[squid-users] TCP RDP on squid Pfsense not woking

--Ahmad-- ahmed.zaeem at netstream.ps
Mon Apr 11 20:54:33 UTC 2016





> On Apr 11, 2016, at 9:40 AM, --Ahmad-- <> wrote:
> 
> Hi dev ,
> 
> when i use socks5 client on my pc to connect to squid proxy on centos  , i can tunnel RDP traffic using squid .
> 
> recently when i changed to pfsense , 
> I’m unable to use RDP  using proxy .
> 
> MY CACHE PEER proxy is 10.12.0.32 , if  i use it directly i can use RDP.
> 
> but RDP from pfsense always forbidden and i already allowed rdp port in the ports in pfsense squid config .!
> 
> 
> i will paste my squid config below and the error i face when i try .
> 
> ===============
> [2.2.2-RELEASE][admin <mailto:admin at pfsense.mpwh.ps>@ <mailto:admin at pfsense.mpwh.ps>pfSense <mailto:admin at pfsense.mpwh.ps>]/root: squid -k parse
> 2016/04/11 09:25:53| Startup: Initializing Authentication Schemes ...
> 2016/04/11 09:25:53| Startup: Initialized Authentication Scheme 'basic'
> 2016/04/11 09:25:53| Startup: Initialized Authentication Scheme 'digest'
> 2016/04/11 09:25:53| Startup: Initialized Authentication Scheme 'negotiate'
> 2016/04/11 09:25:53| Startup: Initialized Authentication Scheme 'ntlm'
> 2016/04/11 09:25:53| Startup: Initialized Authentication.
> 2016/04/11 09:25:53| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
> 2016/04/11 09:25:53| Processing: http_port 10.12.140.254:8080
> 2016/04/11 09:25:53| Processing: http_port 127.0.0.1:8080
> 2016/04/11 09:25:53| Processing: icp_port 0
> 2016/04/11 09:25:53| Processing: dns_v4_first off
> 2016/04/11 09:25:53| Processing: pid_filename /var/run/squid/squid.pid
> 2016/04/11 09:25:53| Processing: cache_effective_user proxy
> 2016/04/11 09:25:53| Processing: cache_effective_group proxy
> 2016/04/11 09:25:53| Processing: error_default_language en
> 2016/04/11 09:25:53| Processing: icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons
> 2016/04/11 09:25:53| Processing: visible_hostname mpwh
> 2016/04/11 09:25:53| Processing: cache_mgr admin at localhost
> 2016/04/11 09:25:53| Processing: access_log /var/squid/logs/access.log
> 2016/04/11 09:25:53| Processing: cache_log /var/squid/logs/cache.log
> 2016/04/11 09:25:53| Processing: cache_store_log none
> 2016/04/11 09:25:53| Processing: netdb_filename /var/squid/logs/netdb.state
> 2016/04/11 09:25:53| Processing: pinger_enable on
> 2016/04/11 09:25:53| Processing: pinger_program /usr/pbi/squid-amd64/local/libexec/squid/pinger
> 2016/04/11 09:25:53| Processing: logfile_rotate 0
> 2016/04/11 09:25:53| Processing: debug_options rotate=0
> 2016/04/11 09:25:53| Processing: shutdown_lifetime 3 seconds
> 2016/04/11 09:25:53| Processing: acl localnet src  10.12.140.0/24 127.0.0.0/8
> 2016/04/11 09:25:53| Processing: forwarded_for on
> 2016/04/11 09:25:53| Processing: uri_whitespace strip
> 2016/04/11 09:25:53| Processing: acl dynamic urlpath_regex cgi-bin \?
> 2016/04/11 09:25:53| Processing: cache deny dynamic
> 2016/04/11 09:25:53| Processing: cache_mem 64 MB
> 2016/04/11 09:25:53| Processing: maximum_object_size_in_memory 256 KB
> 2016/04/11 09:25:53| Processing: memory_replacement_policy heap GDSF
> 2016/04/11 09:25:53| Processing: cache_replacement_policy heap LFUDA
> 2016/04/11 09:25:53| Processing: minimum_object_size 0 KB
> 2016/04/11 09:25:53| Processing: maximum_object_size 4 MB
> 2016/04/11 09:25:53| Processing: cache_dir ufs /var/squid/cache 100 16 256
> 2016/04/11 09:25:53| Processing: offline_mode off
> 2016/04/11 09:25:53| Processing: cache_swap_low 90
> 2016/04/11 09:25:53| Processing: cache_swap_high 95
> 2016/04/11 09:25:53| Processing: cache allow all
> 2016/04/11 09:25:53| Processing: refresh_pattern ^ftp:    1440  20%  10080
> 2016/04/11 09:25:53| Processing: refresh_pattern ^gopher:  1440  0%  1440
> 2016/04/11 09:25:53| Processing: refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
> 2016/04/11 09:25:53| Processing: refresh_pattern .    0  20%  4320
> 2016/04/11 09:25:53| Processing: acl allsrc src all
> 2016/04/11 09:25:53| Processing: acl safeports port 3389 21 70 80 210 280 443 488 563 591 631 777 901  8080 3129 1025-65535
> 2016/04/11 09:25:53| Processing: acl sslports port 443 563
> 2016/04/11 09:25:53| Processing: acl safeports port 3389 12345
> 2016/04/11 09:25:53| Processing: acl purge method PURGE
> 2016/04/11 09:25:53| Processing: acl connect method CONNECT
> 2016/04/11 09:25:53| Processing: acl HTTP proto HTTP
> 2016/04/11 09:25:53| Processing: acl HTTPS proto HTTPS
> 2016/04/11 09:25:53| Processing: http_access allow manager localhost
> 2016/04/11 09:25:53| Processing: http_access deny manager
> 2016/04/11 09:25:53| Processing: http_access allow purge localhost
> 2016/04/11 09:25:53| Processing: http_access deny purge
> 2016/04/11 09:25:53| Processing: http_access deny !safeports
> 2016/04/11 09:25:53| Processing: http_access deny CONNECT !sslports
> 2016/04/11 09:25:53| Processing: request_body_max_size 0 KB
> 2016/04/11 09:25:53| Processing: delay_pools 1
> 2016/04/11 09:25:53| Processing: delay_class 1 2
> 2016/04/11 09:25:53| Processing: delay_parameters 1 -1/-1 -1/-1
> 2016/04/11 09:25:53| Processing: delay_initial_bucket_level 100
> 2016/04/11 09:25:53| Processing: delay_access 1 allow allsrc
> 2016/04/11 09:25:53| Processing: acl rdp dat XXXX.XX.70.0/24
> 2016/04/11 09:25:53| Processing: http_access allow rdp
> 2016/04/11 09:25:53| Processing: dns_nameservers 8.8.8.8 10.12.0.33
> 2016/04/11 09:25:53| Processing: never_direct allow all
> 2016/04/11 09:25:53| Processing: cache_peer  10.12.0.32 parent  80 0 no-query no-digest default
> 2016/04/11 09:25:53| Processing: http_access allow localnet
> 2016/04/11 09:25:53| Processing: http_access deny allsrc
> 2016/04/11 09:25:53| Initializing https proxy context
> [2.2.2-RELEASE][admin <mailto:admin at pfsense.mpwh.ps>@ <mailto:admin at pfsense.mpwh.ps>pfSense. <mailto:admin at pfsense.mpwh.ps>/root: 
> 
> 
> 
> 
> 
> 
> and here is the error when i try to connect RDP :
> 1460356516.600      0 10.12.140.114 TCP_DENIED/403 3450 CONNECT XX/XX.XX.26:3389 - HIER_NONE/- text/html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160411/aa5191c9/attachment-0001.html>


More information about the squid-users mailing list