Squid3 clean install: no internet access

  • G'evening, the eternal noob is at it again  ;D

    't Doesn't work  :-[

    I wanted to install Squid3-dev because it seems to have integrated antivirus (I'm scared of the cryptolocker crap, I'd like to test the antivirus and perhaps also adding Dansguardian with lists from Yoyo).

    The package installed fine, I set it up as a transparent proxy on LAN-interface, allowed users access to it, even additionally added the LAN subnet as an allowed subnet, added its own DNS-servers, removed them again, restarted Squid, restarted the box itself: the clients on my LAN have no internet access. The weird thing is: even when I put clients in the exception list, so not to go through Squid, they don't have internet access. Only if I disable transparent access, so effectively the clients don't go via Squid, do they have access again.

    I made sure DNS-forwarder is also set for localhost and not just for LAN and VLAN's, restarted the DNS-forwarder: nothing.

    I created a firewall rule to explicitly allow clients access to the interface address on port 3128: nothing.

    I am sure I am doing something wrong, but what? Do I need to set some customer settings at the bottom of the first tab (the ACL field), or another firewall rule, or something with NAT? (The wiki doesn't mention these things, I searched three pages of threads on this fine forum but that also didn't give a clue).

    Would anybody happen to know where to look to solve this problem?

    Thank you very much in advance  ;D

  • Squid3-dev is finicky and I hate it with a passion.  It falls over easily.  I can't get the Transparent HTTPS to work, regardless of how many CA's I give the client.  Now I'm fighting a 'No running copy' error.  The pfSense guys don't support squid3-dev even if you have a support contract, as I found out the hard way.  I'm giving up on squid3 for now.  Check your system log for Squid errors.  Do a netstat -an in pfSense shell and see if anything is listening on port 80.

  • I am also having a similar issue.  Whenever I set the proxy to transparent or force the browser through the proxy, Squid3 blocks all traffic.  I have tried editing all the access lists to add 'http_access allow' for my LAN.

    I know that Squid must be default blocking everything, but can anybody specify where to add the appropriate entries?

  • I think PFSENSE team should give support to [squid3 and snort]

    almost all who use pfsense use squid ,,,

  • I was emailing with JimP about it and their position was that squid3 is still too unstable for production use.  Squid3 is not supported at all, is listed as Experimental in the packages list, and you can do most of what squid3 can do with squid2.

  • I went back to Squid from Squid3. Couldn't get it to work.

    I went for Squid3 in first place because of HAVP integration; however, to make it work, I had to manually edit some configuration (don't remember what that was) which broke HAVP/ClamAV; after those manual changes, the dashboard says things are working, but when I actually ran an EICAR test, it couldn't detect the virus.

  • Thank you all, that clears the confusion ;D

    Perhaps there should be some kind of warning in the Package Installer GUI that it is experimental, so noobs like me can skip it and this post wouldn't have cluttered up the board.

    I noticed there are two squid3's: the normal 'squid3' and the 'squid3-dev'. I take it they both suffer from the same problems?

  • No idea.  Everyone goes for squid3-dev because that's the one that supports transparent HTTPS intercept.

Log in to reply