SOLVED: pfSense 2.1.3 update broke Dansguardian redirect



  • Good Morning

    Updated to 2.1.3 and Dansguardian broke.  Could no longer get access to the WebGUI, or any other website.  VOIP still worked.  Eventually traced it to the Squid-Dansguardian redirect setup.  Under 2.1.2 and 2.1.1 (the extent of my use), DG listened on the LAN and squid used the loopback for Proxy interface.  Transparent proxy was checked, but never really worked (to my understanding) and so a NAT:Port Forward rule was created:

    If        Proto        Src. addr    Src. ports    Dest. addr    Dest. ports    NAT IP          NAT Ports
    LAN    TCP/UDP    *                *                  *                  80 (HTTP)      192.168.1.1  8080

    Turns out this rule breaks the whole setup under 2.1.3.  After a few hours of pain (I'm admittedly more of a 'script kiddy' than anything else), I finally figured out that squid needs to have the pfSense router address (192.168.1.1, or whatever it is in your setup) added to the 'Bypass proxy for these destination IPs' under the 'General' tab.  Now DG is back to blocking the porn, the redirect is working swimmingly, and I can get on the pfSense box to continue with tweaks and updates.

    I hope this helps someone else.  If not, oh well.  I'm bookmarking this page for my own future reference.


Log in to reply