Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Troubleshooting Squid and SquidGuard

    Scheduled Pinned Locked Moved pfSense Packages
    8 Posts 6 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jjbirdz211
      last edited by

      Hi all,

      New user to pfsense.  I had pfsense working great with Squid and SquidGuard until I ran the latest 2.2 update. Now it doesn't work at all (though firewall is still routing traffic properly and everything else seems to be working).

      I've tried to make it work several ways including:

      reloading a clean config using default settings (from the web gui, not a clean reload from scratch from CD)
      manually deleting squid cache
      manually deleting squid files from command line over ssh
      reinstalling packages
      using different blacklists
      using different allowed IP settings
      …and more that I'm not recalling (just trying to keep this short)

      Any suggestions besides a clean reload from scratch? I'd like to be on the latest release and have this working if possible. I'd also like to install snort and havp AV after doing this, but I'd like to have this working first. Thanks!

      1 Reply Last reply Reply Quote 0
      • N
        n3by
        last edited by

        Hi,

        HAVP at this moment is not working on 2.2 and look like will not be ported soon on 2.2, and squid + guard have a lot of problems on 2.2.
        for me snort was the only one that worked ok on 2.2 after upgrade… in the end I give up and had to come back to previous stable release; so my advice is to go back to your old stable version before losing to much time because a clean reload from scratch will not help at this moment on 2.2.

        1 Reply Last reply Reply Quote 0
        • J
          jjbirdz211
          last edited by

          @n3by:

          Hi,

          HAVP at this moment is not working on 2.2 and look like will not be ported soon on 2.2, and squid + guard have a lot of problems on 2.2.
          for me snort was the only one that worked ok on 2.2 after upgrade… in the end I give up and had to come back to previous stable release; so my advice is to go back to your old stable version before losing to much time because a clean reload from scratch will not help at this moment on 2.2.

          I'm actually back on 2.1.5 but still couldn't get squid and squidguard working again. I'm contemplating a reload, I'd rather not do it if I don't have to. This also forcing me to learn more about troubleshooting with pfsense, so if there is a way to fix it that would be great for my personal knowledge!

          1 Reply Last reply Reply Quote 0
          • C
            Cino
            last edited by

            squid3 is working fine.. there is an issue with reverse-proxy if you use <1024 port. There is a workaround (and preferred way to do it on the forum using NAT to re-direct 80/443 to a higher port number)

            squidguard does have issues but search the forum. i have squid3 and squidguard-dev working with no issues right now.

            1 Reply Last reply Reply Quote 0
            • S
              Steve Evans
              last edited by

              Hi Cino,

              Are you using Transparent mode? That's the feature I can't get working.

              Steve

              1 Reply Last reply Reply Quote 0
              • C
                Cino
                last edited by

                I dont use transparent mode in squid but you can setup a NAT redirect.

                Here is an example of what I use use dansguardian. The same would apply for squid.. Just make sure that squid is bind to loopback

                
                KIDSNET 	TCP 	* 	* 	* 	80 (HTTP) 	127.0.0.1 	8080 	Dansguardian Transparent Proxy Re-Direct 
                
                
                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  I used to use Squid in Transparent mode but it was such a hassle with HTTPS and certs etc.  Switched it to non-transparent and then reconfigured everything to use WPAD to locate the proxy.  So much easier.

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    @n3by:

                    HAVP at this moment is not working on 2.2

                    This package is not necessary anymore as squid does have a working clamav integration.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.