Squid is on LAN, I want to pass all http acces to this system…

Guest

I have to do firewall port forward?

interface: wan?

destionation: wan except ip of squid machine and pfsense machine?

port: 80

redirect ip: ip of squid

port: 3128

Guest

More data on squid machine is web server (port 80 and 3128 are also NAT-ed :)

jimp

You need a bit more complicated rule than that.

If you want your LAN clients' http traffic transparently redirected to the squid server, it needs to be more like:

Interface: LAN

NOT <- check that

Source Type: Single Host
Source address: IP of the squid box
Destination: any (Or you could check NOT and put the IP of the firewall there, too, or use an alias containing local/vpn networks)
Destination Port: 80
Redirect target ip: IP of the squid box
Redirect target port: 3128 (or whatever port you have squid listening for transparent connections on)

I think that should work, though generally it is recommended to put the squid box on a separate interface from where the clients are entering, then you don't have to use the source part of that redirect.