Lets give a try I will let u know. Sorry, yes the main point is to use thundercache in the network protect by pfsense. Will be the main web proxy(Thundercache). Thanks.

@KOM: Will snort (lan) work with an access point connected directly to Pfsense? Sure, why not?  It's just a WLAN. I think Snort (lan) doesn't work if a switch is connected and the data is being sent directly to the other device through the switch and basically bypassing the firewall? Yes, that's kind of obvious.  Snort on pfSense can only scan the networks attached to it.  It your existing WLAN goes to a switch that's upstream from pfSense then pfSense isn't even path of the network path for your wireless clients. Thank you Kom, still a little new at this. Just to confirm, traffic between clients on a WLAN will pass through Pfsense (if directly attached)? Or does it work like a switch and traffic flows between wireless clients without passing through Pfsense?

Why don't you use a double firewall then? Leave the phone plugged into the first router (192.168.1.1), the PFSense box on the Wan interface can either be the IP you said or get a DHCP from the first router. Then on the LAN side make it a 10.x.x.x IP scheme so that none of the LAN side will even see the same subnet as the first router. Then put all your computers behind the second router (PFSense). I have that working here at home now. I think Dansguardian would be a better choice as it is a content filter not just a DNS URL blocker. You will still need to have the SSL man in the middle working or google won't get filtered. Jim

That sort of setup isn't possible currently. It would take a lot more code to allow the proxy to run multiple instances and use separate settings for each one. Probably more than double the code it has now, if not more. It's not likely to happen any time soon, the old style kernel FTP proxy may come back before that would happen.

ok looks like the problem was an intervace without IP config was inadvertedly selected under proxy interfaces on squid config page. Seems to be working now (at least service starts) these errors/warnings remain: php-fpm[71851]: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2015/03/31 18:38:12| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"' which came from "Cache Dynamic Content" being unselected while multiple options like "Windows Update" where selected below it… so enabling it again got rid of that warning above. hope it helps someone.

@reinaldo.feitosa: I found the problem! Yes, you did. Thank you very much for posting the fix. I applied it by patching the 2 new lines of code into my local version; it was a perfect diff save for those so I could also just have dropped your new file in. It worked perfectly on the following configuration: pfsense 2.2.1-RELEASE (amd64) squid3 3.4.10_2 pkg 0.2.6 Lightsquid 1.8.2 pkg v 2.35 Again, thank you very much.

I thought you were looking for sgerror.php for use with SquidGuard.

@Spix: Problem, publish with HAproxy removes host header information, the iis only sees a port80 request check the haproxy config again(I suggest Haproxy1.5) and check if you are testing it via ip or fqdn.

Yep, did a full re-install and installed squid3 and squidguard-devel and all is working, except antivirus on squid3. UPDATE: Clicked SAVE twice on antivirus settings of squid3, addressed stated config errors in red, and now antivirus is  working. Snort, Squid3, and Squidguard-devel help contribute to make pfSense one hell of a firewall.

Hi The proxy PAC file is provided by the filtering service provided to the school and nothing owrks without it. However, I may now have a way past this as I'm being sent a fixed proxy IP and port which pfSense will take. Thanks for respodning & trying to help.

Hey all, I seem to be facing a similar issue, was wondering if any of you had any further insight. For the record, I'm running Squid 2.7.9 pkg v.4.3.6. Here's the output to some of the commands mentioned previously: [image: mQBTXPT.jpg] php-fpm[27821]: /rc.start_packages: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure' returned exit code '1', the output was 'squid: ERROR: No running copy' But when I change something in the proxy configuration and save it, I only see the following in the logs: php-fpm[96582]: /pkg_edit.php: Reloading Squid for configuration sync I think this means it's working, but whenever my box reboots I see the "No running copy" error. Is this just a sham or is something really off?

Start again with Squid3.  Don't waste time trying to debug a broken package.

i dont understand why I'm blocking port 80 You typically block ports 80/443 so that your users are forced to use the proxy.  If your proxy is optional, then you don't need to bother blocking 80/443.

Thanks KOM, You were right killing the antivirus (and stopping the services) did make everything work. I now know where to look! Thanks for all of your help!

The problem is squid version 3.4 is not compiled with ldap search custom sguid package should work

I was able to get it running by going through every tab and hitting save.  I saw this in another thread on here. thanks for you help!

Well, you could do what I asked the other guy to do…