Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense, squid, squidGuard, Dansguardian and CDNs?

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      ppmax
      last edited by

      Hi

      I've got pfsense running with squid, squidGuard, and Dansguardian running and everything works great, except when I try to update my software (I'm on OS X and OS updates are handled through the App Store). What happens is that the download starts and then eventually peters out around 870MB, and then restarts…I can never get past this unless I disable the all firewall rules (pfctl -d) and temporarily disable my the NAT forwarding rules for squid and dansguardian.

      I've monitored my dansguardian access.log, squid log, and squidGuard and can't figure out what is blocking or resetting these large downloads (~5GB).

      I've tried adding a whole bunch of domains (akamaitechnologies.com, appimg.com, apple.com, etc) to the dansguardian exceptions lists, but no dice. I don't have any other rules that might affect this.

      Right now I'm thinking this has something to do with the squid cache, but I can't figure out how to troubleshoot this more.

      Any advice or tips?

      thx
      PP

      1 Reply Last reply Reply Quote 0
      • A
        aGeekhere
        last edited by

        I have a similar problem, running squidGuard-squid3 and squid3-dev with transparent proxy (SSL filtering) and I can not get windows updates get 80072F8F error.

        Never Fear, A Geek is Here!

        1 Reply Last reply Reply Quote 0
        • A
          aGeekhere
          last edited by

          solved  https://forum.pfsense.org/index.php?topic=73640.45

          Never Fear, A Geek is Here!

          1 Reply Last reply Reply Quote 0
          • P
            ppmax
            last edited by

            Hi aGeekHere-

            I read your last post in that thread…so this is not solved for you?

            Also, you said your problem is similar to mine....do your downloads start but never finish? Or do you get that error right away?

            My issues seem to be related to the CDN switching me to another server after a portion of the payload is downloaded...at least that is my theory.

            thx
            PP

            1 Reply Last reply Reply Quote 0
            • A
              aGeekhere
              last edited by

              With SSL filtering on, Windows update and adobe updates will not connect. With SSL filtering off it does connect and downloads.
              If you turn off SSL filtering does yours download?

              Never Fear, A Geek is Here!

              1 Reply Last reply Reply Quote 0
              • P
                ppmax
                last edited by

                Hm…sounds like our issues are slightly different...Im definitely getting a connection; For example I'll get a sustained 60Mb/s and then all of a sudden (after 850MB) the connection peeters out and then will restart...peg my throughput, then stop...then start again.

                Isn't there some setting to allow URL's in URL's?

                I wish I could track down what log to look at; I've checked Dansguardian logs, squid logs, squidGuard logs...nothing that I can see. I need to figure out a way to insert a tap between my cable modem and pfsense so I can run Wireshark...

                thx
                PP

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.