Ive found the solution for me.  ;D I simply reinstalled squid. Now its working properly.

Cheers

Okay, I discovered that the problem might be with the web browser I'm using. I can bring up the report in Firefox, but not at all in Safari. Turning off SSL doesn't make a difference. Trying in a new user and clearing all caches and history doesn't do the trick either.

Thank you, I did this and it's the closest thing to working squid that I've seen yet. With these changes both lagado and chrome detect the proxy settings.
Unfortunately, squid (or at least squidguard) doesn't work.

If port 80 is open, then proxy files are transmitted, autoconfigure is completed and lagado and chrome report using the proxy settings. However, everything appears to be bypassing the proxy somehow? Apparently nginx is opening its listening port (nmap reports port 80 on my pfSense box opened by nginx) on my LAN, because with that configuration enabled, port 80 is opened, if I change the listen port, then that port is open (my rules block ports 80 and 443 except in a few specific circumstances). I still don't understand how this is allowing SSL (443 is closed, nginx didn't open it, and nmap doesn't report it opened) but not applying squidguard rules to SSL?

If I close port 80 after the proxy file has been downloaded, then it simply destroys the internet connection,

I tried forwarding all port 80/443 traffic to 127.0.0.1 on 3128 to force http&/s traffic to squid, but that didn't work either.

Any suggestions?

At this point I'd also be interested in a way to use shallalist on pfBlockerNG…. pfBNG does everything that I want from squid except shallalist, and it just works with no issues.

Hi,
Did you manage to solve this ? I'm facing the same problem, tried a couple of things but no luck so far …

I agree that it could definitely be improved, but I wanted to make sure you weren't under some false notion about what pfSense is and isn't.

same problem. anyone?

Hi Chris

Thank you very much for your answer. What is Squid configuring in background if I enable transparent mode?
Do I need to configure pfSense as follows, if I want, for example, forward traffic to port 5555 transparently to Squid?

INSIDE Interface: Source of Traffic
192.168.10.10: IP Address of the interface on which Squid is listening
3128: Squid port

Thank you
asan


Does anyone have a guide or tips on how to install mod_security on PFSense 2.3? Module is gone now and I suspect it is due to the change to nginx; there are builds f mod_security now for nginx so am wondering if anyone has tried using it for a reverse security proxy in latest pfsense?

Thanks

Curiously, what are "Rewrite Children" exactly? Individual processes that are redirecting traffic if needed or?

That's exactly what it is.  For every URL being processed by squid, it hands it off to a squidGuard child thread.  If you have lots of users and limited children, then your users web experience will be slower as they wait for a thread to be freed.

Check the firewall logs, check the state table, see if the traffic is getting through on the correct port(s) or being blocked.

The squid cache is going to cause more writes than anything in /var or /tmp would, so it's a wash if you put the cache on your SSD. If you are worried about writes, get a higher quality SSD.

Thank you, I did that and it all works great now!