Squid future questions
-
@jimp Thanks, I am aculally in the process of migrating to OpenSense for better proxy support. Thinking about it, I am on the fence right now.
"Setup another system internally with squid that isn't on your firewall to be the proxy and forward/configure traffic to go there before exiting. This could be another dedicated hardware box, a virtual machine, docker container, etc. But it should be something running a more up-to-date/secure proxy than squid if possible. -- Note that while you could use a separate pfSense VM for this, that doesn't address the security problems in squid itself"
This is a great Idea I thought of this also, but what kind of hardware would one need? Could it be as simple as a raspberry pi for a small home network?
Make sure to upvote
-
lol
not laughing at you..just laughing at the flow of the conversation.
All jokes aside - the OPNsense team may in the long run drop support for Squid. They are still weighing their options based on what ive read in the forums.
-
look at pfblockings list of issues also ....
-
@JonathanLee said in Squid future questions:
This is a great Idea I thought of this also, but what kind of hardware would one need? Could it be as simple as a raspberry pi for a small home network?
Depending on your upstream link speed, a Pi may be sufficient, but it's hard to say for certain. No matter what you setup it should be running with a decent size SSD, not flash media, which would require extra hardware on a Pi (like an SSD hat or similar).
You can get a cheap mini PC for <200 with an SSD and a decent amount of RAM (8-16GB+), toss a linux distro on there (or something like proxmox) and have more than enough power for a small proxy. That's probably even cheaper than a current gen Pi with an SSD.
-
@jimp
Other than Squid, any other proxies you can recommend? I got spoiled by pfsense and using a GUI to set up squid. No cli is needed.Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise -
@michmoor me too pfSense spoiled me rotten with Squid :)
-
@michmoor said in Squid future questions:
@jimp
Other than Squid, any other proxies you can recommend? I got spoiled by pfsense and using a GUI to set up squid. No cli is needed.I haven't kept up with that space. Forward proxies have been dead/dying for so long I stopped paying attention. I'm not sure anything else open source is near squid in that market. There may be something else out there that's similar or forked and more up-to-date.
-
@jimp hi, one of the things I love about pfsense is the web filter.
I know that the security is first.
But If a customer request a way to control internet access is a web proxy wit pfsense.
Pfblockerng is a great that but cannot compete vs squid+SG ACL, maybe is possible is hard to setup and mantain, I like pfblockerng and is my 2nd filter.
Now, if I say to my customer, you know, we need to buy 2 boxes, 1 for pfsense and the 2nd for pihole...u know the answer.Does pfsense have a plan to have web filter different than squid?
Thanks.
-
Me I was a student who could never have afforded the ability to purchase the big tech version of Squid to learn proxies and web caches with. After many configuration changes, updates and many posts on the forum to get help from the Netgate community my Squid works and, it works perfectly. I learned alot about Proxy use from this as a student. I hope and please ask that Netgate provide a legacy support option for users that paided for official Netgate hardware. Users like me that already installed and use Squid. Maybe add a clear warning that were on our own. Per Squid's website they update every two years, I am sure you know. So it will be fixed in 2025. Most of the bugs are not on the version Netgate uses also. I really like using it, it just works. Again it's advanced to configure. My family hated me for all the changes from 2019 until today. Every device I installed certificates in my house has a warning on them that a root authority is installed. The devices even warn about it. Side note: We learned about pfSense in class with firewall labs. I have learned much.
-
Looks like Squid's website just released version 6.5 on Nov 4th 2023
That was 10 days ago. . .
I am confused as it was said it was not updated in 2 years. . .
Was updated again Nov 6 2023Also many security issues have been resolved per the GitHub.
I am thinking install it on a raspberry pi 5 8gb and NAT to it from the firewall
