Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - bouke

Pages: [1]
1
General Questions / Re: ERROR - Bypass Proxy for These Destination IPs
« on: January 12, 2018, 04:31:21 pm »
Thanks. I was having the same issue and the alias works very well.

Thank you!

2
Feedback / Thank you for version 2.4.2
« on: November 22, 2017, 02:28:02 pm »

Thank you very much for pfSense version 2.4.2 :)

3
General Discussion / Thank you for version 2.4.1
« on: October 31, 2017, 04:41:17 pm »
I just wanted to thank the pfSense team for version 2.4.1. This is the best version I have seen. This release runs very well on my PC Engines APU3B4. It's great. Thanks!

pfSense 2.4.1 is great  8)

4
Cache/Proxy / Re: squid MitM: ssl-bump missing
« on: September 17, 2017, 03:29:56 pm »
Okay! I have got everything up and running.

I wiped my firewall and started over again.
In the end I think I have found the problem...
I had selected the ACME / Let's Encrypt CA  :-[



5
Cache/Proxy / Re: squid MitM: ssl-bump missing
« on: September 11, 2017, 03:55:55 pm »
Many thanks for your reply. I have tried your suggestion. Unfortunately this results in similar behaviour.

[2.3.4-RELEASE][root@router.alpha.inet]/var/squid/logs: squid -z
2017/09/11 22:45:48| FATAL: tproxy/intercept on https_port requires ssl-bump which is missing.
FATAL: Bungled /usr/local/etc/squid/squid.conf line 6: https_port 127.0.0.1:3228 intercept
Squid Cache (Version 3.5.26): Terminated abnormally.
CPU Usage: 0.037 seconds = 0.037 user + 0.000 sys
Maximum Resident Size: 56512 KB
Page faults with physical i/o: 0


Do you know if it is feasible to run Squid without the transparent feature and to use NAT and/or firewall rules to forward requests? For example forward traffic for port 80 to port 3128 and port 443 to 3228?

I have already tried some settings. What I have done is created my own anti lockout rule, then disabled the default anti lockout rule and next added the port forwards (as described above). Although it seems to work squid reports and illegal URL (it seems to see only a forward slash).

I am hoping the above is feasible one way or another. I like to experiment with pfSense but I still have to learn a lot.

I also do not understand the message regarding to "ssl-bump". Do I need to install some library? I can't find much about ssl-bump online.

Many thanks for you help.

6
Cache/Proxy / squid MitM: ssl-bump missing
« on: September 10, 2017, 04:22:16 pm »
Hello,

Well... finally squid + squidGuard worked fine for me but for some reason it stopped working and I could not find a solution for myself. Hopefully someone could help me, please.

I have the following settings (most important ones):
- Proxy interfaces: LAN + loopback
- Proxy port: 3128
- Transparent HTTP mode: enabled
- SSL/MITM Mode: Splice All
- Transparent proxy interface: LAN (unable to select loopback)
- SSL Proxy Port: 3228

When I invoke the squid command from the command line, squid will complain about ssl-bump missing and prints a fatal error regarding to the https_port (please see below).

It worked before and I already have re-installed squid + squidGuard. I have also uninstalled en re-installed both. I have also removed the config files (which was not such a clever thing as the config is saved in the config.xml file... ah well, at least the config files have been regenerated from the xml).

I could not find a way to install ssl-bump. I have tried to find it (pkg command) but could not find it.

Some help/guidance would be very much appreciated. Thank you!

[2.3.4-RELEASE][admin@router.alpha.inet]/root: squid -z
2017/09/10 23:02:41| FATAL: tproxy/intercept on https_port requires ssl-bump which is missing.
FATAL: Bungled /usr/local/etc/squid/squid.conf line 6: https_port 127.0.0.1:3228 intercept
Squid Cache (Version 3.5.26): Terminated abnormally.
CPU Usage: 0.038 seconds = 0.038 user + 0.000 sys
Maximum Resident Size: 55696 KB
Page faults with physical i/o: 0


[2.3.4-RELEASE][admin@router.alpha.inet]/root: squid -z
2017/09/10 23:05:41| Squid is already running!  Process ID 59688


Pages: [1]