where and how can i see
if i Loses connection to the Internet

Maybe my link does not work well

Download begins high speed 2Mb
Drops to 1.1Mb and 500 KBs and stop

i try from another computer on my lan
same result

how can i fix  the problem ??

Thanks for the reply,
Really good stuff, one more questions been looking to implement WPAD, but what if window server 2012r2 handles the DHCP would i need to DMZ to forward it to pfSense to run the DHCP?

Thank you

edit:

So i think i figured it out instead of of adding the WPAD directions on pfSense DHCP I would do it though windows server

Open the DHCP console
Server 2012:
Click Add…
Name: WPAD
Data type: String
Code: 252
In the String Value box, type the URL of the PAC file (eg: http://192.168.3.254:8085/wpad.dat
http://192.168.3.254:8085/wpad.da
http://192.168.3.254:8085/proxy.pac
)
Right click Server Options and click Configure Options
Confirm that 252 – WPAD is ticked and contains the correct URL
Right Click Scope Options and click Configure Options
Scroll Down and tick 252 – WPAD
Click OK

@cmb:

Probably ought to leave them alone if it finds the job and just its time is different.

That's the behaviour I expected but times are changed back to the default.

This problem applies to more cron jobs: squid log rotate, clam-av virus update, etc.

What is a proper workaround?
make shell scripts that execute the php jobs and add them to cron?

Does anyone know a better solution? (because this solution means maintenance with each future release)

Digging up an old thread here but I am having issues caching comodo antivirus definitions

TCP_CLIENT_REFRESH_MISS/200 http://cdn.download.comodo.com/cis/download/installs/cmc3/forest.xml - 198.41.209.106 TCP_MISS/302 http://download.comodo.com/cis/download/installs/cmc3/forest.xml - 178.255.82.5 TCP_MISS/404 http://download.comodo.com/cis/download/installs/cmc3/affiliates/6100/forest.xml - 178.255.82.5 TCP_CLIENT_REFRESH_MISS/200 http://cdn.download.comodo.com/cis/download/updates/release/inis_4020/cis_update_x64.xml.7z - 198.41.209.106 TCP_MISS/302 http://download.comodo.com/cis/download/updates/release/inis_4020/cis_update_x64.xml.7z - 178.255.82.5 TCP_CLIENT_REFRESH_MISS/200 http://cdn.download.comodo.com/cis/download/updates/release/inis_4020/recognizers/proto_v6/cmdscope_update_x64.xml.7z - 198.41.209.106 TCP_MISS/302 http://download.comodo.com/cis/download/updates/release/inis_4020/recognizers/proto_v6/cmdscope_update_x64.xml.7z - 178.255.82.5 TCP_CLIENT_REFRESH_MISS/200 http://cdn.download.comodo.com/av/updatesurl/versioninfo.ini - 198.41.209.106 TCP_MISS/302 http://download.comodo.com/av/updatesurl/versioninfo.ini - 178.255.82.5 TCP_CLIENT_REFRESH_MISS/200 http://cdn.download.comodo.com/av/updates58/versioninfo.ini - 198.41.209.106

No custom ACLS

You can create a set of custom ACLs to control which clients can access the internet through squid. You need to create the following in the Custom ACLS (Before Auth) box under Advanced features in the squid proxy configuration:

## Allow internet access for specific LAN clients acl internet_access_allowed src <ips and="" ip="" ranges="" to="" allow="" internet="" access="" for=""> http_access allow internet_access_allowed ## Allow access for pfSense firewall http_access allow localhost ##Block internet access for all other LAN traffic http_access deny all</ips>

You may still need to use firewall rules for SSL traffic.

worked it out i needed to add to allowed network my home network

Sorry been busy lately i will come back with more details on my problem and how i have setup things to have everything working

Thanks

well for blocking social sites i recommend squid3 with squidguard to block only http and https you have 2 choices use WPAD or use PfblockerNG

@aGeekHere:

Then it was said NOT use LAN_IP, use 127.0.0.1

No. No such thing has ever been said. You were told to make Squid listen on loopback in addition to whatever other interface in case you insist on messing with similar cache managers shit (because that's the only interface allowed by ACLs by default).

That's all there's to it.

@aGeekHere:

I think I am completely confused here.

Yeah. Definitely. Way over your head. Just leave the proxy stuff alone and move on.

Transparent mode won't filter HTTPS unless you install a pfSense CA cert on every client on your LAN.  Is this the case with your config?

To locate source on LAN, you need to look at Squid logs…

https://forum.pfsense.org/index.php?topic=100167.msg559137#msg559137

To filter HTTPS, you will have to install a pfSense CA trusted certificate on every client that will use the proxy.  Since this is inconvenient, so it is better to set squid from transparent mode to explicit mode and then implement WPAD so that your clients an find the proxy automatically.  Some clients will have to be configured manually.

Also just to add something. I have 2 pfsense setups on my vm.

pf1 192.168.1.1 has 2 isp being load balance
pf2 192.168.1.2 is getting internet from 192.168.1.1 and has squid installed