proxy custom config

[siginigin]

Hi guys,

I need to configure squid to have both listen for transparent and non-transparent requests. I didn't find web gui option to do this, only one of them is possible. It is possible to add http_port 3127 in /usr/local/etc/squid/squid.conf and after service squid restart it is working. However this change is overwritten after change from web gui.

How this can be done? And in general, how can I customize other things not included in web gui?

Thank you for your help.

[fabian]

Aren't only the localhost bound ports transparent?

[siginigin]

Well, there transparent ports 3128 and 3129 for IPv4&6, like this generated by OPNsense:

# Setup transparent mode listeners on loopback interfaces
http_port 127.0.0.1:3128 intercept ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
http_port [::1]:3128 intercept ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
https_port 127.0.0.1:3129 intercept ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
https_port [::1]:3129 intercept ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on

Moreover I need to add this for clients who has proxy configured manually:
http_port 127.0.0.1:3127 ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
http_port [::1]:3127 ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on

Is that possible?

[fabian]

can you try to add the interfaces? 127.0.0.1 and ::1 (loopback interface) will only work transparently.