# Squid On Freebsd 8 transparent proxying not supported



## valoel (Aug 13, 2010)

rl1 > Ethernet WAN
rl0 > Ethernet LAN


```
http_port 3128 transparent
icp_port 3130
acl query urlpath_regex cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ \.js \.jsp
acl nocache-domain dstdomain javatechno.net uns.ac.id siakad.uns.ac.id
always_direct allow query
always_direct allow nocache-domain
no_cache deny query
no_cache deny nocache-domain
cache_mem 128 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
#file mp3, exe, zip, dat, avi, 3gp tidak disimpan di cache hardisk
acl mp3 urlpath_regex -i \.mp3$
acl exe urlpath_regex -i \.exe$
acl zip urlpath_regex -i \.zip$
acl dat urlpath_regex -i \.dat$
acl avi urlpath_regex -i \.avi$
acl 3gp urlpath_regex -i \.3gp$
no_cache deny mp3
no_cache deny exe
no_cache deny zip
no_cache deny dat
no_cache deny avi
no_cache deny 3gp
cache_dir diskd /usr/cache0/diskd 8000 16 256 Q1=72 Q2=64
cache_dir diskd /usr/cache1/diskd 8000 16 256 Q1=72 Q2=64
cache_access_log /usr/local/etc/squid/var/logs/access.log
cache_log /usr/local/etc/squid/var/logs/cache.log
cache_swap_log /usr/local/etc/squid/var/logs/%s
cache_store_log none
#ACL Network
#acl all src 0.0.0.0/0.0.0.0
acl client src 192.168.3.0/24
#acl private src 192.168.3.1
#acl jnp src 192.168.2.0/24
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
dns_nameservers 192.168.1.5
acl manager proto cache_object
#Port yang diijinkan untuk di request
acl SSL_ports port 443 563
acl SSL_ports port 2083 2096
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl FTP proto FTP
http_access allow localhost
#http_access allow jnp
#http_access allow private
http_access allow client
http_access deny all
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
icp_access allow localhost
#icp_access allow jnp
#icp_access allow private
icp_access allow client
icp_access deny all
miss_access allow all
always_direct allow client
always_direct allow FTP
acl cachemgr proto cache_object
http_access allow cachemgr client
#http_access allow cachemgr private
http_access allow cachemgr localhost
http_access deny cachemgr all
cachemgr_passwd admin info stats/objects
cachemgr_passwd admin all
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.creative.net
cache_mgr NOC-JNP
forwarded_for off
```

Ipnat

```
map rl1 192.168.3.1/16 -> 192.168.2.2/32
rdr rl0 192.168.3.1/32 port 80 -> 192.168.3.1 port 80 tcp
rdr rl0 0.0.0.0/0 port 80 -> 192.168.3.1 port 3128 tcp
```

cache.log

```
2010/08/13 18:19:17| WARNING: transparent proxying not supported
2010/08/13 18:19:17| WARNING: transparent proxying not supported
2010/08/13 18:19:17| WARNING: transparent proxying not supported
2010/08/13 18:19:17| WARNING: transparent proxying not supported
2010/08/13 18:19:17| WARNING: transparent proxying not supported
2010/08/13 18:21:06| WARNING: transparent proxying not supported
2010/08/13 18:21:06| WARNING: transparent proxying not supported
2010/08/13 18:21:06| WARNING: transparent proxying not supported
2010/08/13 18:21:06| WARNING: transparent proxying not supported
2010/08/13 18:21:06| WARNING: transparent proxying not supported
```


access.log

```
1281698477.670    257 192.168.3.2 TCP_MISS/200 1407 GET http://forums.freebsd.org/images/icons/icon14.gif - DIRECT/149.20.54.209 image/gif
1281698477.714    236 192.168.3.2 TCP_MISS/200 932 GET http://forums.freebsd.org/images/freebsd/buttons/collapse_thead.gif - DIRECT/149.20.54.209 image/gif
1281698477.718    241 192.168.3.2 TCP_MISS/200 931 GET http://forums.freebsd.org/images/freebsd/buttons/collapse_tcat.gif - DIRECT/149.20.54.209 image/gif
1281698478.142   4624 192.168.3.2 TCP_MISS/200 9826 GET http://forums.freebsd.org/clientscript/vbulletin_menu.js? - DIRECT/149.20.54.209 application/javascript
1281698478.421    231 192.168.3.2 TCP_MISS/200 619 GET http://forums.freebsd.org/images/freebsd/hdr_fill.png - DIRECT/149.20.54.209 image/png
1281698478.521    264 192.168.3.2 TCP_MISS/200 662 GET http://forums.freebsd.org/images/freebsd/misc/menu_open.gif - DIRECT/149.20.54.209 image/gif
1281698478.660    253 192.168.3.2 TCP_MISS/200 543 GET http://forums.freebsd.org/images/freebsd/tblfill.png - DIRECT/149.20.54.209 image/png
1281698478.971    251 192.168.3.2 TCP_MISS/200 515 GET http://forums.freebsd.org/images/freebsd/bg_02.png - DIRECT/149.20.54.209 image/png
1281698479.081    826 192.168.3.2 TCP_MISS/200 13170 GET http://forums.freebsd.org/images/freebsd/bg_01.jpg - DIRECT/149.20.54.209 image/jpeg
1281698535.427  61858 192.168.3.2 TCP_MISS/200 26579 GET http://forums.freebsd.org/images/freebsd/logo-red.png - DIRECT/149.20.54.209 image/png
```


please help me


----------



## SirDice (Aug 13, 2010)

You need to turn on that option when building squid:

```
SQUID_PF=off (default) "Enable transparent proxying with PF"
SQUID_IPFILTER=off (default) "Enable transp. proxying with IPFilter"
```


----------



## valoel (Aug 13, 2010)

yes, i already turn on that option, but still get error in transparent proxy, any suggestion ?


----------



## valoel (Aug 13, 2010)

```
proxy# /usr/local/etc/squid/sbin/squid -v
Squid Cache: Version 3.0.STABLE25
configure options:  '-prefix=/usr/local/etc/squid' '-enable-gnuregex' '-enable-async-io=24' '-with-aufs-threads=24' '-with-pthreads' '-with-aio' 
'-with-dl' '-enable-storeio=ufs,diskd' '-enable-storeio=diskd,ufs' '-enable-removal-policies=heap' '-enable-removal-policies=lru' '-enable-pf-
transparent' '-enable-ipfw-transparent'
```


----------



## kisscool-fr (Aug 13, 2010)

From what i can see  

You compiled with transparent support for packet filter and ipfirewall but not for ipfilter. Ipnat file is for ip filter.

Which firewall are you using ? 

Aro your squid and firewall on the same machine ? If this is the case, you should redirect the packets to localhost and not an ip.


----------



## valoel (Aug 14, 2010)

solved

i have change my pf.conf to be like below


```
# --------- pf.conf ----------
int_if="rl0"
ext_if="rl1"

tcp_services = "{ 80, 110, 3128, 22, 25, 53, 113, 21}"
udp_services = "{ 53, 1194, 3128, 22}"

# ping requests
icmp_types = "echoreq"

### nat/rdr
# NAT traffic dari Internal Ke External
nat on $ext_if from $int_if:network to any -> ($ext_if)

rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
rdr on $int_if proto tcp from any to any port 80 -> 127.0.0.1 port 3128
pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA
pass in on $ext_if proto udp to any port $udp_services keep state
pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy flags S/SA kee
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
```

and squid,conf like this


```
http_port 3128 transparent
```

here is the access.log

```
1281784625.564   2442 192.168.3.3 TCP_MISS/200 37015 GET http://forums.freebsd.org/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js? - DIRECT/149.20.54.209 application/javascript
1281784626.039    298 192.168.3.3 TCP_MISS/200 3601 GET http://forums.freebsd.org/clientscript/vbulletin_editor.css? - DIRECT/149.20.54.209 text/css
1281784626.043    301 192.168.3.3 TCP_MISS/200 2772 GET http://forums.freebsd.org/clientscript/post_thanks.js - DIRECT/149.20.54.209 application/javascript
1281784626.093    254 192.168.3.3 TCP_MISS/200 2422 GET http://forums.freebsd.org/clientscript/vbulletin_post_loader.js? - DIRECT/149.20.54.209 application/javascript
1281784626.286   7063 192.168.3.3 TCP_MISS/200 81151 GET http://forums.freebsd.org/showthread.php? - DIRECT/149.20.54.209 text/html
1281784626.304    258 192.168.3.3 TCP_MISS/200 2184 GET http://forums.freebsd.org/clientscript/vbulletin_multi_quote.js? - DIRECT/149.20.54.209 application/javascript
1281784626.304    465 192.168.3.3 TCP_MISS/200 5001 GET http://forums.freebsd.org/clientscript/vbulletin_ajax_taglist.js? - DIRECT/149.20.54.209 application/javascript
1281784626.327    488 192.168.3.3 TCP_MISS/200 5718 GET http://forums.freebsd.org/clientscript/vbulletin_ajax_tagsugg.js? - DIRECT/149.20.54.209 application/javascript
1281784626.342     12 192.168.3.3 TCP_HIT/200 621 GET http://forums.freebsd.org/images/freebsd/hdr_fill.png - NONE/- image/png
1281784626.420     73 192.168.3.3 TCP_HIT/200 26580 GET http://forums.freebsd.org/images/freebsd/logo-red.png - NONE/- image/png
1281784626.437     12 192.168.3.3 TCP_HIT/200 1938 GET http://forums.freebsd.org/images/freebsd/misc/navbits_start.gif - NONE/- image/gif
1281784626.459     13 192.168.3.3 TCP_HIT/200 1382 GET http://forums.freebsd.org/images/freebsd/misc/navbits_finallink_ltr.gif - NONE/- image/gif
1281784626.512     47 192.168.3.3 TCP_HIT/200 13172 GET http://forums.freebsd.org/images/freebsd/bg_01.jpg - NONE/- image/jpeg
1281784626.525     12 192.168.3.3 TCP_HIT/200 663 GET http://forums.freebsd.org/images/freebsd/misc/menu_open.gif - NONE/- image/gif
1281784626.565     12 192.168.3.3 TCP_HIT/200 1682 GET http://forums.freebsd.org/images/freebsd/buttons/reply.gif - NONE/- image/gif
1281784626.580      9 192.168.3.3 TCP_HIT/200 545 GET http://forums.freebsd.org/images/freebsd/tblfill.png - NONE/- image/png
1281784626.593     12 192.168.3.3 TCP_HIT/200 1399 GET http://forums.freebsd.org/images/freebsd/buttons/report.gif - NONE/- image/gif
1281784626.612     13 192.168.3.3 TCP_HIT/200 906 GET http://forums.freebsd.org/images/freebsd/statusicon/post_old.gif - NONE/- image/gif
1281784626.625     12 192.168.3.3 TCP_HIT/200 1411 GET http://forums.freebsd.org/images/freebsd/statusicon/user_online.gif - NONE/- image/gif
1281784626.638     12 192.168.3.3 TCP_HIT/200 517 GET http://forums.freebsd.org/images/freebsd/bg_02.png - NONE/- image/png
1281784626.652     13 192.168.3.3 TCP_HIT/200 1394 GET http://forums.freebsd.org/images/icons/icon4.gif - NONE/- image/gif
1281784626.665     12 192.168.3.3 TCP_HIT/200 583 GET http://forums.freebsd.org/images/smilies/freebsd/frown.gif - NONE/- image/gif
1281784626.682     12 192.168.3.3 TCP_HIT/200 1085 GET http://forums.freebsd.org/images/freebsd/misc/progress.gif - NONE/- image/gif
1281784626.696     12 192.168.3.3 TCP_HIT/200 1847 GET http://forums.freebsd.org/images/freebsd/buttons/edit.gif - NONE/- image/gif
1281784626.710     12 192.168.3.3 TCP_HIT/200 753 GET http://forums.freebsd.org/images/freebsd/buttons/quote.gif - NONE/- image/gif
1281784626.719      8 192.168.3.3 TCP_HIT/200 1698 GET http://forums.freebsd.org/images/freebsd/buttons/multiquote_off.gif - NONE/- image/gif
1281784626.739     12 192.168.3.3 TCP_HIT/200 1126 GET http://forums.freebsd.org/images/freebsd/buttons/quickreply.gif - NONE/- image/gif
1281784626.752     12 192.168.3.3 TCP_HIT/200 967 GET http://forums.freebsd.org/images/freebsd/buttons/post_thanks.gif - NONE/- image/gif
```

thx :r


----------



## DutchDaemon (Aug 14, 2010)

Use 
	
	



```
http_port 127.0.0.1:3128 transparent
```

There's no reason to have port 3128 open anywhere else.


----------

