Hi rjcrowder Can you tell me what values you are using? Regards.

Same problem here, been working on this a few days with no result.  The fixes posted for 2.1 don't apply. did you ever figure out how to get this going? Edit –- I was able to get AV with squid 3 to work from this post: https://forum.pfsense.org/index.php?topic=91362.0

@killmasta93: You cant block https unless you use WPAD (works but may or may not block on android phones) or explicit proxy which means installing CERTS on each computer/devices. I'm not 100% in line with this view: WPAD is used to avoid manual proxy configuration on each and every device (Web Proxy Auto Discovery). Nothing more nor less than this. On the other hand, your point about certificates to be installed on each device is rather linked (perhaps) to some willingness to implement MITM at proxy level in order be able to scan HTTPS flow content. Aside the fact that this is weird  :P this is different from access control, fully achievable without MITM. Regarding MITM, I'm also surprised it's a matter of certificate installation. I would rather say that you have to trust, on each and every device, CA having signed certificate used by Squid. Either manually or deploying CA public key on each and every device  ;) Or I misunderstand your point  :-[

I'm going to assume I can't do what I want to above. I also just read that this package hasn't been updated since 2012 due to no freebsd port, so I am probably wasting time trying to configure this - will wait for the e2guardian package

Replying to myself for the sake of documenting the issue.. Replacing Squid2 by Squid3 solved the issue. Apparently the problem is a combination of package manager assuming HTTP/1,1 protocol mechanisms (revalidation particularly) while Squid-2.7 is only HTTP/1.0 compliant.  Anyways this is what I understood from the reply I got on Squid-cache's bugzilla. Apparently, the APT problem has been confirmed fixed years ago in Squid-3.1 IMO Squid2 should be marked deprecated in the package repo or strong warning!!!

Thanks for your reply. I came across various other posts that describe the same problem as mentioned above: squid uses always th systems default gateway in a multi-WAN setup. This is an ongoing issue since pfsense 2.0 and not certain if it is even adressed and will be fixed :( I will try my luck then in the multi-WAN section of this forum. BTW since you using squidguard and pfblockerNG2 what would you recommend in terms of an effective ad blocking solution?

No, you will not get any error because of missing logs when installing this package again. Don't worry  ;)

First what are you trying to block? Second In target Categories make two lists see pic. in the Categories make what you want to block and same thing on the white list what you do not want to block in the group ACL make another 2 lists see pic in the ACL edit on which IP will be blocked and edit the target rules for that list see pic then click save then apply  the settings then delete the cache and try out if it blocks Remember it will block http sites not https sites. Example: typing www.facebook.com it will be http but going to google then typing facebook it will show https. Now these days sites are using https more  :-[ but the most basic or porn sites are usally http [image: Clipboarder.2015.05.16.png] [image: Clipboarder.2015.05.16.png_thumb] [image: Clipboarder.2015.05.16-002.png] [image: Clipboarder.2015.05.16-002.png_thumb] [image: Clipboarder.2015.05.16-003.png] [image: Clipboarder.2015.05.16-003.png_thumb] [image: Clipboarder.2015.05.16-004.png] [image: Clipboarder.2015.05.16-004.png_thumb] [image: Clipboarder.2015.05.16-005.png] [image: Clipboarder.2015.05.16-005.png_thumb] [image: Clipboarder.2015.05.16-008.png] [image: Clipboarder.2015.05.16-008.png_thumb] [image: Clipboarder.2015.05.16-009.png] [image: Clipboarder.2015.05.16-009.png_thumb]

did you add the Allowed subnets on squid on the ACLs?

Kindly check DNS which clients of VLAN20 are using. Try to use PFsense IP in clients DSN settings.

OK I am Lost And if you take a look on this settings you will see that you are not using the reverse proxy As it turns out the Nat rolls negates the Proxy settings the reasen for that is the way the Nat is configured Or am I missing something http://www.moh10ly.com/blog/pfsense/publishing-exchange-on-pfsense Thanks Daniel [image: Nat01.PNG] [image: Nat01.PNG_thumb]

Never mind, found a workaround. I added a dummy "Target Category" option under SquidGuard and it seems to be working. So, im going to tick this one down as a bug. Please have a look at it for future releases. Thanks.

Go to the top level of the forum (so it will search all sub-forums) and use the Search function. https://forum.pfsense.org/index.php?topic=87982.0