The pfSense Store

Author Topic: Squid non-functional in transparent mode in 2.3 and 2.3.1  (Read 12832 times)

0 Members and 1 Guest are viewing this topic.

Offline aminli

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Squid non-functional in transparent mode in 2.3 and 2.3.1
« on: April 25, 2016, 06:41:29 am »
In fresh new installation:

Squid non-functional in transparent mode in 2.3 and 2.3.1

I did this solution: https://redmine.pfsense.org/issues/5869

chgrp squid /dev/pf


but it is not solved.

Offline brianc69

  • Full Member
  • ***
  • Posts: 150
  • Karma: +4/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #1 on: April 25, 2016, 07:28:56 am »
Is this an upgrade? If so there was also a directory that needs to be purged. Look in the 2.3 development archives. There is a whole thread on squid.

Offline Perforado

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +9/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #2 on: April 25, 2016, 09:50:56 am »
for me in 8 "upgrades" (save config, install 2.3, enable trim, restore config) squid worked.

/usr/local/etc/squid/squid.conf shows "cache_effective_group proxy"

and

crw-rw----  1 root  proxy  0x5f Apr 25 07:04 /dev/pf


what's the behavior exactly? squid via proxy setting in your browser works and transparent mode "times out"?

Offline dougf4nnie

  • Jr. Member
  • **
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #3 on: April 25, 2016, 01:56:19 pm »
I'm having the same problem here.

When i enable transparent mode, he doesn't get the checkbox enabled.

I just discover another problem, i can't delete and not create any NAT rule.
It is also not possible to create or remove firewall rules.
-------
Update:

I use the User Manager option via LDAP (Active Directory), as initial settings were made with the admin user, there was no problem.

I did a test using the Admin user (default) and the transparent proxy settings work and other functions that I couldn't do.
« Last Edit: April 25, 2016, 02:09:12 pm by dougf4nnie »

Offline aminli

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #4 on: April 25, 2016, 11:03:24 pm »
this is not upgrade or update, it is just new installation pfsense 2.3 also I checked with 2.3.1 devepment.

Note: during installing squid pkg, I see this message, I put part of all message:

===> Creating users and/or groups.
Creating group 'squid' with gid '100'.
Creating user 'squid' with uid '100'.
install: not found
pkg: PRE-INSTALL script failed
[12/15] Extracting squid-3.5.16: .......... done
[13/15] Installing squidclamav-6.13...


I did this command :#  chgrp squid /dev/pf
it was like this : crw-rw----  1 root  proxy  /dev/pf

but after rebooting pfsense , that was back like : root proxy /dev/pf





Offline aminli

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #5 on: April 26, 2016, 12:05:58 am »
if I enable or disable transparent option, squid via proxy setting in my browser works.

By enabled transparent option, without proxy setting in my browser, it is not working.

Offline aminli

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #6 on: April 26, 2016, 01:08:50 am »
during installing squid pkg , I see this message:

Creating group 'squid' with gid '100'.
Creating user 'squid' with uid '100'.


but in squid.conf file:
cache_effective_user squid
cache_effective_group proxy


user and group isn't same. !

Offline aminli

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #7 on: April 27, 2016, 09:18:42 am »

Offline aminli

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #8 on: April 28, 2016, 02:20:30 am »
note:
I create two rules in floating for bandwidth limiter

I used two vlan: vlan5 vlan180

em0 for LAN and em1 for WAN

I assigned one PC for client site: 10.10.190.40

I attached my pfsense config file

please look it and let me know my mistake

Offline aminli

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #9 on: April 28, 2016, 02:31:38 am »
note:

I configured NAT manual just for this subnet : 172.30.0.0/24
but I don't use this, just for configuration

I used this subnet 10.10.190.32/27
wan IP address is 10.10.184.28/27


Offline aminli

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #10 on: April 28, 2016, 03:10:51 am »
Note:
problem is configure limiter with transparent proxy.

I found this sulution , but I didn't check yet:
https://forum.pfsense.org/index.php?topic=106640.0

Offline aminli

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #11 on: April 30, 2016, 04:14:23 am »
I found this problem: limiter with transparent proxy isn't working.
I think this is belong to IPFW pipe and IPFW fwd command in freeBSD.

so I made two server, one is transparent proxy and another is just limiter.
both of them working nice.


If anybody want to make like my solution, I will help them.

Offline myandylai

  • Newbie
  • *
  • Posts: 9
  • Karma: +1/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #12 on: May 06, 2016, 12:51:38 pm »
I also encounter transparent proxy mode not working when I upgrade to pfsense 2.3. So I install a fresh copy and discover that it's the same issue, transparent proxy doesn't work. But configure browser to use proxy on 192.168.1.1:3128 was working.

After digging a bit and trying some crazy and mostly useless setting I discover that the "Bypass Proxy for These Destination IPs" within the "General" tab of the proxy server setting seem to be the cause. Because previously I had put some hostname (domain to be exactly steampowered.com, etc) that I wanted to directly pass thru the proxy. By removing the line, transparent proxy now working like charm.

Hope this can help anyone.

Offline aminli

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #13 on: May 08, 2016, 01:17:13 am »
it is mean, by removing Visible Hostname, is it working?!!!

Offline myandylai

  • Newbie
  • *
  • Posts: 9
  • Karma: +1/-0
    • View Profile
Re: Squid non-functional in transparent mode in 2.3 and 2.3.1
« Reply #14 on: May 09, 2016, 07:40:35 am »
I haven't try with using "Alias" yet. But previously I put domain name in the line and it's kind of feeling like an universal "*" which accept everything as bypass from transparent proxy.

Temporally I remove the entire line.