i dont think it matters your using ipsec.. When using transparent-client-ip feature ALL reply traffic from the webserver:port is redirected to the pfsense system ip-stack for haproxy to pick up.. This also happens when accessing a server on opt1 from the lan-network.. It is a limitation of the ipfw & pf firewall combination required to make transparent-client-ip work.. Workaround might be to portforward incoming requests over ipsec or other to haproxy. Its a known issue, also in the warning/explanation near the transparent-client-ip setting, however to get it solved a patch to pf is needed.. https://redmine.pfsense.org/issues/3943 . Not sure if/when that will get applied..

Tried localhost isntead of 127.0.0.1  and it worked.  ::) ::) ::) ::)

Not yet. When a new squidguard version is released the package version will be incremented and you will see that System > Packages. Steve

thanks sir its work :D

Thanks jimp, implemented the fix successfully on two machines.

o gotcha gotcha didn't see that anyway i just reinstalled it unfortunately it need to edit the sgerror php to my liking but besides that its doing a great job Thank again

Bump Any one? I'm stuck for 2 days here :'(

same I made a post about it down, fresh install right?

Changed perl location at top of clwarn.cgi from /usr/pbi/squid-i386/local/bin/perl5.18.4/bin/perl to /usr/local/bin/perl Although both binaries seem to run fine, it prefers the second.

oh sorry, I think that I found answer to my question acl HOST1 src 192.168.0.114/32 acl HOST2 src 192.168.0.115/32 tcp_outgoing_address 192.168.2.91 HOST1 tcp_outgoing_address 192.168.2.91 HOST2 :) BUT is it possible to specific this just for one port ? Thanks

Well, I'll try setting it up that way (the vlan) tonight and see if it works.

Use squidGuard in conjunction with a blacklist like Shallalist and you will catch a lot of the common sites.  For other sites, create your own Target Category and then load it with whatever domains, URLs and regex you want.

Ok Got that. What if I want to allow a group of users to only certain websites?  Example…. Allow them access to google.com, yahoo.com and msn.com, but block all other websites. Thanks, Rick

Hi guys, I cannot believe nobody can help me here or at least tell me that I have an error in my plan. Do I need the second NIC (so, is there a requierement for NAT)? Regards Johannes

Destination: WAN What kind of dest is that?  It would be dest ANY? My bad on wording that wrong, why would dest be WAN is what I meant to say.

@KOM: Why on Earth would you wait 2 months and then reply back in Spanish???? !!! :D

Is there a way to temporarily disable squidGuard? Uncheck the Enable box?