SOLVED: pfSense 2.1.3 update broke Dansguardian redirect
brake16 last edited by
Updated to 2.1.3 and Dansguardian broke. Could no longer get access to the WebGUI, or any other website. VOIP still worked. Eventually traced it to the Squid-Dansguardian redirect setup. Under 2.1.2 and 2.1.1 (the extent of my use), DG listened on the LAN and squid used the loopback for Proxy interface. Transparent proxy was checked, but never really worked (to my understanding) and so a NAT:Port Forward rule was created:
If Proto Src. addr Src. ports Dest. addr Dest. ports NAT IP NAT Ports
LAN TCP/UDP * * * 80 (HTTP) 192.168.1.1 8080
Turns out this rule breaks the whole setup under 2.1.3. After a few hours of pain (I'm admittedly more of a 'script kiddy' than anything else), I finally figured out that squid needs to have the pfSense router address (192.168.1.1, or whatever it is in your setup) added to the 'Bypass proxy for these destination IPs' under the 'General' tab. Now DG is back to blocking the porn, the redirect is working swimmingly, and I can get on the pfSense box to continue with tweaks and updates.
I hope this helps someone else. If not, oh well. I'm bookmarking this page for my own future reference.