pfSense Gold Subscription

Author Topic: Squid transparent proxy not working  (Read 3713 times)

0 Members and 1 Guest are viewing this topic.

Offline periko

  • Hero Member
  • *****
  • Posts: 771
  • Karma: +0/-0
  • pheriko
    • View Profile
    • Soporte de Pfsense y Linux
Squid transparent proxy not working
« on: March 18, 2009, 03:29:45 am »

  Hi.
 
  I have been working with my pfsense box and squid.
  I'm using pfsense 1.2.2 and squid 2.6.21_08. It suppose that went u enable "Transparent Proxy" all traffic over the port 80 will be send to squid.

  I have been playing with squid but no luck.

  I have been listening my pfsense lan card with tcpdump:

tcpdump -vvv -i fxp0 port 3128
tcpdump -vvv -i lo0 port 3128

  None of them have receive any package, "sockstat | grep squid" give me this:

proxy    squid      17810 3  dgram  -> /var/run/logpriv
proxy    squid      17810 9  stream /tmp/php-fastcgi.socket-0
proxy    squid      17810 13 stream -> ??
proxy    squid      17810 14 stream -> ??
proxy    squid      17810 15 stream -> ??
proxy    squid      17810 16 stream -> ??
proxy    squid      17810 17 stream -> ??
proxy    squid      17810 18 stream -> ??
proxy    squid      17810 19 stream -> ??
proxy    squid      17810 20 stream -> ??
proxy    squid      17810 21 stream -> ??
proxy    squid      17810 22 stream -> ??
proxy    squid      17810 23 stream -> ??
proxy    squid      17810 24 stream -> ??
proxy    squid      17810 25 stream -> ??
proxy    squid      17810 26 stream -> ??
proxy    squid      17810 27 stream -> ??
proxy    squid      17810 28 stream -> ??
proxy    squid      17810 29 stream -> ??
proxy    squid      17810 30 stream -> ??
proxy    squid      17810 31 stream -> ??
proxy    squid      17810 32 stream -> ??
proxy    squid      17810 33 stream -> ??
proxy    squid      17810 34 stream -> ??
proxy    squid      17810 35 stream -> ??
proxy    squid      17810 36 stream -> ??
proxy    squid      17810 37 stream -> ??
proxy    squid      17810 38 stream -> ??
proxy    squid      17810 39 stream -> ??
proxy    squid      17810 40 stream -> ??
proxy    squid      17810 41 stream -> ??
proxy    squid      17810 42 stream -> ??
proxy    squid      17810 43 stream -> ??
proxy    squid      17810 44 stream -> ??
proxy    squid      17810 52 tcp4   192.168.10.1:3128     *:*
proxy    squid      17810 53 tcp4   127.0.0.1:80          *:*
proxy    squid      17810 54 udp4   *:4827                *:*
proxy    squid      17810 56 udp4   127.0.0.1:56390       127.0.0.1:50381
root     squid      17807 3  dgram  -> /var/run/logpriv
root     squid      17807 9  stream /tmp/php-fastcgi.socket-0

Is correct to have the loopback listening on port 80?

My pfsense box is on port 443.

This is my /usr/local/etc/squid/squid.conf

http_port 192.168.10.1:3128
http_port 127.0.0.1:80 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
shutdown_lifetime 3 seconds
uri_whitespace strip

cache_dir aufs /var/squid/cache 100 16 256
cache_mem 8 MB
maximum_object_size 4 KB
minimum_object_size 0 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
offline_mode off
dns_children 32
cache_swap_low 90
cache_swap_high 95

# No redirector configured

# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?
cache deny dynamic
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

request_body_max_size 0 KB
reply_body_max_size 0 allow all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all

# Default block all to be sure
http_access deny all

Exist some problem with this package or is my configuration wrong?

  Thanks all for your time!!!
Necesitan Soporte de Pfsense en Mexico?/Need Pfsense Support in Mexico?
www.bajaopensolutions.com
Estamos en Tijuana, pero no es obstaculo para brindarte nuestro servicio.
We are in Tijuana, but is not an obstacle to give you support.

Offline periko

  • Hero Member
  • *****
  • Posts: 771
  • Karma: +0/-0
  • pheriko
    • View Profile
    • Soporte de Pfsense y Linux
Re: Squid transparent proxy not working
« Reply #1 on: March 24, 2009, 12:41:10 am »

   Problem solved, was my mistake, thanks  :D
Necesitan Soporte de Pfsense en Mexico?/Need Pfsense Support in Mexico?
www.bajaopensolutions.com
Estamos en Tijuana, pero no es obstaculo para brindarte nuestro servicio.
We are in Tijuana, but is not an obstacle to give you support.

Offline cclaudio

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Squid transparent proxy not working
« Reply #2 on: March 24, 2009, 09:15:06 am »
why ???

Offline periko

  • Hero Member
  • *****
  • Posts: 771
  • Karma: +0/-0
  • pheriko
    • View Profile
    • Soporte de Pfsense y Linux
Re: Squid transparent proxy not working
« Reply #3 on: March 25, 2009, 11:33:29 am »

   My goal was to block all sites by default and after someone here in the forum answer me how to do that, I was thinking that my problem was the "Transparent Proxy" option, but I was wrong.

   Now is working good.
   
Necesitan Soporte de Pfsense en Mexico?/Need Pfsense Support in Mexico?
www.bajaopensolutions.com
Estamos en Tijuana, pero no es obstaculo para brindarte nuestro servicio.
We are in Tijuana, but is not an obstacle to give you support.