in 2.3 and 2.3.1
-
In fresh new installation:
Squid non-functional in transparent mode in 2.3 and 2.3.1
I did this solution: https://redmine.pfsense.org/issues/5869
chgrp squid /dev/pf
but it is not solved.
-
Is this an upgrade? If so there was also a directory that needs to be purged. Look in the 2.3 development archives. There is a whole thread on squid.
-
for me in 8 "upgrades" (save config, install 2.3, enable trim, restore config) squid worked.
/usr/local/etc/squid/squid.conf shows "cache_effective_group proxy"
and
crw-rw–-- 1 root proxy 0x5f Apr 25 07:04 /dev/pf
what's the behavior exactly? squid via proxy setting in your browser works and transparent mode "times out"?
-
I'm having the same problem here.
When i enable transparent mode, he doesn't get the checkbox enabled.
I just discover another problem, i can't delete and not create any NAT rule.
It is also not possible to create or remove firewall rules.
–-----
Update:I use the User Manager option via LDAP (Active Directory), as initial settings were made with the admin user, there was no problem.
I did a test using the Admin user (default) and the transparent proxy settings work and other functions that I couldn't do.
-
this is not upgrade or update, it is just new installation pfsense 2.3 also I checked with 2.3.1 devepment.
Note: during installing squid pkg, I see this message, I put part of all message:
| ===> Creating users and/or groups.
Creating group 'squid' with gid '100'.
Creating user 'squid' with uid '100'.
install: not found
pkg: PRE-INSTALL script failed [12/15] Extracting squid-3.5.16: …....... done
[13/15] Installing squidclamav-6.13…
|I did this command :# chgrp squid /dev/pf
it was like this : crw-rw–-- 1 root proxy /dev/pfbut after rebooting pfsense , that was back like : root proxy /dev/pf
-
if I enable or disable transparent option, squid via proxy setting in my browser works.
By enabled transparent option, without proxy setting in my browser, it is not working.
-
during installing squid pkg , I see this message:
Creating group 'squid' with gid '100'.
Creating user 'squid' with uid '100'.but in squid.conf file:
cache_effective_user squid
cache_effective_group proxyuser and group isn't same. !
-
I put this bug ticket:
https://redmine.pfsense.org/issues/6276
-
note:
I create two rules in floating for bandwidth limiterI used two vlan: vlan5 vlan180
em0 for LAN and em1 for WAN
I assigned one PC for client site: 10.10.190.40
I attached my pfsense config file
please look it and let me know my mistake
-
note:
I configured NAT manual just for this subnet : 172.30.0.0/24
but I don't use this, just for configurationI used this subnet 10.10.190.32/27
wan IP address is 10.10.184.28/27 -
Note:
problem is configure limiter with transparent proxy.I found this sulution , but I didn't check yet:
https://forum.pfsense.org/index.php?topic=106640.0 -
I found this problem: limiter with transparent proxy isn't working.
I think this is belong to IPFW pipe and IPFW fwd command in freeBSD.so I made two server, one is transparent proxy and another is just limiter.
both of them working nice.If anybody want to make like my solution, I will help them.
-
I also encounter transparent proxy mode not working when I upgrade to pfsense 2.3. So I install a fresh copy and discover that it's the same issue, transparent proxy doesn't work. But configure browser to use proxy on 192.168.1.1:3128 was working.
After digging a bit and trying some crazy and mostly useless setting I discover that the "Bypass Proxy for These Destination IPs" within the "General" tab of the proxy server setting seem to be the cause. Because previously I had put some hostname (domain to be exactly steampowered.com, etc) that I wanted to directly pass thru the proxy. By removing the line, transparent proxy now working like charm.
Hope this can help anyone.
-
it is mean, by removing Visible Hostname, is it working?!!!
-
I haven't try with using "Alias" yet. But previously I put domain name in the line and it's kind of feeling like an universal "*" which accept everything as bypass from transparent proxy.
Temporally I remove the entire line.
-
By pass proxy , it is mean don't use proxy,
but we want to use proxy with transparent mode. -
I first think if it's my own problem - the transparent proxy function suddenly failed after the 2.3 upgrade.
The solution mentioned here did not help the problem, but it's still good to find this thread.
Though the problems remains there, I can save some time not to further dig into my setting…
-
I can only get the transparent proxy to work on the interface designated as lan.
It will not work on opt designated interfaces. The result is pages not loading.
-
Soooooooo. I am guessing this glitch never was resolved. Is anyone from pfsense working on this? Wish I never updated, transparent proxy was the whole reason I use a firewall.
-
Soooooooo. I am guessing this glitch never was resolved. Is anyone from pfsense working on this?
No, because it works fine.
Post specifics of your config, what your firewall states look like when transparent proxy is enabled (filter on 127.0.0.1 under Diag>States), and squid logs.
