Help on how to get a second pfsense box setup as main squid transparent proxy



  • Ive had some help with this on the past from a few users, marcelloc being the main one who assisted alot, i unfortunately havent managed to get it working the way i want, so i am hoping i can get some kinda step by step assistance. What i have and what i want is the following:

    Main pfSense box has squid running in transparent mode.. i am trying to cache as much as possible to save bandwidth.. but the drive on this box is too small.

    Want to build a second pfSense box (virtual actually), with only WAN interface, and have all squid cache, logs and everything that goes along with it running and saving to this box.

    I have tried and gotten nowhere, from past assistence from marcelloc i created the second box and on the first box's squid settings i added this second box's IP into the Upstream proxy.. but from leaving it for a while i wasnt seeing any cache or Lightsquid logs being created on this second box.

    Would also like to transfer all cache and Lightsquid logs from the first box to the second, so i can continue on with the cache and logs even know is a new box.
    Thanks in advance..



  • This might not be the answer that you would like, for security appliances I think the installation should be kept simple. Just get a bigger hard drive or an additional drive mounted on /var/squid. An external USB hard drive could be used and if you don't want to buy one new you can find used drives cheap enough on eBay.



  • Correct, not the needed answer.  What you said to do i have also asked about in the past and was told that adding another hard drive to handle cache was not a good idea.

    What i mentioned needing help on in my original post, was something that was told to me was a good way to do it, so i am going with that.

    Anyone able to assist please?



  • no one knows how to do this?



  • Maybe commercial support can do this


  • Rebel Alliance Developer Netgate

    A few things you need:

    1. External squid proxy must be on a different interface than the users of the proxy
    2. Port forward rule on the LAN interface, set to match from the LAN subnet to any on port 80, redirecting to the squid proxy server

    … actually, that's it. If you have that, it should work.



  • Hey Jimp, thanks for the reply.. as i have everything running on a ESXi server, i can do this just by adding a virtual interface quite easy, so with that, it should work fine then?


  • Rebel Alliance Developer Netgate

    it should, yes, make a new interface, a proxy vm, and a vswitch to connect them (on their own subnet) and then you should be able to make that work.


Locked