[squid-users] Squid Transparent Proxy with Policy Routing in pfSense

[Antonio Emiliano]

Hi guys.

This is my last attempt before going to authenticated mode.

I searched all over the internet for a way to set up a "transparent squid"
but until then the most I can get is an exhausted timeout when I go to an
http.

My environment is as follows.

- Box squid 3.5.20
- pfSense as the default network gateway.
- Desktop Windows or linux.
- Only one network /24

I was able to make it work through this documentation:
https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect

However this environment requires that the client has configured the
gateway ip address of the squid itself.

It works. But that's not what I want.

NOTE: NAT configuration will only work when used on the squid box. This is
required to perform intercept accurately and securely. To intercept from a
gateway machine and direct traffic at a separate squid box use policy
routing.

What I want is to make a rule in pfsense through policy routing, as it
speaks in the documentation. I've tried several ways, but every time I try
to access the http page it loads until the timeout expires.

In doc it does not explain directly how to do this rule in pfsense.

I tried through nat port forwarding and through rules in firewall setting
in the squid server rule as gateway. But both do not work.

I tried to take as base these two links,
https://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
https://wiki.squid-cache.org/ConfigExamples/Intercept/PfPolicyRoute

No firewall block
It's some detail that's missing either in pfsense or squid.

Please give me a light.

Att,

Antonio Emiliano
LinkedIn: https://www.linkedin.com/in/antonioemiliano

"Corra, coelho.
 Cave um buraco, esqueça o sol,
 E quando o trabalho finalmente acabar
 Não descanse, é hora de cavar outro."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180313/7aea6304/attachment.html>