I have a problem getting squid to work, note I'm kind of newby to this stuff…
I want to have a working transparent proxy without authentication
here what I tried:
installed PfSense 2.1.4-RELEASE (amd64)
installed Squid and followed a few guide to configure it ("transparent Proxy" enabled and "Allow users on interface" disabled)
installed Squid-Guard and configured some target category to block a few site to try it.
no firewall rules or other setting applied to the default configuration.
services running, however Squid does not seems to filter any site.
I tried to enable "Allow users on interface" but then I cannot reach any site (blank page).
if I disable Transparent Proxy and set the proxy locally on the PC, Squid blocks everything including PfSense web interface (default redirect page).
I tried to follow a lot of guides and workaround present here and on other sites but we are getting nowhere...
I'll attach squid.conf and squidguard.conf (as txt) for someone willing enough to have a look at it ::)
Get Squid working first before you worry about SquidGuard. For Squid, you need to select both Transparent AND Allow users on interface or nothing will work right.
Which Squid are you using, 2 or 3? Do you need to filter HTTPS traffic?
But if we select both "Transparent AND Allow users on interface" we can't navigate at all (the page cannot be reached).
We are using the package "squid" installed trought pfsense package interface (so i suppose that is version 2 cause it isn't squid3 package) we don't necessary need to filter https.
Is SquidGuard still installed? If so, remove it and test with only Squid and don't worry about SquidGuard until your users can access the web with just Squid installed. Do you have LAN selected as Proxy interface? Are your users on the same subnet as your pfSense router?
Tried that also. Now I've removed squidguard ….testing... and squid doesn't work.
Yes the proxy interface is only LAN, and yes i'm in the same subnet/network (192.168.0.0./24)
Squid doesn't work means: https traffic is ok, works, but all http traffic is blocked by squid and theres no rule for this.
With just Squid installed, how doesn't it work? Timeout? Error?
Could you please show me your screens for Services - Proxy server - General and Services - Proxy server - Access control?
If you use SSH to shell in, check your /var/squid/logs/access.log and cache.log and see if it has any errors or clues.
I also tried to restart the process, but still not work.
here is the screenshot of configuration. No clue in the access log…seems that after uninstall of squidguard not log in access.log :(
Thanks a lot
Sorry, how does it fail again? Timeout or some error message right away?
Why do you use Google DNS for proxy server? Normally you select your forwarders under System - General Setup - DNS Servers. Is there any change if you remove 220.127.116.11 from Use alternate DNS…?
Perhaps your config is somehow corrupted. You can find directions on resetting everything in this post:
We get the message right away.
Thank you for the support.
I'll try to reset on Monday and will let you know…
What message exactly are you getting? It is more helpful if you answer all of the questions you are asked. Why do you use Google DNS as an alternate just for the proxy?
i got this error
pf php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Yeah, looks like something is broken. I would remove Squid and then use the link I gave you to do a cleanup, then try again.
We get "unable to connect to site xxxxxxx".
I set the dsn just to check if this could solve this problem,
thinking that for some reason the proxy needed an ulterior dsn, but it didn't help.
I'll try the procedure you linked before.
OK, now I understand why you were using a separate DNS just for the proxy. As a suggestion, when you try something and it doesn't work, you should revert your change back or else you risk making the problem worse, or starting a new problem that will confuse you, or confusing people who are trying to help you 8)
Squid by itself is mainly used for caching web content, or as a base for SquidGuard, and it has very limited access control. You typically only need to check the Transparent and Allow users on interface boxes and it just works as long as your users are on the same subnet as your pfSense server. A default install of Squid will not block anything, last time I checked.
SquidGuard is the filtering component and it is more complex. Try to get basic Squid working first, and then move on to SquidGuard.
thanks to KOM we managed to get Squid and SquidGuard works!
we followed the steps to remove the proxy and its settings, then reinstalled it.
a minimal configuration and now it works smoothly!
- removed Squid and SquidGuard following the instructions https://forum.pfsense.org/index.php?topic=78521.0
- installed Squid (2.x)
- enable Transparent Proxy and let checked Allow User on Interface
- verified that Squid works adding a site in the blacklist
- installed SquidGuard
- added a blacklist
- started the service
thanks again for your support!
Glad to hear you got it working.