You can do this with Nginx, just google "nginx reverse proxy".  I will say I prefer apache, but that's because it's the httpd server I started with back when I didn't understand anything about the internet. after a quick search I found: https://www.nginx.com/resources/admin-guide/reverse-proxy/ which looks to be a thorough guide and should help you on your way.  You don't mention anything about SSL though but IIRC the guide covers that as well.

Ok, I'm new but I'll do my best. Your first issue is that you're trying to do two separate things.  You can just forward all web traffic from 443 that goes to the second NIC to that internal IP.  That works just fine, no squid is even needed.  In fact if you've dedicated an entire NIC for the lync then you shouldn't even need squid.  Just make sure you're setting the right NIC on the firewall, the right server IP, and disable squid, then see if it works. However, if you want to use squid you should send the incoming NAT rule to 127.0.0.1 and set squid to use the loopback (Services->Squid Reverse Proxy->General) and instead of port 443 internally use something like 8443. Remember that pfSense, as of 2.0 IIRC, doesn't like things coming through on 443 locally.  Also check the interface that you're using as I see that it's OPT1.  On my server hn0 is WAN, hn1 is local so the next one added (assuming I don't swap the local and the second WAN) would be hn2.  So for you OPT0 is probably your WAN1, OPT1 might be your internal network, and OPT2 might be your Wan2. Let me know if this helps.  Pics below of my NAT rules: [image: EqdrW9s.png]

Squid3 reverse proxy doesn't allow for keeping the path currently.  If you setup a redirect from http://mydomain.com/page.html to https://mydomain.com/page.html then you're better off setting some kind of javascript script.  You can use apache to redirect and keep the path, but in order to do so you will need to turn off ssl offloading off for that site. Also of note because of how Squid3 works if you want to use PHP it won't work.  This is because squid uses HTTP to connect to your webserver, unless you use SSL passthrough which something I can't figure out for pfSense, but I know is possible with the version of Squid3 that pfSense has as a package based on the squid3 documentation.

Ive tried many possible configurations regarding HD and Mem caching, even setting sizes to 0 and/or disable totally. But whatever I do, I still end up with speeds ~150/5. CPU is around 50-100% when I speed test. It doesnt seem to apply 1-1 to this issue https://redmine.pfsense.org/issues/6485, because it happens immediately when squid restarts after configurations.

Select the LAN interface. Squid will send traffic out of the default gateway.

I'm using transparent proxy.

Go explicit mode with WPAD and you should only have to worry about manually configuring Android phones to use the proxy Also keep in mind that with android (without rooting) will only use the proxy for web browsing not apps and would need a port 80 and 443 pass rule.

I had the same problem Executing this from Diagnostics > Command Prompt this solved it: rm -rf /usr/local/etc/squid/errors/zh* I think these folders are leftovers from a previous Squid instalation.

What do you have set for Blacklist Options under Services - Squidguard - General settings?  On the Services - Squidguard - Blacklist tab, what output do you get when you click the Download button?

​ Hi, Have you solved your problem? I experience the same issue, where surfing got slower with squid. What is your hardware setup and how have you configured Squid and Squidgard? My internet connection is 100/100 fiber and I want to use squid to reduce load when torrents are running and to remove pop-ups that my browser popup-addon is not taking care of. I am running of Pfsense 2.3_1 with the versions of Squid and Squidgard that is included. My hardware is atom D525 (X7SPE-HF-D525) with 2Gb RAM and the OS is stored on a 60Gb SSD. I followed the following instructions: https://doc.pfsense.org/index.php/SquidGuard_package http://www.moh10ly.com/blog/pfsense/setup-squid-guard-proxy-server-on-pfsense My personal settings: Hard disk cashe size: 3000 Allowed subnets 10.10.10.0/24 (as my pfsense are 10.10.10.1/24). I have used http: //www.shallalist. de / Downloads / shallalist.tar.gz to remove Add sites and I have created a personal filter to remove pop-up adds that are frequent on streaming sites. In my case I will try to add 2Gb more RAM. I have seen that my setup boots OS Solaris slower with 2Gb compaired to the same system with 4Gb RAM and that could be due to my setup needs to cashe data instead of only using the RAM.

@cmb: If you have an old enough version on the primary that it doesn't abort config sync when the config versions are different, you'll end up breaking the CARP VIPs on the secondary when the primary overwrites it because it blows away the uniqid that's required on 2.3. When you upgrade the primary, and config sync afterwards, it'll fix. Thanks, after updating node1 everything is working again.

thanks @BBcan177 yes i just figured this out when i activated Alexa. So i will look further into that. saying that, yes, i found the alerts tab in pfblocker and i also wanted to add them to whitelist by pressing "+" but for some reason pressing + doesn't do anything. this browser thing, you meand pressing F12 while in the alert tab or how can i understand that? Cheers,

Here is what I have so far. I managed to connect all the devices to the network and made them ping each other (PC, Router, Switch, and PfSense) but, the PC connected to the network still would not be able to connect to the internet even though the PfSense itself is connected and has internet connection. Thank you sir for your reply  ;D [image: n.jpg] [image: n.jpg_thumb]

Here are the current open issues for squid, check if your problems are listed there. https://redmine.pfsense.org/projects/pfsense-packages

Ill try and get it updated once 1.6.6 gets tagged. As for the problem you describe i have not seen that reported before, afaik 1.6.4 works properly regarding forwarding headers send by a client. If your still experiencing that issue, then can you share the haproxy config file? (it can be seen at the bottom of the config tab by clicking a 'show config' link) Can you reproduce the issue with a curl request?

Can you tell us how did you cleared up those old installation's files and possibly how do you find them out too? I resetted to factory default the whole PFSense countless times, it always fail to install once it reach 12/15…. Update:                 FIXED, Jimp made it work  :D  https://forum.pfsense.org/index.php?topic=113092.msg631132#msg631132