Hi rjcrowder
Can you tell me what values you are using?

Regards.

Same problem here, been working on this a few days with no result.  The fixes posted for 2.1 don't apply.

did you ever figure out how to get this going?

Edit –-

I was able to get AV with squid 3 to work from this post:

https://forum.pfsense.org/index.php?topic=91362.0

@killmasta93:

You cant block https unless you use WPAD (works but may or may not block on android phones) or explicit proxy which means installing CERTS on each computer/devices.

I'm not 100% in line with this view:
WPAD is used to avoid manual proxy configuration on each and every device (Web Proxy Auto Discovery). Nothing more nor less than this.
On the other hand, your point about certificates to be installed on each device is rather linked (perhaps) to some willingness to implement MITM at proxy level in order be able to scan HTTPS flow content.
Aside the fact that this is weird  :P this is different from access control, fully achievable without MITM.

Regarding MITM, I'm also surprised it's a matter of certificate installation. I would rather say that you have to trust, on each and every device, CA having signed certificate used by Squid. Either manually or deploying CA public key on each and every device  ;)

Or I misunderstand your point  :-[

I'm going to assume I can't do what I want to above.

I also just read that this package hasn't been updated since 2012 due to no freebsd port, so I am probably wasting time trying to configure this - will wait for the e2guardian package

Replying to myself for the sake of documenting the issue..

Replacing Squid2 by Squid3 solved the issue.

Apparently the problem is a combination of package manager assuming HTTP/1,1 protocol mechanisms (revalidation particularly) while Squid-2.7 is only HTTP/1.0 compliant.  Anyways this is what I understood from the reply I got on Squid-cache's bugzilla.

Apparently, the APT problem has been confirmed fixed years ago in Squid-3.1

IMO Squid2 should be marked deprecated in the package repo or strong warning!!!

Thanks for your reply. I came across various other posts that describe the same problem as mentioned above: squid uses always th systems default gateway in a multi-WAN setup. This is an ongoing issue since pfsense 2.0 and not certain if it is even adressed and will be fixed :(
I will try my luck then in the multi-WAN section of this forum.
BTW since you using squidguard and pfblockerNG2 what would you recommend in terms of an effective ad blocking solution?

No, you will not get any error because of missing logs when installing this package again. Don't worry  ;)

First what are you trying to block?

Second In target Categories make two lists see pic.
in the Categories make what you want to block and same thing on the white list what you do not want to block

in the group ACL make another 2 lists see pic

in the ACL edit on which IP will be blocked and edit the target rules for that list see pic

then click save then apply  the settings then delete the cache and try out if it blocks

Remember it will block http sites not https sites. Example: typing www.facebook.com it will be http but going to google then typing facebook it will show https. Now these days sites are using https more  :-[ but the most basic or porn sites are usally http

Clipboarder.2015.05.16.png
Clipboarder.2015.05.16.png_thumb
Clipboarder.2015.05.16-002.png
Clipboarder.2015.05.16-002.png_thumb
Clipboarder.2015.05.16-003.png
Clipboarder.2015.05.16-003.png_thumb
Clipboarder.2015.05.16-004.png
Clipboarder.2015.05.16-004.png_thumb
Clipboarder.2015.05.16-005.png
Clipboarder.2015.05.16-005.png_thumb
Clipboarder.2015.05.16-008.png
Clipboarder.2015.05.16-008.png_thumb
Clipboarder.2015.05.16-009.png
Clipboarder.2015.05.16-009.png_thumb

did you add the Allowed subnets on squid on the ACLs?

Kindly check DNS which clients of VLAN20 are using. Try to use PFsense IP in clients DSN settings.

OK I am Lost
And if you take a look on this settings you will see that you are not using the reverse proxy
As it turns out the Nat rolls negates the Proxy settings
the reasen for that is the way the Nat is configured
Or am I missing something
http://www.moh10ly.com/blog/pfsense/publishing-exchange-on-pfsense
Thanks Daniel

Nat01.PNG
Nat01.PNG_thumb

Never mind, found a workaround. I added a dummy "Target Category" option under SquidGuard and it seems to be working. So, im going to tick this one down as a bug. Please have a look at it for future releases. Thanks.

Go to the top level of the forum (so it will search all sub-forums) and use the Search function.

https://forum.pfsense.org/index.php?topic=87982.0

I also struggle to get squid3 (amd64) on pfsense 2.2. But it already get stuck during the installation process:

Reconfiguring filter… One moment please...

and then remains there forever, no progress. Under "services" there is also no entry for squid (proxy server).
The log gives me this:

May 14 14:15:23 lighttpd[21484]: (network_writev.c.107) writev failed: Operation not permitted 12 May 14 14:15:23 lighttpd[21484]: (connections.c.619) connection closed: write failed on fd 12

How can I resolve this?