Any update on this squiguard cannot be install on a new version of pfsense.

If I remember, you have to add the IP address that squid listens on to the External cache Managers field in Services - Squid Proxy Server - Local cache.  Your output should look like this: [2.2.5-RELEASE][admin@pfsense.kominc.local]/root: squidclient -h 10.10.4.1 -p 3128 mgr:info Sending HTTP request ... done. HTTP/1.1 200 OK Server: squid Mime-Version: 1.0 Date: Wed, 10 Feb 2016 14:49:20 GMT Content-Type: text/plain Expires: Wed, 10 Feb 2016 14:49:20 GMT Last-Modified: Wed, 10 Feb 2016 14:49:20 GMT X-Cache: MISS from localhost X-Cache-Lookup: MISS from localhost:3128 Connection: close Squid Object Cache: Version 3.4.10 Build Info: Start Time:    Fri, 25 Dec 2015 17:55:34 GMT Current Time:  Wed, 10 Feb 2016 14:49:20 GMT Connection information for squid:         Number of clients accessing cache:      58         Number of HTTP requests received:      9997622         Number of ICP messages received:        0         Number of ICP messages sent:    0         Number of queued ICP replies:  0         Number of HTCP messages received:      0         Number of HTCP messages sent:  0         Request failure ratio:  0.00         Average HTTP requests per minute since start:  148.1         Average ICP messages per minute since start:    0.0         Select loop called: 261284164 times, 15.499 ms avg Cache information for squid:         Hits as % of all requests:      5min: 1.2%, 60min: 3.7%         Hits as % of bytes sent:        5min: 2.0%, 60min: 0.9%         Memory hits as % of hit requests:      5min: 9.1%, 60min: 5.6%         Disk hits as % of hit requests: 5min: 9.1%, 60min: 6.5%         Storage Swap size:      9437124 KB         Storage Swap capacity:  90.0% used, 10.0% free         Storage Mem size:      8100 KB         Storage Mem capacity:  98.9% used,  1.1% free         Mean Object Size:      34.64 KB         Requests given to unlinkd:      0 Median Service Times (seconds)  5 min    60 min:         HTTP Requests (All):  0.06640  0.06640         Cache Misses:          0.06640  0.06640         Cache Hits:            0.00000  0.00091         Near Hits:            0.00179  0.01164         Not-Modified Replies:  0.00000  0.00000         DNS Lookups:          0.03223  0.03374         ICP Queries:          0.00000  0.00000 Resource usage for squid:         UP Time:        4049625.975 seconds         CPU Time:      17684.284 seconds         CPU Usage:      0.44%         CPU Usage, 5 minute avg:        0.94%         CPU Usage, 60 minute avg:      0.80%         Maximum Resident Size: 478176 KB         Page faults with physical i/o: 168 Memory accounted for:         Total accounted:        52310 KB         memPoolAlloc calls: 1936117391         memPoolFree calls:  1943865739 File descriptor usage for squid:         Maximum number of file descriptors:  57960         Largest file desc currently in use:    267         Number of file desc currently in use:  135         Files queued for open:                  0         Available number of file descriptors: 57825         Reserved number of file descriptors:  100         Store Disk files open:                  0 Internal Data Structures:         272539 StoreEntries           1887 StoreEntries with MemObjects           1831 Hot Object Cache Items         272431 on-disk objects

In the backend edit page: Transparent ClientIP WARNING Activating this option will load rules in IPFW and might interfere with CaptivePortal and possibly other services due to the way server return traffic must be 'captured' with a automatically created fwd rule. This also breaks directly accessing the (web)server on the ports configured above. Also a automatic sloppy pf rule is made to allow HAProxy to server traffic. Maybe i should add that accessing haproxy-ip from the same network as where the server exists will be an issue to.. When that box is checked. This problem is similar, method 2 should work with haproxy: https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks But do check your not trading 1 problem for another again.. OPT1 clients might not like the splitdns accessing the server on LAN…

Only way to get a redirect when visiting a blocked https website is if you use MITM method instead of WPAD.  Basically Squid will break an HTTPS tunnel, but isn't able to tell the browser to redirect since you aren't trusting the proxy server to handle the connection.  You are just tunneling through it when using wpad.

@laren626: Everything works fine But there is a problem IDK why it is not serving as a proxy server I got this on my Squid Logs 05.02.2016 10:25:21 Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1… 05.02.2016 10:25:43 172.0.100.203 TAG_NONE_ABORTED/000 http://www.msn.com/ It may occur when you select loopback interface to listen squid on. Try to select only lan, restart the service and test again.

@osaka26: Enable DNS Resolver, Host Overrides; add; on host: www; Domain: google.com; ip address: 216.239.32.20; Save, then ipconfig /flushdns and voila google safesearch on all lan!  

any ideas on this? This is normal and the reason you should avoid transparent mode unless you plan on installing a pfSense certificate into every client that will use the proxy.

You don't want an open proxy, it'll probably be no more than a few hours until someone finds it and starts abusing it. Much better off setting up a VPN and routing all traffic through it.

I might suggest that you try going through a free short online Linux Basics tutorial before you go any further so that you get some needed education on how to move around the file system, how to create & copy files, etc, or this entire exercise will just frustrate you.  Here is one, for example: https://www.edx.org/course/introduction-linux-linuxfoundationx-lfs101x-2 Note that pfSense is based on FreeBSD, not Linux, but all the same concepts still apply. Creating these scripts by typing them in manually is a guaranteed way to make a mistake.  You are better off cutting & pasting the scripts into their respective files on your local computer and then using a pfSense package like File Manager to actually upload the script files to their destination on pfSense.  Then you can try to run them.

You could add a cron job to do it for you but you would be better off figuring out the real problem.  Anything in /var/squid/logs/cache.log?

thanks ,,i made it there

You guys helped me out.  DHCP went out on me and my disk was full.  I got a 5:45AM call from my coffee shop client that some devices weren't working on the network. I had installed, but hadn't yet configured Sarg and Squid, and apparently Sarg was filling my 2GB internal memory (hadn't set up NAS for logging yet).  The unit had been installed for less than a month.  I uninstalled the packages for now until I am ready to set up a logging drive.

hello what is the problem really? how did you configure squid and squidguard please?

OMFG!!!! blowmind!!!! I never thought that where possible! I have to try that… when i get some PC to do the tests. I cannot risk to do it on the working enviroment. Thanks for the advise. yeah cool but if you want limiter it will break it :( but now not sure if limiter is worth it when traffic shaping using codel seems to work wonders for now on the VOIP

Hey thanks for the reply So this is what i have see picture But when i go to sarg reports and go to the denied pages I dont see the pages that have been blocked I tried going to sites blocked but nothing :( Thank you [image: Clipboarder.2016.02.02.png] [image: Clipboarder.2016.02.02.png_thumb]

jimp is right, In "Diagnostics" -> "Ping" do a ping to www.shallalist.de and verify if it responds. if not, your interface or routing settings (including gateway config) may be wrong.

anyone?

There is no easy solution for this. Everytime you install a package the new version is fetched from repository, so if the new package has compatibility issues with the installed pfSense version you will end up with a broken installation. A possible workaround would be to clone the installation from a working system with the old version of pfSense and packages, but I haven't tried that so far. Good luck.