Project

General

Profile

Bug #7391

0.4.36_1 localnet ACL missing

Added by tqwqllrm tqwqllrm 12 days ago. Updated 12 days ago.

Status:
New
Priority:
High
Assignee:
-
Category:
-
Target version:
-
Start date:
03/15/2017
Due date:
% Done:

0%

Affected version:
2.3.3
Affected Architecture:

Description

Version 0.4.36_1 of Squid on pfSense 2.3.3 does not provide the "localnet" acl anymore in /usr/local/etc/squid/squid.conf

History

#1 Updated by Kill Bill 12 days ago

Kindly tick "Allow local network(s) on interface(s)" if you want such ACL.

#2 Updated by tqwqllrm tqwqllrm 12 days ago

Additional information: The pfSense box is running OpenVPN so this may be a problem with this version of squid not being able to define localnet on a multi-interface pfSense platform

#3 Updated by tqwqllrm tqwqllrm 12 days ago

Kill Bill wrote:

Kindly tick "Allow local network(s) on interface(s)" if you want such ACL.

This is already ticked / enabled. More detail: I need localnet defined because I use "never_direct allow localnet" in "General / Advanced Options" to force clients through the pfSense squid proxy which itself uses an upstream parent. Since the upgrade to the squid package it is now not seeing localnet in /usr/local/etc/squid/squid.conf

#4 Updated by Kill Bill 12 days ago

Look, you need either non-empty local interface, or fill in Allowed Subnets on the ACLs tab. Please, use forums for discussion, this is a bug tracker.

#5 Updated by tqwqllrm tqwqllrm 12 days ago

Kill Bill wrote:

Look, you need either non-empty local interface, or fill in Allowed Subnets on the ACLs tab. Please, use forums for discussion, this is a bug tracker.

It is a bug, introduced since version 0.4.36_1. Perhaps I haven't explained it enough but I have a workaround. Hopefully someone else will submit the same bug and provide whatever information is required for proper investigation.

#7 Updated by Kill Bill 12 days ago

And FYI regarding the OpenVPN: https://redmine.pfsense.org/issues/4331 (IOW, it will never be auto-added to localnet since it would only add invalid junk. Any OpenVPN subnets need to be added manually to Allowed Subnets on the ACLs tab, as already noted above.)

#8 Updated by tqwqllrm tqwqllrm 12 days ago

Kill Bill wrote:

And FYI regarding the OpenVPN: https://redmine.pfsense.org/issues/4331 (IOW, it will never be auto-added to localnet since it would only add invalid junk. Any OpenVPN subnets need to be added manually to Allowed Subnets on the ACLs tab, as already noted above.)

FYI it worked fine before I upgraded to 0.4.36_1

Also available in: Atom PDF