Hello, many thanks for your reply. With snort service up and Squid down everything was fine. So I was sure the problem was with Squid and some setting. During the week end i found the problem and I report the solution for any newbie like me. The problem was in SquidGuard and the standard categories: you have four option per each category, -, allow, deny, whitelist. I configured all categories with deny or allow. For categories for which you are not interested if you put the - option and populate with deny only the ones you want to block, then everything works fine. I'm still missing the reason and as a newbie it is still not very clear to me the difference between the - option and the allow. In other professional appliances, you must put the option allow or by default it is intended as blocked. As general experience after installing pfsense, what I miss is a comprehensive manual where all options are described and related effects are listed. For the rest, this firewall is great and has nothing less than several professional appliances.

Já encontrei o problema. Como eu estava com certificado instalado vi que a opção correta é Splice Whitelist, Bump Otherwise. Estava setado com Splice ALL. Thanks –---------------------------------- I already found the problem. As I was with certificate installed so a correct option is a white list of splice, otherwise bump. It was set with Splice ALL. thank you

Same issue, the squidguard service just won't start.

Interested in what you were trying here, as I'm looking into something similar. What was your embedded hardware? I'm assuming without large amounts of ramdisk this was a non starter? Or were you using some other disk for the cache?

I found that adding apple.com icloud.com mzstatic.com to the whitelist at Services>Squid Proxy Server>ACLs seems to work for me (in addition to the FAQ from diladele from sichent above, if you are using the Diladele Web Safety.)

Hello, we have the same probleme –> If squid is not transparent it works fine, as soon as i try to use squid in transparent mode, it strips out http. …after i´m upgrade the pfSense to 2.3.3 and update the package Squid package to 0.4.36_2. Same system and pkg versions like olivierofava. @doktornotor Sorry, but behind the link there is nothing. Do NOT multipost. https://forum.pfsense.org/index.php?topic=127998.0 I remember that we have the problem in the past. I think it was this problem: https://redmine.pfsense.org/issues/5869 Feels like the same… Best Regards Jesse

chidgear Thanks Your Logic worked for me using SSL with transparent mode and skype working Fine. including group conversation + File send / receive All what we need to do, as Microsoft added some IP's in its AS Number Network IP series. use this to find it. whois -h whois.radb.net '!gAS198015' Link is here , you get the Info. http://bgp.he.net/AS198015#_asinfo Cheers !!!! ;) :) :) :) :) 8) @chidgear: Okay, I respond partially to myself (this isn't over yet), but if someone gets it useful, here are some progress I did. Looking on other forums and internet articles, I found a buddy having a similar trouble, caused by his skype version. Once discarded that their windows and IE version where the problem, one user said: What do you see now when you open this link in your Internet Explorer? https://apps.skypeassets.com/static/skype.client.l​​​​​​​​​ogin/3.0/3.30/release/login.html This gave me an idea… I tried it on a restricted machine and Voila! it showed the IP's I needed in the squid error screen saying that there was a handshake error. I putted the IP's on the bypass and skype worked again. I can log in and out anytime, and send messages without the message saying that cannot be delivered. (It could change on time, but until today, these where the IP addresses: 23.73.247.53 23.2.99.20 23.11.250.157 all of them provided (in some or another way) from apps.skypeassets.com I added these ips, and the FQDN apps.skypeassets.com to the bypass and the login issue was over. Now, there is another issue. The files cannot be sent, and I cant see all my contacts in realtime. I guess this is a matter of the skype cloud, so I'll keep digging. If someone wants to help, or has some information about the skype cloud IPs, I'll be gratefull. 0_0)b Good luck! references: Sorry, we couldn't connect to skype. please check …

I dont know that how I attach squid log

Check with firebug or embeded site debug available on current browsers. Check network status to see it the authentication are poping up for each image. Or if show site erros on JavaScript

Does it look like what you need? [Internet] [real IP address] [Proxy 1] – 192.168.4.70  [192.168.4.0/24]  192.168.4.80  –--- [Proxy 2] –--- 10.30.30.1    -----  LAN users                                                   --  192.168.5.70  [192.168.5.0/24]  192.168.5.80  –--                ----- 10.30.30.2    --------- When you give IP to users, will it be proxy IP or gateway IP? Or it does not matter? Why do you need to mask proxy, exactly? Could you explain in detail, preferably live example? Are you good at networking or newbie ?

if it helps for web filtering https://forum.pfsense.org/index.php?topic=112335.0

You'd have to set that in your squid settings somehow. All the firewall sees is the client talking to the proxy on the proxy port. Beyond that it's the proxy handling whatever the client wants.

Its a project for work so I do need the https filtering but as its BYOD I can't push certs. Splice all works, its just that there is no url database that comes close to what Fortigate offers. I didn't expect it would work as well, the databases being provided for free after all. So I do want https filtering I just don't want to push certs but all sichent posts assume I'm ok with certs ;) In short: Splicing blocks https but the lack of a solid (paid) database means pfsense won't be an alternative to our Fortigates.

https://forum.pfsense.org/index.php?topic=124402.msg688335#msg688335

Hi a big thanks The problem was i don't define a name for the acl action  :-[ :-[ :-[ thank you for your help. Lolo

Sorry, I was absent and haven't access to forum I find source of problem. It's appear when in field "Remote syslog host" I fill "/var/run/log", recommended for local logging. And after I clear this field - no problem with log files. But I not see any messages from Haproxy in local log.//