Squid Transparent Proxy with Policy Routing in pfSense

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid Transparent Proxy with Policy Routing in pfSense

Antonio Emiliano
Hi guys.

This is my last attempt before going to authenticated mode.

I searched all over the internet for a way to set up a "transparent squid" but until then the most I can get is an exhausted timeout when I go to an http.

My environment is as follows.

- Box squid 3.5.20
- pfSense as the default network gateway.
- Desktop Windows or linux.
- Only one network /24

I was able to make it work through this documentation: https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect

However this environment requires that the client has configured the gateway ip address of the squid itself.

It works. But that's not what I want.

NOTE: NAT configuration will only work when used on the squid box. This is required to perform intercept accurately and securely. To intercept from a gateway machine and direct traffic at a separate squid box use policy routing.

What I want is to make a rule in pfsense through policy routing, as it speaks in the documentation. I've tried several ways, but every time I try to access the http page it loads until the timeout expires.

In doc it does not explain directly how to do this rule in pfsense.

I tried through nat port forwarding and through rules in firewall setting in the squid server rule as gateway. But both do not work.

I tried to take as base these two links,

No firewall block
It's some detail that's missing either in pfsense or squid.

Please give me a light.

Att,

Antonio Emiliano

"Corra, coelho.
 Cave um buraco, esqueça o sol,
 E quando o trabalho finalmente acabar
 Não descanse, é hora de cavar outro."

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid Transparent Proxy with Policy Routing in pfSense

Rafael Akchurin

Hello Antonio,

 

Sorry no pfsense tutorials for now, but these two are *proved* to be working just fine.

 

https://docs.diladele.com/tutorials/policy_based_routing_squid/index.html

https://docs.diladele.com/tutorials/mikrotik_transparent_squid/index.html

 

Hope it helps.

 

Best regards,

Rafael Akchurin

Diladele B.V.

 

 

 

From: squid-users [mailto:[hidden email]] On Behalf Of Antonio Emiliano
Sent: Tuesday, March 13, 2018 12:14 PM
To: [hidden email]
Subject: [squid-users] Squid Transparent Proxy with Policy Routing in pfSense

 

Hi guys.

 

This is my last attempt before going to authenticated mode.

 

I searched all over the internet for a way to set up a "transparent squid" but until then the most I can get is an exhausted timeout when I go to an http.

 

My environment is as follows.

 

- Box squid 3.5.20

- pfSense as the default network gateway.

- Desktop Windows or linux.

- Only one network /24

 

I was able to make it work through this documentation: https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect

 

However this environment requires that the client has configured the gateway ip address of the squid itself.

 

It works. But that's not what I want.

 

NOTE: NAT configuration will only work when used on the squid box. This is required to perform intercept accurately and securely. To intercept from a gateway machine and direct traffic at a separate squid box use policy routing.

 

What I want is to make a rule in pfsense through policy routing, as it speaks in the documentation. I've tried several ways, but every time I try to access the http page it loads until the timeout expires.

 

In doc it does not explain directly how to do this rule in pfsense.

 

I tried through nat port forwarding and through rules in firewall setting in the squid server rule as gateway. But both do not work.

 

I tried to take as base these two links,

 

No firewall block

It's some detail that's missing either in pfsense or squid.

 

Please give me a light.

 

Att,

 

Antonio Emiliano

 

"Corra, coelho.

 Cave um buraco, esqueça o sol,

 E quando o trabalho finalmente acabar

 Não descanse, é hora de cavar outro."


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users