pfSense Support Subscription

Author Topic: Squid transparent proxy not working  (Read 4082 times)

0 Members and 1 Guest are viewing this topic.

Offline periko

  • Hero Member
  • *****
  • Posts: 1098
  • Karma: +15/-1
  • pheriko
    • View Profile
    • Soporte de Pfsense y Linux
Squid transparent proxy not working
« on: March 18, 2009, 03:29:45 am »

  Hi.
 
  I have been working with my pfsense box and squid.
  I'm using pfsense 1.2.2 and squid 2.6.21_08. It suppose that went u enable "Transparent Proxy" all traffic over the port 80 will be send to squid.

  I have been playing with squid but no luck.

  I have been listening my pfsense lan card with tcpdump:

tcpdump -vvv -i fxp0 port 3128
tcpdump -vvv -i lo0 port 3128

  None of them have receive any package, "sockstat | grep squid" give me this:

proxy    squid      17810 3  dgram  -> /var/run/logpriv
proxy    squid      17810 9  stream /tmp/php-fastcgi.socket-0
proxy    squid      17810 13 stream -> ??
proxy    squid      17810 14 stream -> ??
proxy    squid      17810 15 stream -> ??
proxy    squid      17810 16 stream -> ??
proxy    squid      17810 17 stream -> ??
proxy    squid      17810 18 stream -> ??
proxy    squid      17810 19 stream -> ??
proxy    squid      17810 20 stream -> ??
proxy    squid      17810 21 stream -> ??
proxy    squid      17810 22 stream -> ??
proxy    squid      17810 23 stream -> ??
proxy    squid      17810 24 stream -> ??
proxy    squid      17810 25 stream -> ??
proxy    squid      17810 26 stream -> ??
proxy    squid      17810 27 stream -> ??
proxy    squid      17810 28 stream -> ??
proxy    squid      17810 29 stream -> ??
proxy    squid      17810 30 stream -> ??
proxy    squid      17810 31 stream -> ??
proxy    squid      17810 32 stream -> ??
proxy    squid      17810 33 stream -> ??
proxy    squid      17810 34 stream -> ??
proxy    squid      17810 35 stream -> ??
proxy    squid      17810 36 stream -> ??
proxy    squid      17810 37 stream -> ??
proxy    squid      17810 38 stream -> ??
proxy    squid      17810 39 stream -> ??
proxy    squid      17810 40 stream -> ??
proxy    squid      17810 41 stream -> ??
proxy    squid      17810 42 stream -> ??
proxy    squid      17810 43 stream -> ??
proxy    squid      17810 44 stream -> ??
proxy    squid      17810 52 tcp4   192.168.10.1:3128     *:*
proxy    squid      17810 53 tcp4   127.0.0.1:80          *:*
proxy    squid      17810 54 udp4   *:4827                *:*
proxy    squid      17810 56 udp4   127.0.0.1:56390       127.0.0.1:50381
root     squid      17807 3  dgram  -> /var/run/logpriv
root     squid      17807 9  stream /tmp/php-fastcgi.socket-0

Is correct to have the loopback listening on port 80?

My pfsense box is on port 443.

This is my /usr/local/etc/squid/squid.conf

http_port 192.168.10.1:3128
http_port 127.0.0.1:80 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
shutdown_lifetime 3 seconds
uri_whitespace strip

cache_dir aufs /var/squid/cache 100 16 256
cache_mem 8 MB
maximum_object_size 4 KB
minimum_object_size 0 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
offline_mode off
dns_children 32
cache_swap_low 90
cache_swap_high 95

# No redirector configured

# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?
cache deny dynamic
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

request_body_max_size 0 KB
reply_body_max_size 0 allow all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all

# Default block all to be sure
http_access deny all

Exist some problem with this package or is my configuration wrong?

  Thanks all for your time!!!
Necesitan Soporte de Pfsense en Mexico?/Need Pfsense Support in Mexico?
https://www.facebook.com/BajaOpenSolutions
Estamos en Tijuana, pero no es obstaculo para brindarte nuestro servicio.
We are in Tijuana, but is not an obstacle to give you support.

Offline periko

  • Hero Member
  • *****
  • Posts: 1098
  • Karma: +15/-1
  • pheriko
    • View Profile
    • Soporte de Pfsense y Linux
Re: Squid transparent proxy not working
« Reply #1 on: March 24, 2009, 12:41:10 am »

   Problem solved, was my mistake, thanks  :D
Necesitan Soporte de Pfsense en Mexico?/Need Pfsense Support in Mexico?
https://www.facebook.com/BajaOpenSolutions
Estamos en Tijuana, pero no es obstaculo para brindarte nuestro servicio.
We are in Tijuana, but is not an obstacle to give you support.

Offline cclaudio

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Squid transparent proxy not working
« Reply #2 on: March 24, 2009, 09:15:06 am »
why ???

Offline periko

  • Hero Member
  • *****
  • Posts: 1098
  • Karma: +15/-1
  • pheriko
    • View Profile
    • Soporte de Pfsense y Linux
Re: Squid transparent proxy not working
« Reply #3 on: March 25, 2009, 11:33:29 am »

   My goal was to block all sites by default and after someone here in the forum answer me how to do that, I was thinking that my problem was the "Transparent Proxy" option, but I was wrong.

   Now is working good.
   
Necesitan Soporte de Pfsense en Mexico?/Need Pfsense Support in Mexico?
https://www.facebook.com/BajaOpenSolutions
Estamos en Tijuana, pero no es obstaculo para brindarte nuestro servicio.
We are in Tijuana, but is not an obstacle to give you support.