Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [squid] Can't see local websites

    Scheduled Pinned Locked Moved
    pfSense Packages
    2
    5
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sisupoika
      last edited by

      Hi all,
      hope someone could kindly help me a little with this. Three questions:

      1-I have pfsense running on a vm with squid, and all is working ok apart from the fact that when using the proxy, it is not possible to see websites hosted on a local web server by using the domain names. Ping to the public addresses of these websites works fine, but if I try to run them in the browser I only get a timeout after a while.
      What shall I do to be able to see local websites through the domain names?
      2-Also, during my testing, I have sometimes changed the squid.conf confuration file directly, but as soon as I make any change through the web gui, these changes are lost. Why is that?
      3-Last (for now :D), I would like to be able to use the proxy from any client I wish, using simple authentication with username and password.
      Again, it worked once I had edited the squid.conf directly with some setting I found, but once I changed the configuration with the web gui those changes got lost too. How can I make it possible, through the web configuration, to use the proxy from wherever I want?

      Many thanks in advance.

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        1. Configure the browser to connect directly to those instead.

        2. Because of the way pfSense works (search the forum).  You would have to change the master config file, that the squid.conf is generated from, instead.

        3. Configure it to listen on the required interfaces (and probably add 0/0 to the Allowed Subnets box), ensure that the relevant firewall rules to allow this are in place, configure the Auth Settings tab to suit your needs.  I would instead however suggest you look to use OpenVPN instead of opening the proxy up to the world.

        1 Reply Last reply Reply Quote 0
        • S
          Sisupoika
          last edited by

          Hi Cry Havok,

          many thanks for your so quick response!

          1 - This is how I am currently using it. Is it possible to exclude those websites from the proxy from within Squid, rather than having to exclude them in the client browsers?

          2 - Cool. Got it. Just to be sure, are you talking about this file /usr/local/pkg/squid.inc ?

          3 - I am also using the VPN, but for some reasons I would like to be able to use my proxy from elsewhere as well, when I need it, without having to use the VPN for this. Are there any particular risks using squid from the Internet if I use a username/password authentication?

          Thanks!

          1 Reply Last reply Reply Quote 0
          • Cry HavokC
            Cry Havok
            last edited by

            1. Not that I know of (the problem is that the websites are on the "wrong" side of Squid for Squid to find them)

            2. I think so (but I don't have my pfSense box to hand to check)

            3. If the username/password are easy to guess or passed in clear, anybody can then abuse your proxy.  How likely this is depends on a mountain of things, and the risks to you depend on your ISP (if somebody starts using your proxy to relay spam, or download illegal images/movies, what will your ISP do).  I would suggest that you don't rush into that.

            1 Reply Last reply Reply Quote 0
            • S
              Sisupoika
              last edited by

              Alrite, thank you for your advices ;)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post