Squid on a NanoBSD installation of pfSense 2.0.1



  • I am currently running pfSense 2.0.1 NanoBSD 2G amd64 on a CF card.

    I plan to learn about the possibilities of Squid as we plan to use a web proxy at work. In a first step I am going to use Squid/SquidGuard

    • as (transparent) web proxy
    • for user authentication and logging
    • blacklisting with SquidGuard.
    • reporting

    According to http://doc.pfsense.org/index.php/Installing_packages_on_embedded it should be possible to install Squid and SquidGuard packages on a NanoBSD installation >= 1.2.3RC3.

    Before I am going to install anything I have the hope someone could answer the following questions:

    1.) Can Squid generally work on an embedded installation of pfSense in a proper way? I am having doubts because of the read-only filesystem. How can Squid write cache and logging information on a  NanoBSD installation? And if writing is possible, will the CF card die sooner or later?

    2.) Is it generally a good idea to install Squid on the firewall machine? Would it be better to use a separate server for Squid? I am running a Linux server which could host Squid.

    3.) Which version of Squid should I use? pfSense packages are  versioned 2.7.9 and 3.1.20.

    Thanks in advance
    Peter


  • Rebel Alliance Developer Netgate

    1.) Yes but only for authentication and URL filtering. Not for cache, logging, or blacklists.
    2.) That's debatable, but if you have other hardware available, a separate proxy is typically better, especially if your firewall is running NanoBSD.
    3.) Squid 2.7.x is the most stable and likely to work.



  • @jimp:

    1.) Yes but only for authentication and URL filtering. Not for cache, logging, or blacklists.
    2.) That's debatable, but if you have other hardware available, a separate proxy is typically better, especially if your firewall is running NanoBSD.
    3.) Squid 2.7.x is the most stable and likely to work.

    Thanks, Jim, for your detailed answers. Due to the restrictions under 1.) I will go with a Squid installation on my Linux server. As its shipped openSUSE 11.4 packages for Squid appear a bit outdated (2.7.STABLE6 and 3.1.23), I will install Squid from source. Does your answer 3.) apply in this case as well or does it refer to the available Squid packages for pfSense only? Latest source release of Squid turns out to be 3.3.2 - I'll grab this one, if not advised in another way.

    Peter


  • Rebel Alliance Developer Netgate

    My answer to #3 only applies to pfSense. I'm not sure what the recommended version would be on any other OS at the moment.



  • Well, will go with Squid 3.3.2 source distribution. These links mainly helped me to make up my mind:
    http://wiki.squid-cache.org/Squid-2.7
    http://wiki.squid-cache.org/Squid-3.3

    And for all openSUSE fans besides me here's some valuable compiling information - even if slightly off-topic  :):
    http://wiki.squid-cache.org/KnowledgeBase/OpenSUSE

    Peter



  • Personally, I think the blacklists from Squidblacklist.org are much better than the ones from Shallalist.de that are the default with SquidGuard.  8)


Log in to reply