diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
index 9e54a3007..96540264e 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
@@ -179,14 +179,17 @@
text
-
proxy.forward.addACLforInterfaceSubnets
diff --git a/src/opnsense/scripts/proxy/setup.sh b/src/opnsense/scripts/proxy/setup.sh
index a360a80e1..d848f3ab1 100755
--- a/src/opnsense/scripts/proxy/setup.sh
+++ b/src/opnsense/scripts/proxy/setup.sh
@@ -7,5 +7,5 @@ for SQUID_DIR in ${SQUID_DIRS}; do
chown -R squid:squid ${SQUID_DIR}
chmod -R 750 ${SQUID_DIR}
done
-
+/usr/sbin/pw groupmod proxy -m squid
/usr/local/sbin/squid -z
diff --git a/src/opnsense/service/templates/OPNsense/Proxy/rc.conf.d b/src/opnsense/service/templates/OPNsense/Proxy/rc.conf.d
index 1f9b7b856..60a4188ee 100644
--- a/src/opnsense/service/templates/OPNsense/Proxy/rc.conf.d
+++ b/src/opnsense/service/templates/OPNsense/Proxy/rc.conf.d
@@ -1 +1,4 @@
squid_enable={% if OPNsense.proxy.general.enabled|default("0") == "1" %}YES{% else %}NO{% endif %}
+
+squid_opnsense_bootup_run="/usr/local/opnsense/scripts/proxy/setup.sh"
+
diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
index 15c82c5a9..94a7d99cc 100644
--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@@ -3,11 +3,16 @@
# Do not edit this file manually.
# setup listen configuration
+{%if OPNsense.proxy.forward.transparentMode == '1' %}
+# transparant mode, listen on localhost
+http_port 127.0.0.1:{{ OPNsense.proxy.forward.port }} intercept
+{% endif %}
+
{% if helpers.exists('OPNsense.proxy.forward.interfaces') %}
{% for interface in OPNsense.proxy.forward.interfaces.split(",") %}
{% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
-http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }} {%if OPNsense.proxy.forward.transparentMode == '1' %}intercept{% endif %}
+http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }}
{% endif %}
{% endfor %}
@@ -15,7 +20,7 @@ http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }} {%if OPNsense.
{% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
-http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }} {%if OPNsense.proxy.forward.transparentMode == '1' %}intercept{% endif %}
+http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
{% endif %}
{% endfor %}
diff --git a/src/www/firewall_nat_edit.php b/src/www/firewall_nat_edit.php
index 852916470..a090f3497 100644
--- a/src/www/firewall_nat_edit.php
+++ b/src/www/firewall_nat_edit.php
@@ -155,10 +155,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (!$pconfig['interface'])
$pconfig['interface'] = "wan";
} else {
- $pconfig['interface'] = "wan";
- $pconfig['src'] = "any";
- $pconfig['srcbeginport'] = "any";
- $pconfig['srcendport'] = "any";
+ if (isset($_GET['template']) && $_GET['template'] == 'transparant_proxy') {
+ // new rule for transparant proxy reflection, to use as sample
+ $pconfig['interface'] = "lan";
+ $pconfig['src'] = "lan";
+ $pconfig['srcbeginport'] = 'any';
+ $pconfig['srcendport'] = 'any';
+ $pconfig['dst'] = "any";
+ $pconfig['dstbeginport'] = 80 ;
+ $pconfig['dstendport'] = 80 ;
+ $pconfig['localip'] = '127.0.0.1';
+ // try to read the proxy configuration to determine the current port
+ // this has some disadvantages in case of dependencies, but there isn't
+ // a much better solution available at the moment.
+ if (isset($config['OPNsense']['proxy']['forward']['port'])) {
+ $pconfig['localbeginport'] = $config['OPNsense']['proxy']['forward']['port'];
+ } else {
+ $pconfig['localbeginport'] = 3128;
+ }
+ $pconfig['natreflection'] = 'enable';
+ $pconfig['descr'] = "redirect traffic to proxy";
+
+ } else {
+ $pconfig['interface'] = "wan";
+ $pconfig['src'] = "any";
+ $pconfig['srcbeginport'] = "any";
+ $pconfig['srcendport'] = "any";
+ }
}
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {