ozan ucar wrote:
> Hi All,
> I use pfsense 1.2.3 stable.Lan ifterface bridge with Wan interface.I'm
> made all settings
> http://pfsense.trendchiller.com/transparent_firewall.pdf .
> And i install squid packet.I using squid working fine, however i
> settings squid for transparent dont working. I can not access to
> internet, but pinging google.com etc.
>
> - I'm port forwarding from nat ; create a portforward at interface LAN,
> external adress any, protocol tcp, external port 80, nat IP <squid IP =
> 10.0.0.66 > internal port 3128. = not working
> - squid.conf; "http_port 127.0.0.1:80 transparent" change to
> "http_port 10.0.0.66:3128" = but dont working
>
You dropped the 'transparent' flag during that change.
I advise using some random port people can't connect directly too.
Squid http_port can be anything and configured identical both in the NAT
and in Squid with 'transparent'.
>
> I install squid 2.6 stable and 2.7.
>
> Squid log ;
> 1264102847.956 0 10.0.0.178 TCP_DENIED/400 1695 GET NONE:// -
> NONE/- text/html
> 1264102852.573 0 10.0.0.99 TCP_DENIED/400 2076 GET NONE:// - NONE/-
> text/html
> 1264102855.462 0 10.0.0.178 TCP_DENIED/400 1695 GET NONE:// -
> NONE/- text/html
>
> I connect to any web page an error ;
>
>
> ERROR
>
>
> The requested URL could not be retrieved
>
> ------------------------------------------------------------------------
>
> While trying to process the request:
>
> GET / HTTP/1.1
> Host: www.haber7.com
> Connection: keep-alive
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)
> AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.38 Safari/532.0
> Accept:
> application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
>
> Accept-Encoding: gzip,deflate,sdch
> Cookie:
> __utmz=24344995.1264087140.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
> __utma=24344995.1804574351.1264087140.1264094655.1264102020.4;
> __utmc=24344995; __utmb=24344995.1.10.1264102020
> Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.6,en;q=0.4
> Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.3
>
>
> The following error was encountered:
>
> * *Invalid Request*
>
> Some aspect of the HTTP Request is invalid. Possible problems:
>
> * Missing or unknown request method
> * Missing URL
> * Missing HTTP Identifier (HTTP/1.0)
> * Request is too large
> * Content-Length missing for POST or PUT requests
> * Illegal character in hostname; underscores are not allowed
>
> Debug mode ;
> #squid -d1
> clientReadRequest: FD 70 (10.0.0.221:1062) Invalid Request
> parseHttpRequest: Requestheader contains NULL characters
> parseHttpRequest: Unsupported method '3+}ÿ[úÁFb|°'
> clientTryParseRequest: FD 13 (192.168.5.137:1139) Invalid Request
> clientTryParseRequest: FD 13 (192.168.5.137:1140) Invalid Request
> clientTryParseRequest: FD 13 (192.168.5.137:1141) Invalid Request
>
> How i can working squid transparent mode on pfsense bridge mode ?
>
All the symptoms right up to that last one occur due to the
transparent/intercept flag is missing in squid.conf.
That last one shows that the intercepted request is NOT HTTP. It starts
with raw binary code. Probably some client abusing port 80 by sending
binary through. Those ones can be safely ignored.
This last symptom also occurs when you forward port 443 (HTTPS
encrypted) at Squid.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15Received on Fri Jan 22 2010 - 23:10:16 MST
This archive was generated by hypermail 2.2.0 : Sat Jan 23 2010 - 12:00:05 MST