pfSense » pfSense Packages

It's not a squid issue, its a nat/rdr issue.

As I told even creating a rdr rule, I cant't see any traffic going to localhost on any port.

Version 2.0.3 the issue are not solved yet, obviously, there is not the intention to solve this bug !

I have no intention setting up bridges to test with transparent Squid. My understanding is that when the interface is a bridge, you need a route-to lo0 added somewhere here:

https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L2148

References:
- https://forums.freebsd.org/threads/15020/
- https://forums.freebsd.org/threads/5544/#post-32362

And this issue still seems to be the case, at least per https://forum.pfsense.org/index.php?topic=113328.msg630251#msg630251

If someone can verify, test and submit a PR, this could be closed finally after ~6 years.

I ran some tests with this and was unable to make it work. Adding 'route-to lo0' to the pass rule did not allow this function.

Steve Wheeler wrote:

I ran some tests with this and was unable to make it work. Adding 'route-to lo0' to the pass rule did not allow this function.

Can you test the same with the squid.inc from https://github.com/pfsense/FreeBSD-ports/pull/305 (and of course again adding route-to lo0 to the proper place) please? (I came to a conclusion that the current rules are not particularly sensible, regardless of this issue.)

transparent mode on bridge works fine on pfSense 2.6.0.a.20211006.2213 with net.link.bridge.pfil_bridge=1 and net.link.bridge.pfil_member=0

something changed in pf?..

rules.debug:

# Setup Squid proxy redirect
rdr pass on bridge0 inet proto tcp from any to !(bridge0) port 80 -> 127.0.0.1 port 3128
rdr pass on bridge0 inet proto tcp from any to !(bridge0) port 443 -> 127.0.0.1 port 3129

# Setup squid pass rules for proxy
pass in quick on bridge0 proto tcp from any to (bridge0) port {3128,3129} flags S/SA keep state