Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid on a NanoBSD installation of pfSense 2.0.1

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 3 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pvoigt
      last edited by

      I am currently running pfSense 2.0.1 NanoBSD 2G amd64 on a CF card.

      I plan to learn about the possibilities of Squid as we plan to use a web proxy at work. In a first step I am going to use Squid/SquidGuard

      • as (transparent) web proxy
      • for user authentication and logging
      • blacklisting with SquidGuard.
      • reporting

      According to http://doc.pfsense.org/index.php/Installing_packages_on_embedded it should be possible to install Squid and SquidGuard packages on a NanoBSD installation >= 1.2.3RC3.

      Before I am going to install anything I have the hope someone could answer the following questions:

      1.) Can Squid generally work on an embedded installation of pfSense in a proper way? I am having doubts because of the read-only filesystem. How can Squid write cache and logging information on a  NanoBSD installation? And if writing is possible, will the CF card die sooner or later?

      2.) Is it generally a good idea to install Squid on the firewall machine? Would it be better to use a separate server for Squid? I am running a Linux server which could host Squid.

      3.) Which version of Squid should I use? pfSense packages are  versioned 2.7.9 and 3.1.20.

      Thanks in advance
      Peter

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        1.) Yes but only for authentication and URL filtering. Not for cache, logging, or blacklists.
        2.) That's debatable, but if you have other hardware available, a separate proxy is typically better, especially if your firewall is running NanoBSD.
        3.) Squid 2.7.x is the most stable and likely to work.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          pvoigt
          last edited by

          @jimp:

          1.) Yes but only for authentication and URL filtering. Not for cache, logging, or blacklists.
          2.) That's debatable, but if you have other hardware available, a separate proxy is typically better, especially if your firewall is running NanoBSD.
          3.) Squid 2.7.x is the most stable and likely to work.

          Thanks, Jim, for your detailed answers. Due to the restrictions under 1.) I will go with a Squid installation on my Linux server. As its shipped openSUSE 11.4 packages for Squid appear a bit outdated (2.7.STABLE6 and 3.1.23), I will install Squid from source. Does your answer 3.) apply in this case as well or does it refer to the available Squid packages for pfSense only? Latest source release of Squid turns out to be 3.3.2 - I'll grab this one, if not advised in another way.

          Peter

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            My answer to #3 only applies to pfSense. I'm not sure what the recommended version would be on any other OS at the moment.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • P
              pvoigt
              last edited by

              Well, will go with Squid 3.3.2 source distribution. These links mainly helped me to make up my mind:
              http://wiki.squid-cache.org/Squid-2.7
              http://wiki.squid-cache.org/Squid-3.3

              And for all openSUSE fans besides me here's some valuable compiling information - even if slightly off-topic  :):
              http://wiki.squid-cache.org/KnowledgeBase/OpenSUSE

              Peter

              1 Reply Last reply Reply Quote 0
              • F
                freeMox
                last edited by

                Personally, I think the blacklists from Squidblacklist.org are much better than the ones from Shallalist.de that are the default with SquidGuard.  8)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.