Re: TCP RDP on squid Pfsense not woking

Eliezer Croitoru <eliezer@xxxxxxxxxxxx> · Mon, 11 Apr 2016 14:09:38 +0300



    Hey,

    
    Since it's a local net proxy and if the proxy is firewalled on the
    network level I would run the next test(related to the output):

    
    On 11/04/2016 09:40, --Ahmad-- wrote:

    
      2016/04/11 09:25:53|
        Processing: http_access allow rdp
      2016/04/11 09:25:53|
        Processing: dns_nameservers 8.8.8.8 10.12.0.33
      2016/04/11 09:25:53|
        Processing: never_direct allow all
      2016/04/11 09:25:53|
        Processing: cache_peer  10.12.0.32 parent  80 0 no-query
        no-digest default
      2016/04/11 09:25:53|
        Processing: http_access allow localnet
      2016/04/11 09:25:53|
        Processing: http_access deny allsrc
      2016/04/11 09:25:53|
        Initializing https proxy context
    
    
    I would add to the first line of squid.conf for a test

    acl connect method CONNECT

    http_access allow all CONNECT

    http_access allow all

    
    Use "squid -kreconf" to reload the settings and it should be
    allowed.

    If it works then you will need to just allow the CONNECT using an
    acl with the RDP port.

    
    I am not sure how squid is ok with this line:

    2016/04/11 09:25:53| Processing: acl rdp dat
      XXXX.XX.70.0/24
    

    It should be something like "src" instead of "dat" and also you
    might want to restrict using the http_access rules the CONNECT with
    the destination rdp port.

    
    http://www.squid-cache.org/Doc/config/acl/

    
    The other option is to add the acl:

    acl Safe_ports port 3389        # RDP

    
    Eliezer

  
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users