Squid 3.3.4 package for pfsense with ssl filtering
-
Hi,
I am planning tu use squid3 for transparent proxy for http and ssl intercepting proxy (443) on a Multi-WAN environment.
So my question ist not directly related to the package but how do you use loadbalancing for ports 80/443 if these connections alsways have the same source like 127.0.0.1 ?To make it a little bit clearer
I am not asking how to configure a pfsense with Multi-WAN and squid to use all WAN connections and not only one.
I am interested in how to make it work that port 80 and port 443 can be loadbalanced even if the source is always squid/pfsense itself (127.0.0.1) and so I can not balance based on the source-IP. Policy based routing for these two ports will not make sense and sticky connections - I think they will always use one WAN for these two ports.I explained a little bit more here:
http://forum.pfsense.org/index.php/topic,68120.0.htmlI would really appreciate any help so that I can configure my test machine and do some tests ;-)
-
Maybe with a lot of acls based on source ip acls to define tcp_outgoing address.
I'm seeing some posts related to problems with 127.0.0.1 load balance on 2.1
-
Maybe with a lot of acls based on source ip acls to define tcp_outgoing address.
I'm seeing some posts related to problems with 127.0.0.1 load balance on 2.1
Interesting point. tcp_outgoing_address and ACL with source IP and source port 443 could do the trick. 3 tcp_outgoing each for every of the 3 WAN connection. Port 80 can be probably done with the gateway groups of pfsense in Manual Outbound NAT. Will give that a try.
-
Hi marcelloc. Does this version capable of blocking https sites in transparent mode?
-
-
Thanks natchflake. I'm trying to download squid-3.3.5 from the above address given by marcelloc using also the procedure as instructed, but i'wasn't able to download it. It says Unable to fetch the file. Can I download it manually and save it in any pfsense folder using file manager packages? IF yes how can i install it once i've save it? for example i saved it to /usr/local..
Thanks
-
Thanks natchflake. I'm trying to download squid-3.3.5 from the above address given by marcelloc using also the procedure as instructed, but i'wasn't able to download it. It says Unable to fetch the file. Can I download it manually and save it in any pfsense folder using file manager packages? IF yes how can i install it once i've save it? for example i saved it to /usr/local..
Thanks
Hi,
please try to install squid3-dev form pfsense package manager. This will give you all you need. After that you have to fetch some single files from command shell. This should be enough.
This post should explain it:
http://forum.pfsense.org/index.php/topic,62256.msg371582.html#msg371582At the moment I do not find the post where marcelloc posted all the missing libs/files you need to fetch manually.
-
for amd64
fetch -o /usr/local/lib/libasn1.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10 fetch -o /usr/local/lib/libgssapi.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10 fetch -o /usr/local/lib/libheimntlm.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10 fetch -o /usr/local/lib/libhx509.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10 fetch -o /usr/local/lib/libkrb5.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10 fetch -o /usr/local/lib/libroken.so.10 http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10for i386
fetch -o /usr/local/lib/libasn1.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10 fetch -o /usr/local/lib/libgssapi.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10 fetch -o /usr/local/lib/libheimntlm.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10 fetch -o /usr/local/lib/libhx509.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10 fetch -o /usr/local/lib/libkrb5.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10 fetch -o /usr/local/lib/libroken.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10You can also fetch from any frebsd 8.3
-
Hi nachtfalke
Sorry I'm mean this url http://e-sac.siteseguro.ws/packages/8/All/squid-3.3.5.tbz
I wasn't able to get the missing libs. to make squid working and squidguard too
-
Hi nachtfalke
Sorry I'm mean this url http://e-sac.siteseguro.ws/packages/8/All/squid-3.3.5.tbz
I wasn't able to get the missing libs. to make squid working and squidguard too
Did you see the post marcelloc posted on top of your post?
-
Hi, while i continue reading
I'v found this instructed by marcelloc to other member.
. cd /usr/local/lib
. fetch url_for_libsDownload all libs from my ldd folder.
What doe's he mean by the "fetch url_for_libs" ?
Because what I tried is this on console "fetch //http://e-sac.siteseguro.ws/pfsense/8/All/ldd/"
and it says not found. Did I do it correctly?
-
Sorry I didn't see it earlier.
Thanks Nachtfalke and marcelloc :)
-
Sorry I'm mean this url http://e-sac.siteseguro.ws/packages/8/All/squid-3.3.5.tbz
No need to fetch 3.3.5. Use default 3.3.8 from oficial repository.
-
Guys what i did was this to be exact
- (8) shell
- cd /usr/local/lib
- fetch -o /usr/local/lib/libasn1.so.10 http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10
But it says not found.
I feel ashamed cause i wasn't able to install them while others can :(
-
Is there a way to copy the missing libs directly to the pfsense without fetching?
-
Is there a way to copy the missing libs directly to the pfsense without fetching?
Unfortunately no. I've asked core team to copy these libs to official repo but I had no luck with that.
These are missing so libs for gssapi. Other packages(freeradius2, postfix) need this libs too.
-
I hope all missing libs are included soon. I really wan't to block certain secured sites on my work. And I think this version is amazing.
Does anyone has a workaround in fetching libs?
-
I hope all missing libs are included soon. I really wan't to block certain secured sites on my work. And I think this version is amazing.
Does anyone has a workaround in fetching libs?
Just try with this command:
cd /usr/local/liband in this folder:
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10 fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10 fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10 fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10 fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10 fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10Perhaps you have to check the file permissions after you copied the files.
Or download the libs via your webbrowser and copy these files to pfsense using the GUI:
DIAGNOSTICS –> Command Prompt -
Thanks Nachtfalke
How stupid i'am. I a'm using the word "ALL" instead of "All" plus. I erase all my config to squid, I uncheked everything before re-fetching. Thanks again :)
-
Hi. Its already working fine but I've noticed that the other browser like google chrome. I've noticed that it wont trust the certificate when entering into secured sites. It says the Certificate is not trusted and theres no option for the user to continue and accept it. Unlike to other browser theres an optio to get the certificate and continue to the website. Or to trust the cerficate.. Is this normal, or theres a way to overcome this? Thanks
