Troubleshooting Squid and SquidGuard

jjbirdz211

Hi all,

New user to pfsense.  I had pfsense working great with Squid and SquidGuard until I ran the latest 2.2 update. Now it doesn't work at all (though firewall is still routing traffic properly and everything else seems to be working).

I've tried to make it work several ways including:

reloading a clean config using default settings (from the web gui, not a clean reload from scratch from CD)
manually deleting squid cache
manually deleting squid files from command line over ssh
reinstalling packages
using different blacklists
using different allowed IP settings
…and more that I'm not recalling (just trying to keep this short)

Any suggestions besides a clean reload from scratch? I'd like to be on the latest release and have this working if possible. I'd also like to install snort and havp AV after doing this, but I'd like to have this working first. Thanks!

n3by

Hi,

HAVP at this moment is not working on 2.2 and look like will not be ported soon on 2.2, and squid + guard have a lot of problems on 2.2.
for me snort was the only one that worked ok on 2.2 after upgrade… in the end I give up and had to come back to previous stable release; so my advice is to go back to your old stable version before losing to much time because a clean reload from scratch will not help at this moment on 2.2.

jjbirdz211

@n3by:

Hi,

HAVP at this moment is not working on 2.2 and look like will not be ported soon on 2.2, and squid + guard have a lot of problems on 2.2.
for me snort was the only one that worked ok on 2.2 after upgrade… in the end I give up and had to come back to previous stable release; so my advice is to go back to your old stable version before losing to much time because a clean reload from scratch will not help at this moment on 2.2.

I'm actually back on 2.1.5 but still couldn't get squid and squidguard working again. I'm contemplating a reload, I'd rather not do it if I don't have to. This also forcing me to learn more about troubleshooting with pfsense, so if there is a way to fix it that would be great for my personal knowledge!

Cino

squid3 is working fine.. there is an issue with reverse-proxy if you use <1024 port. There is a workaround (and preferred way to do it on the forum using NAT to re-direct 80/443 to a higher port number)

squidguard does have issues but search the forum. i have squid3 and squidguard-dev working with no issues right now.

Steve Evans

Hi Cino,

Are you using Transparent mode? That's the feature I can't get working.

Steve

Cino

I dont use transparent mode in squid but you can setup a NAT redirect.

Here is an example of what I use use dansguardian. The same would apply for squid.. Just make sure that squid is bind to loopback

KIDSNET 	TCP 	* 	* 	* 	80 (HTTP) 	127.0.0.1 	8080 	Dansguardian Transparent Proxy Re-Direct 

KOM

I used to use Squid in Transparent mode but it was such a hassle with HTTPS and certs etc.  Switched it to non-transparent and then reconfigured everything to use WPAD to locate the proxy.  So much easier.

marcelloc

@n3by:

HAVP at this moment is not working on 2.2

This package is not necessary anymore as squid does have a working clamav integration.