The pfSense Store

Author Topic: squid & transparent proxy not working in no-transparent mode  (Read 13332 times)

0 Members and 1 Guest are viewing this topic.

Offline fluca1978

  • Full Member
  • ***
  • Posts: 137
  • Karma: +0/-0
    • View Profile
Hi all,
I've pfsense running squid with the "transparent proxy" checkbox enabled, and it works, but if I try to connect from a client using explicity the proxy (i.e., 192.168.1.1:8080) I got a connection refused. I've checked in the firewall logs and the firewall is not blocking traffic, any idea on what to check?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 16504
  • Karma: +340/-1
    • View Profile
Re: squid & transparent proxy not working in no-transparent mode
« Reply #1 on: June 22, 2010, 12:15:18 pm »
Are you sure it's on 8080? It's usually 3128.

Go to Diagnostics > Command, type in:
Code: [Select]
sockstat | grep squid
And see where it's actually listening
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline fluca1978

  • Full Member
  • ***
  • Posts: 137
  • Karma: +0/-0
    • View Profile
Re: squid & transparent proxy not working in no-transparent mode
« Reply #2 on: June 23, 2010, 05:01:57 am »
These are the first lines of the command (you can see the machine 192.168.1.7 is listening also on 8080, if I get it right):

Code: [Select]
proxy    squid      4187  6  udp4   *:52519               *:*
proxy    squid      4187  13 tcp4   127.0.0.1:80          192.168.1.36:1783
proxy    squid      4187  14 tcp4   192.168.1.7:8080      *:*
proxy    squid      4187  15 tcp4   127.0.0.1:80          *:*
proxy    squid      4187  16 tcp4   127.0.0.1:80          192.168.1.55:50197
proxy    squid      4187  17 tcp4   127.0.0.1:80          192.168.1.178:52346
proxy    squid      4187  18 tcp4   127.0.0.1:80          192.168.1.36:1815
proxy    squid      4187  19 tcp4   127.0.0.1:80          192.168.1.36:1827
proxy    squid      4187  20 tcp4   127.0.0.1:80          192.168.1.201:37406
proxy    squid      4187  21 tcp4   127.0.0.1:80          192.168.1.88:1293
proxy    squid      4187  22 tcp4   127.0.0.1:80          192.168.1.201:37408
proxy    squid      4187  23 tcp4   127.0.0.1:80          192.168.1.36:1817


I also attach a screenshot of the squid configuration page. Am I doing something wrong?


Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 16504
  • Karma: +340/-1
    • View Profile
Re: squid & transparent proxy not working in no-transparent mode
« Reply #3 on: June 23, 2010, 08:28:21 am »
That means it is only listening on port 8080 on 192.168.1.7. Is that your LAN IP?
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline fluca1978

  • Full Member
  • ***
  • Posts: 137
  • Karma: +0/-0
    • View Profile
Re: squid & transparent proxy not working in no-transparent mode
« Reply #4 on: June 23, 2010, 08:59:45 am »
That means it is only listening on port 8080 on 192.168.1.7. Is that your LAN IP?


Yes it is. If in a Firefox browser I set the HTTP proxy to 192.168.1.7 on port 8080 the browser does not work. If I remove the proxy setting, than it works. I don't see any traffic dropped in the firewall logs.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 16504
  • Karma: +340/-1
    • View Profile
Re: squid & transparent proxy not working in no-transparent mode
« Reply #5 on: June 23, 2010, 09:07:16 am »
Are you sure you were putting 1.7 in the settings? In your earlier post you said you set it to 192.168.1.1:8080.

What do your LAN firewall rules look like? Do you allow traffic there?
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline fluca1978

  • Full Member
  • ***
  • Posts: 137
  • Karma: +0/-0
    • View Profile
Re: squid & transparent proxy not working in no-transparent mode
« Reply #6 on: June 23, 2010, 10:47:56 am »
Are you sure you were putting 1.7 in the settings? In your earlier post you said you set it to 192.168.1.1:8080.

What do your LAN firewall rules look like? Do you allow traffic there?

Yes, I had miswritten the address in the first post, the right one is 192.168.1.7 and I've checked it is the one I'm inserting in the firefox dialog box.
My firewall rules have a pass-any from LAN to any, and in fact I don't see any blocked packet on 8080.


Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 16504
  • Karma: +340/-1
    • View Profile
Re: squid & transparent proxy not working in no-transparent mode
« Reply #7 on: June 23, 2010, 01:58:56 pm »
I just installed squid in a VM and set it up transparently, and confirmed it was working (http://www.lagado.com/proxy-test)

I reconfigured my browser for the proxy and it still worked.

Not sure what else might be going on for you, so I attached a capture of the proxy settings I put into Firefox when testing.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline hack2003

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: squid & transparent proxy not working in no-transparent mode
« Reply #8 on: June 24, 2010, 05:03:26 pm »
i just got the same problem.
what i did was reinstalling the pfsense from scratch and then install the squid package.
reboot the machine
and it works fine.
i just got one problem with changing the cache and other squid settings.

i thing that the cause is incompleted squid removal script.
if i would now the exact things the install script is doing i can revert it manualy and the see what i wrong with any of the things.

Offline fluca1978

  • Full Member
  • ***
  • Posts: 137
  • Karma: +0/-0
    • View Profile
Re: squid & transparent proxy not working in no-transparent mode
« Reply #9 on: June 28, 2010, 05:46:35 am »
The proxy started working on my deployment after a machine reboot. So before the reboot it was only working as transparent, after a reboot it was working also explicitly. I suspect there was a problem with the reloading of the squid configuration, but I didn't tested the old squid port (the default one) before the reboot.