[squid] Can't see local websites



  • Hi all,
    hope someone could kindly help me a little with this. Three questions:

    1-I have pfsense running on a vm with squid, and all is working ok apart from the fact that when using the proxy, it is not possible to see websites hosted on a local web server by using the domain names. Ping to the public addresses of these websites works fine, but if I try to run them in the browser I only get a timeout after a while.
    What shall I do to be able to see local websites through the domain names?
    2-Also, during my testing, I have sometimes changed the squid.conf confuration file directly, but as soon as I make any change through the web gui, these changes are lost. Why is that?
    3-Last (for now :D), I would like to be able to use the proxy from any client I wish, using simple authentication with username and password.
    Again, it worked once I had edited the squid.conf directly with some setting I found, but once I changed the configuration with the web gui those changes got lost too. How can I make it possible, through the web configuration, to use the proxy from wherever I want?

    Many thanks in advance.



    1. Configure the browser to connect directly to those instead.

    2. Because of the way pfSense works (search the forum).  You would have to change the master config file, that the squid.conf is generated from, instead.

    3. Configure it to listen on the required interfaces (and probably add 0/0 to the Allowed Subnets box), ensure that the relevant firewall rules to allow this are in place, configure the Auth Settings tab to suit your needs.  I would instead however suggest you look to use OpenVPN instead of opening the proxy up to the world.



  • Hi Cry Havok,

    many thanks for your so quick response!

    1 - This is how I am currently using it. Is it possible to exclude those websites from the proxy from within Squid, rather than having to exclude them in the client browsers?

    2 - Cool. Got it. Just to be sure, are you talking about this file /usr/local/pkg/squid.inc ?

    3 - I am also using the VPN, but for some reasons I would like to be able to use my proxy from elsewhere as well, when I need it, without having to use the VPN for this. Are there any particular risks using squid from the Internet if I use a username/password authentication?

    Thanks!



    1. Not that I know of (the problem is that the websites are on the "wrong" side of Squid for Squid to find them)

    2. I think so (but I don't have my pfSense box to hand to check)

    3. If the username/password are easy to guess or passed in clear, anybody can then abuse your proxy.  How likely this is depends on a mountain of things, and the risks to you depend on your ISP (if somebody starts using your proxy to relay spam, or download illegal images/movies, what will your ISP do).  I would suggest that you don't rush into that.



  • Alrite, thank you for your advices ;)


Log in to reply