Bevan wrote on 05/06/15 10:09:
HI
We have a several pfsense embebbed boxes as wifi gateways acting as
captive portals with give unsecured wi-fi access to several libraries
around the country. The internet traffic then comes to one of our two
squid servers acting as tranparent proxies which sees ip address as
the gateway itself. We are currently running squid 3.1 but we want to
start using squid 3.3 however because the port forward natting is done
on the on the pfsense gateway squid from 3.2 onwards is refusing to
accept the traffic from these gateways. Is there anyway to use
iptables and renat the traffic from gateways so squid will see
original ip of the device connected to the wifi are the other end and
allow access?
It appears the traffic just loops inside squid on localhost.
Reiterating for understanding...
You have clients behind a pfsense box, which is running captive portal
and transparent proxy on http with Squid.
The traffic is then picked up by other squid processes, using
transparent proxy again?
And the problem is that the squid boxes keep forwarding to themselves?
*If adding NAT seems like a good answer, you're asking the wrong question.*
The pfsense squid boxes can use the main squid boxes as parents if you
want, but realistically its primarily about logging and/or filtering,
not about bandwidth saving.
Perhaps it would be better to break the problem down - first try
connecting explicitly to the squid process from a client, and then test
the transparent proxy part of the main squid boxes.
In your squid configs, do you have any of these options?
follow_x_forwarded_for allow all
acl_uses_indirect_client on
log_uses_indirect_client on
delay_pool_uses_indirect_client on
Questions:
What do the squid access logs say?
What are you doing with the https traffic like google and facebook?
Are the main squid boxes internal to the LAN on each site, or connected
somewhere else?
A network map might go a long way to explaining it with less typing - do
you have one?
What are your goals / outcomes for this setup ?
--
CF
_______________________________________________
Linux-users mailing list
[email protected]
http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
