Squid3 - New GUI with sync, normal and reverse proxy

sunghost

Hello,
first you make a very good job. Pfsense as well all package developer. I look since weeks for a solution to use an webproxy with antivirus and contentfilter. First i want to use dansguardian, but the last version is from 2012 - very old. than i wanted to use havp, but this version is from 2010! and it looks like the latest security fix is not included in pfsense havp package. I use always stable version for my production environment so squid whould a good choice, but the version of the package is from 2008-2010! and the squid3 beta is also old 2012!

After reading lots of post here in this forum and the most of this over 23 pages in this thread i am not alight with a positiv feeling of using it. The package Info link of squid3 in pfsense leads also to this thread which is a bad overview for information to this package. In my eyes this part must created new with infos over the package and not to a thread with errors and other parts of an information to a package. So in short why are the packages old and what whould be the choice of using a webproxy with antivirus and content filter/security?
thx and this is no offense to anybody just my impression.

finalcut

then push $$$$upport to programmer for those updates
i try to send him donation for his great job but my country is blocked

Tikimotel

@finalcut:

then push $$$$upport to programmer for those updates
i try to send him donation for his great job but my country is blocked

My country wasn't blocked, so I donated today!

finalcut

i am not kidding
also it happen with pfsense i try to buy two stickers (as simple first  donation) and they send the money back to me

any way i try to encourage my company to get pfsense support , they can buy any thing from anywhere

sunghost

You are right, donation for the developer and the project is always good. Thats not the question. i think its not good to use package which are older than 1 or 2 or more years. or packages which seems not longer develop. you know? All things getting faster, the development the bad guys and also the features of some packages which we cant use, while our older than 1 year. i also think its not in any case good to use the latest version, but one which is older than 6 month?! not good if the features or fixes alot. i think a security solution must be up to date. But the product pfsense and the idea behind it is great. dont misunderstand me.

edanpedragosa

@finalcut:

i made update it work flawless ,, thanks for update

Are you on a 32-bit or 64-bit version?

Caching does not seem to work right now… I only get TCP_MISS....

Can you share us your configuration and settings for squid?

Thank you in advance!

finalcut

64-bit
do you have tcp_swapfail ?

edanpedragosa

No, I don't have TCP_SWAPFAIL_MISS, only TCP_MISS/200. What I'm waiting to see in the logs is the HIT but I don't see TCP_HIT.

edanpedragosa

Now I'm getting a HIT by setting the Minimum object size to 0.

It's just the large downloads that don't get cached.

Hope this will get sorted out again in the next update….

Escorpiom

Perhaps someone can help a confused n00b on PfSense 2.2 Beta…

I have at the moment Squid "3.3.11_1 pkg 2.2.8" installed, that was a dev package from some weeks ago.
But looking at the available packages list, there now is a "beta 3.4.9 pkg 0.1".

To me this seems to be an update, is this correct?
And is it possible to update from 3.3.11 dev to 3.4.9 beta? Should I uninstall the 3.3.11 dev package first?

Cheers.

dig1234

That would be very exciting news but I'm still only seeing  3.3.10 pkg 2.2.8.
I've actually been experimenting with compiling from source on a freebsd 8.3 machine so this would really save me some hassle.

@Escorpiom:

Perhaps someone can help a confused n00b on PfSense 2.2 Beta…

I have at the moment Squid "3.3.11_1 pkg 2.2.8" installed, that was a dev package from some weeks ago.
But looking at the available packages list, there now is a "beta 3.4.9 pkg 0.1".

To me this seems to be an update, is this correct?
And is it possible to update from 3.3.11 dev to 3.4.9 beta? Should I uninstall the 3.3.11 dev package first?

Cheers.

Escorpiom

Probably your not on 2.2 beta. The package wouldn't be compatible.

Cheers.

dig1234

ah indeed you are correct. That makes sense as 2.2 is using FreeBSD 10.1…

Escorpiom

Please can anybody outline the correct procedure and confirm Squid was updated for PfSense 2.2 beta?

Cheers.

longhorn

@edanpedragosa:

Now I'm getting a HIT by setting the Minimum object size to 0.

It's just the large downloads that don't get cached.

Hope this will get sorted out again in the next update….

It could also be how you utilize the proxy. It took me some time to figure out for many applications, Squid's caching function is useless. Unless you have a network where multiple computers hit the exact same content, within a period of time (while the data is still in the cache).

I use pfSense for my home network. Almost nothing is cached. However, I find Squid very useful for logging and filtering Web traffic.

YMMV, but just pointing out that seeing a lot of MISSes reported in Squid's log is most often WAD behavior (Working As Designed)

Topper727

I have it installed in 2.2RC as of 12/30's release.  Does not run.  Starts then stops then starts then stops and if I try to run through transparent I get no data through unless it is application that uses and IP instead of a domain name to get the connection.  Is there a problem with DNS ?I use DNS Resolver the new one they say.. The DNS Fordwarder didn't work for me so I use that now.. But all is well without Squid.

Why it don't stay running and keep restarting ?

2.2-RC (amd64)
built on Tue Dec 30 15:16:19 CST 2014
FreeBSD pfSense.localdomain 10.1-RELEASE-p3 FreeBSD 10.1-RELEASE-p3 #0 8bdb2f8(releng/10.1)-dirty: Tue Dec 30 15:58:58 CST 2014 root@pfsense-22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10 amd64

marcelloc

@Topper727:

Why it don't stay running and keep restarting ?

It looks like current pbi was build with debug options. Once we get the pull request mergerd and pbi build again with all used options, I think we get a 'ready to go' version

Cino

@marcelloc did you update the symbolic links for the install also? I recall I had to create a bunch to get 3.4 to start on a fresh 2.2RC install. I have to check my notes, but I believe I was able to get clamd to run but c-icap wouldn't start up.

marcelloc

Not yet.  I've fixed compile args but we need to wait a new pbi run for squid.

Cino

thanks marcelloc!! Looking forward to it! waiting for a few more other packages to be updated and i'll be ready to switch over to 2.2