Hey guys,
I could really use some help setting up Squid 3 as a transparent proxy. Right now the redirection results in me getting "Access Denied" messages from Squid.
To summarize my setup:
My router is PFSense
My proxy is Centos running Squid 3 and is a separate server located in our DMZ.
(Internet)
|
Router (PFSense)
+-------DMZ (My proxy with IP 192.168.10.10 is in this subnet)
+-------LAN (My LAN subnet 192.168.2.0/24 Clients are located here)
On my router I have created a port forward rule to redirect any traffic destined for port 80 from the LAN interface to port 3128 on 192.168.10.10
The rule looks like this:
IF: LAN
Proto: TCP
Src Address: LAN Network
Source Ports: *
Dest. Address: *
Dest. Ports: 80
NAT IP: 192.168.10.10
NAT Port: 3128
I am able to access the Internet from my proxy server (192.168.10.10) using links without any issue. DNS resolution is also functioning. Created a firewall rule using firewall-cmd to allow port 3128 incoming.
My squid configuration file is attached as squid.txt
When trying to access the Internet from one of the clients on the LAN I'm constantly presented with an "Access Denied" message from squid:
Log entries from access.log
1417069937.122 6 192.168.10.10 TCP_DENIED/403 4237 GET
http://www.youtube.com/ - HIER_NONE/- text/html
1417069937.125 21 192.168.2.25 TCP_MISS/403 4335 GET
http://www.youtube.com/ - HIER_DIRECT/192.168.10.10 text/html
From what I can tell the traffic is being transparently redirected to squid because I'm getting the HTML error page from Squid in the client browser - Access Denied.....Access control configuration prevents...
What I can't understand is why the traffic is being denied after I have allowed access from 192.168.2.0/24 in the Squid configuration?
I'd really appreciate some help on how to troubleshoot this further. I'm quite new to Squid so this might be a basic syntax error.
Many thanks!
Access denied when running Squid 3 as a transparent proxy
