HOWTO: pfSense 1.2.x Traffic Shaping with Squid Transparent Proxy

bailer

I installed 1.2.3 and followed this guide. I noticed that there is 9 entries of 127.0.0.1 in the conf file instead of 3 but by reviewing the code abit I only changed the first 3 entries of 127.0.0.1 to the gateway IP and everything seems to be working fine for me!

splippity

Is this still relevant with 2.0RC1? I assume it is so after every update I make the changes that it tells you to. Thanks

kirlox_kitoy

so what should be the order? install squid package first then traffic shaper or the other way around mess first with traffic shaper and install squid last

kirlox_kitoy

which will be the sequence of installation? do i need to configure first the traffic shaper or install the squid first?

anagh

Is it the same method for pfsense2.0 rc3. there are several instance of 127.0.0.1 in squid.inc among those which i required to change please explain in details alomg with the traffic shaping way

anagh

Waiting for the reply in pfsense2.0 rc3 I have installed squid with lusca with squid guard and in squid.inc there are 10 instances of 127.0.0.1 among those whic i required to change

tacfit

Any comments on whether this works in Pfsense 2.0? It would be great to be shaping and caching on the same box.

hyrol

The easy way Traffic Shaping with Squid Transparent Proxy
Add under Firewall Rules

Action = Pass
Interface= LAN
Source= LAN subnet
Protocol = TCP
Source = LAN
Destination = any
Destination port range = (Squid Proxy port) eg. 3128

Reason http port 80 has moved to the squid proxy port 3128

jigpe

@hyrol - Thanks it works on 1.2.3. Ill test it on 2.1

argyx

@hyrol:

The easy way Traffic Shaping with Squid Transparent Proxy
Add under Firewall Rules

Action = Pass
Interface= LAN
Source= LAN subnet
Protocol = TCP
Source = LAN
Destination = any
Destination port range = (Squid Proxy port) eg. 3128

Reason http port 80 has moved to the squid proxy port 3128

This works for me on 2.0.1 (tested with various speed settings). Also, you will already have this rule in place if you are have a Deny All rule and are using transparent proxy. So, it's a good idea to take advantage of the rule.

ScottNJ

@argyx - This doesn't work, all HTTP traffic is still getting dumped into qlandef, which by default receives 1% bandwidth from the wizard.