ozan ucar wrote:
Hi All,
I use pfsense 1.2.3 stable.Lan ifterface bridge with Wan interface.I'm
made all settings
http://pfsense.trendchiller.com/transparent_firewall.pdf .
And i install squid packet.I using squid working fine, however i
settings squid for transparent dont working. I can not access to
internet, but pinging google.com etc.
- I'm port forwarding from nat ; create a portforward at interface LAN,
external adress any, protocol tcp, external port 80, nat IP <squid IP =
10.0.0.66 > internal port 3128. = not working
- squid.conf; "http_port 127.0.0.1:80 transparent" change to
"http_port 10.0.0.66:3128" = but dont working
You dropped the 'transparent' flag during that change.
I advise using some random port people can't connect directly too.
Squid http_port can be anything and configured identical both in the NAT
and in Squid with 'transparent'.
I install squid 2.6 stable and 2.7.
Squid log ;
1264102847.956 0 10.0.0.178 TCP_DENIED/400 1695 GET NONE:// -
NONE/- text/html
1264102852.573 0 10.0.0.99 TCP_DENIED/400 2076 GET NONE:// - NONE/-
text/html
1264102855.462 0 10.0.0.178 TCP_DENIED/400 1695 GET NONE:// -
NONE/- text/html
I connect to any web page an error ;
ERROR
The requested URL could not be retrieved
------------------------------------------------------------------------
While trying to process the request:
GET / HTTP/1.1
Host: www.haber7.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)
AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.38 Safari/532.0
Accept:
application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Cookie:
__utmz=24344995.1264087140.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__utma=24344995.1804574351.1264087140.1264094655.1264102020.4;
__utmc=24344995; __utmb=24344995.1.10.1264102020
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.3
The following error was encountered:
* *Invalid Request*
Some aspect of the HTTP Request is invalid. Possible problems:
* Missing or unknown request method
* Missing URL
* Missing HTTP Identifier (HTTP/1.0)
* Request is too large
* Content-Length missing for POST or PUT requests
* Illegal character in hostname; underscores are not allowed
Debug mode ;
#squid -d1
clientReadRequest: FD 70 (10.0.0.221:1062) Invalid Request
parseHttpRequest: Requestheader contains NULL characters
parseHttpRequest: Unsupported method '3+}ÿ[úÁFb|°'
clientTryParseRequest: FD 13 (192.168.5.137:1139) Invalid Request
clientTryParseRequest: FD 13 (192.168.5.137:1140) Invalid Request
clientTryParseRequest: FD 13 (192.168.5.137:1141) Invalid Request
How i can working squid transparent mode on pfsense bridge mode ?
All the symptoms right up to that last one occur due to the
transparent/intercept flag is missing in squid.conf.
That last one shows that the intercepted request is NOT HTTP. It starts
with raw binary code. Probably some client abusing port 80 by sending
binary through. Those ones can be safely ignored.
This last symptom also occurs when you forward port 443 (HTTPS
encrypted) at Squid.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
Current Beta Squid 3.1.0.15
