Squid Advanced Setup?

  • Hello,

    I am going blind here been trying to find information on how to setup the Proxy using Squid. I need to filter HTTPS traffic and virtually everything and allow only a handful of websites. From what I understand (which :( I am realizing is much less than what I thought I knew) I cannot use Transparent mode.

    I have spent today reading and searching everything I can find on Google and trying to find info on the website here. I admit that my head is a bit crooked right now!

    What I am hoping someone can do is direct me to some good tutorial on how to set up Squid in non transparent mode. I have 3 interfaces…

    WAN - Internet

    LAN - Network

    OPT - not used

    I want to setup the proxy to allow gmail and a handful of white listed websites. If someone could please give me some good links on proxy server info and a tutorial to set up pfsense as a proxy using squid I would appreciate it.

    I would even be willing to write a document for this website if someone wants to point me in the right direction and give me some insight as I go.

    Again forgive me if what I am asking is redundant or overly simple, I am no longer able to think I have so much swimming in my head right now!

    Thank you,

  • To use non transparent proxy, you need to configure client browsers to use squid (firewall lan ip and port 3128)
    If you want, you can use wpad/pac configuration script and use all browsers with auto detect select

    On firewall, create a rule on lan allowing clients to access only squid port.

  • Thank you for your direction!

    I have successfully set up the proxy but now I can only access http traffic and after 3 hours of searching for an answer and reading several posts my mind is locking up again.

    Why can I hit http traffic but when I try gmail it locks up

    I have a lan rule that will allow access to 443 that is set by the auto config and i have tried to set a separate rule which will pass requests from pfsense on port 3128 to wan address on port 443 and I have tried to just set up any lan traffic to port 443 and I still cant access gmail when I am using the proxy. Any Ideas?

    Modification - I can be a bonehead sometimes, I didn't set firefox to use the same proxy settings. All is working, now I will need to figure out WPAD served from another internal server! Thank you for your help.

Log in to reply