Project

General

Profile

Bug #1620

Can't use transparent proxy when using bridge.

Added by Marcello Silva Coutinho almost 9 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Squid
Target version:
-
Start date:
06/25/2011
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

Can't foward any package To localhost while using bridge and setting ip address only on new bridge interface.

Same setup without bridge works fine.

I've tested with rdr rule and with squid transparent proxy rule.
Also with bridge system tunable settings on and off.

Please consider testing intead of rejecting. I've spend i lot of hours trying To setup it.

History

#1 Updated by Chris Buechler almost 9 years ago

  • Project changed from pfSense to pfSense Packages
  • Category deleted (Rules / NAT)
  • Target version deleted (2.0)

#2 Updated by Chris Buechler almost 9 years ago

  • Category set to Squid
  • Affected Version deleted (2.0)

#3 Updated by Marcello Silva Coutinho almost 9 years ago

It's not a squid issue, its a nat/rdr issue.

As I told even creating a rdr rule, I cant't see any traffic going to localhost on any port.

#4 Updated by Marco Annunziata about 7 years ago

Version 2.0.3 the issue are not solved yet, obviously, there is not the intention to solve this bug !

#5 Updated by Kill Bill over 3 years ago

I have no intention setting up bridges to test with transparent Squid. My understanding is that when the interface is a bridge, you need a route-to lo0 added somewhere here:

https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L2148

References:
- https://forums.freebsd.org/threads/15020/
- https://forums.freebsd.org/threads/5544/#post-32362

And this issue still seems to be the case, at least per https://forum.pfsense.org/index.php?topic=113328.msg630251#msg630251

If someone can verify, test and submit a PR, this could be closed finally after ~6 years.

#6 Updated by Steve Wheeler over 3 years ago

I ran some tests with this and was unable to make it work. Adding 'route-to lo0' to the pass rule did not allow this function.

#7 Updated by Kill Bill over 3 years ago

Steve Wheeler wrote:

I ran some tests with this and was unable to make it work. Adding 'route-to lo0' to the pass rule did not allow this function.

Can you test the same with the squid.inc from https://github.com/pfsense/FreeBSD-ports/pull/305 (and of course again adding route-to lo0 to the proper place) please? (I came to a conclusion that the current rules are not particularly sensible, regardless of this issue.)

Also available in: Atom PDF