Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Troubleshooting Squid and SquidGuard

    pfSense Packages
    6
    8
    1882
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jjbirdz211 last edited by

      Hi all,

      New user to pfsense.  I had pfsense working great with Squid and SquidGuard until I ran the latest 2.2 update. Now it doesn't work at all (though firewall is still routing traffic properly and everything else seems to be working).

      I've tried to make it work several ways including:

      reloading a clean config using default settings (from the web gui, not a clean reload from scratch from CD)
      manually deleting squid cache
      manually deleting squid files from command line over ssh
      reinstalling packages
      using different blacklists
      using different allowed IP settings
      …and more that I'm not recalling (just trying to keep this short)

      Any suggestions besides a clean reload from scratch? I'd like to be on the latest release and have this working if possible. I'd also like to install snort and havp AV after doing this, but I'd like to have this working first. Thanks!

      1 Reply Last reply Reply Quote 0
      • N
        n3by last edited by

        Hi,

        HAVP at this moment is not working on 2.2 and look like will not be ported soon on 2.2, and squid + guard have a lot of problems on 2.2.
        for me snort was the only one that worked ok on 2.2 after upgrade… in the end I give up and had to come back to previous stable release; so my advice is to go back to your old stable version before losing to much time because a clean reload from scratch will not help at this moment on 2.2.

        1 Reply Last reply Reply Quote 0
        • J
          jjbirdz211 last edited by

          @n3by:

          Hi,

          HAVP at this moment is not working on 2.2 and look like will not be ported soon on 2.2, and squid + guard have a lot of problems on 2.2.
          for me snort was the only one that worked ok on 2.2 after upgrade… in the end I give up and had to come back to previous stable release; so my advice is to go back to your old stable version before losing to much time because a clean reload from scratch will not help at this moment on 2.2.

          I'm actually back on 2.1.5 but still couldn't get squid and squidguard working again. I'm contemplating a reload, I'd rather not do it if I don't have to. This also forcing me to learn more about troubleshooting with pfsense, so if there is a way to fix it that would be great for my personal knowledge!

          1 Reply Last reply Reply Quote 0
          • C
            Cino last edited by

            squid3 is working fine.. there is an issue with reverse-proxy if you use <1024 port. There is a workaround (and preferred way to do it on the forum using NAT to re-direct 80/443 to a higher port number)

            squidguard does have issues but search the forum. i have squid3 and squidguard-dev working with no issues right now.

            1 Reply Last reply Reply Quote 0
            • S
              Steve Evans last edited by

              Hi Cino,

              Are you using Transparent mode? That's the feature I can't get working.

              Steve

              1 Reply Last reply Reply Quote 0
              • C
                Cino last edited by

                I dont use transparent mode in squid but you can setup a NAT redirect.

                Here is an example of what I use use dansguardian. The same would apply for squid.. Just make sure that squid is bind to loopback

                
                KIDSNET 	TCP 	* 	* 	* 	80 (HTTP) 	127.0.0.1 	8080 	Dansguardian Transparent Proxy Re-Direct 
                
                
                1 Reply Last reply Reply Quote 0
                • KOM
                  KOM last edited by

                  I used to use Squid in Transparent mode but it was such a hassle with HTTPS and certs etc.  Switched it to non-transparent and then reconfigured everything to use WPAD to locate the proxy.  So much easier.

                  1 Reply Last reply Reply Quote 0
                  • marcelloc
                    marcelloc last edited by

                    @n3by:

                    HAVP at this moment is not working on 2.2

                    This package is not necessary anymore as squid does have a working clamav integration.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense Plus
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy