OPNsense Forum

International Forums => German - Deutsch => Topic started by: DokuKäfer on March 14, 2016, 10:55:48 pm

Title: [GELÖST] Transparent HTTP proxy - ERROR: No forward-proxy ports configured.
Post by: DokuKäfer on March 14, 2016, 10:55:48 pm

Hallo zusammen,

habe in meiner VM den Proxy Server (Transparent HTTP proxy) mit Webfilter ausprobiert.
Als Blacklist die Shallalist.

Es funktioniert eigentlich alles wie es soll. Kategorien werden einwandfrei geblockt.


Aber im Cache-Log erscheint folgende Meldung bei jedem klick auf "Apply":

ERROR: No forward-proxy ports configured.

Anbei der Output von Squid mit squid -k parse

Kann man diese Meldung ignorieren?

Code: [Select]

root@Skynet:~ # squid -k parse
2016/03/10 23:01:22| Startup: Initializing Authentication Schemes ...
2016/03/10 23:01:22| Startup: Initialized Authentication Scheme 'basic'
2016/03/10 23:01:22| Startup: Initialized Authentication Scheme 'digest'
2016/03/10 23:01:22| Startup: Initialized Authentication Scheme 'negotiate'
2016/03/10 23:01:22| Startup: Initialized Authentication Scheme 'ntlm'
2016/03/10 23:01:22| Startup: Initialized Authentication.
2016/03/10 23:01:22| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2016/03/10 23:01:22| Processing: http_port 127.0.0.1:3128 intercept
2016/03/10 23:01:22| Starting Authentication on port 127.0.0.1:3128
2016/03/10 23:01:22| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2016/03/10 23:01:22| Processing: http_port [::1]:3128 intercept
2016/03/10 23:01:22| Starting Authentication on port [::1]:3128
2016/03/10 23:01:22| Disabling Authentication on port [::1]:3128 (interception enabled)
2016/03/10 23:01:22| Processing: acl ftp proto FTP
2016/03/10 23:01:22| Processing: http_access allow ftp
2016/03/10 23:01:22| Processing: acl localnet src fc00::/7       # RFC 4193 local private network range
2016/03/10 23:01:22| Processing: acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
2016/03/10 23:01:22| Processing: acl subnets src 192.168.4.0/24
2016/03/10 23:01:22| Processing: acl remoteblacklist_Shallalist dstdomain "/usr/local/etc/squid/acl/Shallalist"
2016/03/10 23:01:26| Processing: acl SSL_ports port 443 # https
2016/03/10 23:01:26| Processing: acl Safe_ports port 80 # http
2016/03/10 23:01:26| Processing: acl Safe_ports port 21 # ftp
2016/03/10 23:01:26| Processing: acl Safe_ports port 443 # https
2016/03/10 23:01:26| Processing: acl Safe_ports port 70 # gopher
2016/03/10 23:01:26| Processing: acl Safe_ports port 210 # wais
2016/03/10 23:01:26| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2016/03/10 23:01:26| Processing: acl Safe_ports port 280 # http-mgmt
2016/03/10 23:01:26| Processing: acl Safe_ports port 488 # gss-http
2016/03/10 23:01:26| Processing: acl Safe_ports port 591 # filemaker
2016/03/10 23:01:26| Processing: acl Safe_ports port 777 # multiling http
2016/03/10 23:01:26| Processing: acl CONNECT method CONNECT
2016/03/10 23:01:26| Processing: icap_enable off
2016/03/10 23:01:26| Processing: http_access deny remoteblacklist_Shallalist
2016/03/10 23:01:26| Processing: http_access deny !Safe_ports
2016/03/10 23:01:26| Processing: http_access deny CONNECT !SSL_ports
2016/03/10 23:01:26| Processing: http_access allow localhost manager
2016/03/10 23:01:26| Processing: http_access deny manager
2016/03/10 23:01:26| Processing: http_access deny to_localhost
2016/03/10 23:01:26| Processing: http_access allow localnet
2016/03/10 23:01:26| Processing: http_access allow localhost
2016/03/10 23:01:26| Processing: http_access allow subnets
2016/03/10 23:01:26| Processing: http_access deny all
2016/03/10 23:01:26| Processing: cache_mem 256 MB
2016/03/10 23:01:26| Processing: coredump_dir /var/squid/cache
2016/03/10 23:01:26| Processing: refresh_pattern ^ftp:          1440    20%     10080
2016/03/10 23:01:26| Processing: refresh_pattern ^gopher:       1440    0%      1440
2016/03/10 23:01:26| Processing: refresh_pattern -i (/cgi-bin/|\?) 0    0%      0
2016/03/10 23:01:26| Processing: refresh_pattern .              0       20%     4320
2016/03/10 23:01:26| Processing: cache_store_log /var/log/squid/store.log
2016/03/10 23:01:26| Processing: uri_whitespace strip
2016/03/10 23:01:26| Processing: forwarded_for on
2016/03/10 23:01:26| Processing: logfile_rotate 0
2016/03/10 23:01:26| Initializing https proxy context



(https://i.imgur.com/7lqAJCT.png)

Title: Re: Transparent HTTP proxy - ERROR: No forward-proxy ports configured.
Post by: franco on March 22, 2016, 11:30:50 pm

Hi Andreas,

Hab grad das hier gefunden:

http://wiki.squid-cache.org/KnowledgeBase/NoForwardProxyPorts

Wie man das jetzt sauber löst (mal abgesehen von dem Hinweis auf der verlinkten Seite) bei uns in der Konfiguration weiß ich nicht auf anhieb, aber zumindest beeinträchtigt es nicht die generelle Funktionalität, auch nicht das neue HTTPS intercept/ssl-bump.


Grüße
Franco

Title: Re: Transparent HTTP proxy - ERROR: No forward-proxy ports configured.
Post by: franco on December 02, 2016, 02:41:45 pm

Besser spät als nie: Die Lösung ist hier trotz Transparent Proxy Option den normalen Proxy auch auf den Interfaces laufen zu lassen, damit Squid seinen Content darüber verteilen kann an die Clients.