Replying to myself for the sake of documenting the issue..

Replacing Squid2 by Squid3 solved the issue.

Apparently the problem is a combination of package manager assuming HTTP/1,1 protocol mechanisms (revalidation particularly) while Squid-2.7 is only HTTP/1.0 compliant.  Anyways this is what I understood from the reply I got on Squid-cache's bugzilla.

Apparently, the APT problem has been confirmed fixed years ago in Squid-3.1

IMO Squid2 should be marked deprecated in the package repo or strong warning!!!

Thanks for your reply. I came across various other posts that describe the same problem as mentioned above: squid uses always th systems default gateway in a multi-WAN setup. This is an ongoing issue since pfsense 2.0 and not certain if it is even adressed and will be fixed :(
I will try my luck then in the multi-WAN section of this forum.
BTW since you using squidguard and pfblockerNG2 what would you recommend in terms of an effective ad blocking solution?

No, you will not get any error because of missing logs when installing this package again. Don't worry  ;)

First what are you trying to block?

Second In target Categories make two lists see pic.
in the Categories make what you want to block and same thing on the white list what you do not want to block

in the group ACL make another 2 lists see pic

in the ACL edit on which IP will be blocked and edit the target rules for that list see pic

then click save then apply  the settings then delete the cache and try out if it blocks

Remember it will block http sites not https sites. Example: typing www.facebook.com it will be http but going to google then typing facebook it will show https. Now these days sites are using https more  :-[ but the most basic or porn sites are usally http

Clipboarder.2015.05.16.png
Clipboarder.2015.05.16.png_thumb
Clipboarder.2015.05.16-002.png
Clipboarder.2015.05.16-002.png_thumb
Clipboarder.2015.05.16-003.png
Clipboarder.2015.05.16-003.png_thumb
Clipboarder.2015.05.16-004.png
Clipboarder.2015.05.16-004.png_thumb
Clipboarder.2015.05.16-005.png
Clipboarder.2015.05.16-005.png_thumb
Clipboarder.2015.05.16-008.png
Clipboarder.2015.05.16-008.png_thumb
Clipboarder.2015.05.16-009.png
Clipboarder.2015.05.16-009.png_thumb

did you add the Allowed subnets on squid on the ACLs?

Kindly check DNS which clients of VLAN20 are using. Try to use PFsense IP in clients DSN settings.

OK I am Lost
And if you take a look on this settings you will see that you are not using the reverse proxy
As it turns out the Nat rolls negates the Proxy settings
the reasen for that is the way the Nat is configured
Or am I missing something
http://www.moh10ly.com/blog/pfsense/publishing-exchange-on-pfsense
Thanks Daniel

Nat01.PNG
Nat01.PNG_thumb

Never mind, found a workaround. I added a dummy "Target Category" option under SquidGuard and it seems to be working. So, im going to tick this one down as a bug. Please have a look at it for future releases. Thanks.

Go to the top level of the forum (so it will search all sub-forums) and use the Search function.

https://forum.pfsense.org/index.php?topic=87982.0

I also struggle to get squid3 (amd64) on pfsense 2.2. But it already get stuck during the installation process:

Reconfiguring filter… One moment please...

and then remains there forever, no progress. Under "services" there is also no entry for squid (proxy server).
The log gives me this:

May 14 14:15:23 lighttpd[21484]: (network_writev.c.107) writev failed: Operation not permitted 12 May 14 14:15:23 lighttpd[21484]: (connections.c.619) connection closed: write failed on fd 12

How can I resolve this?

Here's exactly what I'm getting in the squid logs…I think its trying to log traffic but something is preventing it...

13.05.2015 12:30:34 10.100.10.3 TCP_MISS/200 cache_object://localhost/active_requests

13.05.2015 07:19:57 X.X.X.X (my public IP) TCP_DENIED/403 cache_object://localhost/active_requests

Looks like this particular issue is confined to 2.2.2 as it's working fine in 2.2.1 and 2.1.5, so there you have it.

I'm currently looking at this  ;)  Nice package  ;D
Adding fail2ban would be perfect  ;)

the dev package is some nice stuff  ;)

You can block HTTPS in Transparent mode, but you need to install a pfSense server certificate on every client that will use the proxy, which is a massive pain in the ass.

haha i love that "pain in the ass" so true  ;D

Also @sjain WPAD will work but there's some androids that wont work. As chris4916 pointed out to me that you would need Drony to install on the androids, which may not work in your situation. Tell you truth if you don't mind just showing a blank error page on block sites use pfBlockerNG it gets the job done maybe not as neat but usually people enter www.facebook.com it comes up at HTTP (which squidGuard will show the nice blocked page) but if they Google search Facebook it comes up at HTTPS pfBlockerNG will not let it connect.

hello

i answer myself lol

i execute  /usr/local/etc/rc.d/>clam-freshclam and after freshclam

thank

perfectly worked i put the WAN IP /24 worked like a charm. I actually never saw that option  :o

Thank KOM