Squid + Squidguard

  • I Installed pFsense version 2.3 with 2 NIC
    1st NIC is connected to WAN 2nd NIC is connected to LAN
    My Internet Connection is everythings works fine without installing packages of squid and squidguard.
    because on the firewall I set LAN to IPv4* * * * * * so that internet connection is allowed.

    My objective is to block some Domain or URL and some regular expression using squid and SquidGuard so i installed it, I configured as Transparent Squid proxy
    here is my steps:
    1. Go to System - Package Manager then select Available Packages search term SQUID and SQUIDGUARD and click install
    2. Services - Squid Proxy Server -Select General TAB

    • Put check Enable Squid Proxy
    • Put check Keep Settings/Data
    • Select LAN and loopback under Proxy Interfaces
      3. Proxy port: 3128!AllowUrl !all
      4. Put check Allow Users on Interface
      5. Put check Transparent HTTP Proxy
      6. Select LAN for Transparent Proxy Interfaces
      7. Put check Enable Access Logging
      Default path: /var/squid/logs
      8. Save

    Select Local Cache TAB
    I only set is hard Disk Cache Size to 3000 then Save

    then I test it in other machine(laptop) transparent proxy is working without setting up of manually squid proxy IP and port 3128 on internet options or even firefox network options
    and i got error message
    Request denied by pfsense proxy: 403 Forbidden after i type www.winamp.com

    Next is Squidguard Configuration

    Services -> SquidGuard Proxy Filter

    Go to Common ACL TAB
    Target Rules !all <–- Default Access [all] Access Deny
    Put check on Do not allow IP-Addresses in URL
    then Save

    then go to General Settings to click Apply

    When i test it I expected to deny my all website except on all https
    i do not understand please guide me.


  • On my LAN Firewall i set to Deny All so no internet connection
    if set to allow my LAN on FIREWALL i can able to access internet but squid or squidguard is useless it cannot block any websites

    ![lan denied.png](/public/imported_attachments/1/lan denied.png)
    ![lan denied.png_thumb](/public/imported_attachments/1/lan denied.png_thumb)

  • The Cache/Proxy forum is the place for this question.