Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New PFsense Build + Squid

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 641 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Shank
      last edited by

      Hi all,

      I have just put together a new build of PFsense on an appliance, everything is going well. I have a bunch of vlans on my lan interface trunked to a downstream switch, all inter-vlan traffic is working and the clients that should have internet access do and the ones that shouldn't don't.

      I attempted to install and configure squid, whilst the install has completed successfully and it has been configured as per these instructions; https://docs.netgate.com/pfsense/en/latest/cache-proxy/setup-squid-as-a-transparent-proxy.html.

      Whenever I tail the access log, if I ever see anything (which is rare) I see this; "1571973502.230 0 127.0.0.1 TCP_MISS/200 751 GET cache_object://localhost/active_requests - HIER_NONE/- text/plain".

      Never any hits or reference to a web page, I have tried clearing web browser cache and incognito mode, same result. The cache directory exists and there are subfolders created, the ones i did check had nothing in them.

      Lightsquid shows some bytes and when following through the links, it eventually goes to try and get to http://cache_object//localhost/active_requests and doesn't exist.

      Any help would be greatly appreciated!

      Thanks

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Did you choose your VLANs for proxy interfaces? Squid will only listen on LAN & loopback by default.

        Transparent squid can be a real PITA when using HTTPS, which is practically the entire web these days. Explicit mode with WPAD allows your clients to autodetect the proxy, and it gives you the flexibility as to who goes through it and who can go around it. With explicit mode, you don't need to install certificates on every client that will use the proxy.

        One last thing: squid is terrible at caching the modern web for the most part. I've found that it's only useful these days as the base for squidguard URL filtering.

        S 1 Reply Last reply Reply Quote 0
        • S
          Shank @KOM
          last edited by

          @KOM Thanks for the reply, yup I've put a my interfaces on it.

          Interesting you mention it's not great at modern web, is there anything else that is better ?

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            It's very hard to cache dynamic content. There is no other cache package for pfSense. When I was running as a caching server, my hit rate was never more than 4-7%, which is pretty poor.

            1 Reply Last reply Reply Quote 0
            • S
              Shank
              last edited by

              No worries, may as well remove it then.

              I have noticed after putting pfsense on the sophos xg230, power consumption has actually gone up.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Try enabling powerd in System > Advanced > Misc to get CPU speed scaling etc.

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.