Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard on 2.2 not blocking was on 2.1

    pfSense Packages
    4
    12
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      velzyboard
      last edited by

      I was able to get squid and squidguard loaded after upgrading to pfsense 2.2.  However, it no longer blocks the categories I set.  I did the  normal procedure I did in 2.1 (configure, hit save and then apply).  I see nothing in my logs either.  This was working to block 2 interfaces (public 10.2.0.0 and private 10.255.0.0 ).

      Any ideas on what might be wrong????

      Thanks!
      Rob

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        No idea, and I have little interest in reading through that massive wall of text.  Any time I have problems with a package like that that's simple to configure, I just remove it and install it again.  I've noticed sometimes that both the Squid and SquidGuard packages need to be installed twice to work right.  Ran into it last night in my home lab.  Had to install SquidGuard and then click the PKG button to reinstall to get it working.

        1 Reply Last reply Reply Quote 0
        • G
          gmorgen1
          last edited by

          I have tried all combinations of squid and squidguard on 2.2 and squidguard never works after rebooting.  After rebooting you must import the blackilists again, then it will work.

          1 Reply Last reply Reply Quote 0
          • A
            Antonio_Grande
            last edited by

            @gmorgen1:

            I have tried all combinations of squid and squidguard on 2.2 and squidguard never works after rebooting.  After rebooting you must import the blackilists again, then it will work.

            How to fix it?

            1 Reply Last reply Reply Quote 0
            • V
              velzyboard
              last edited by

              I reinstall squidguard from the installed packages.  If I don't, here is what happens.  Install squid (see it is running) then I install squidguard, download the blacklist, set  ACLS, hit save, hit save on the first tab then APPLY.  It attempts to start and then brings down squid.  After I reinstall squidguard from the installed packages page, it repairs something in order to get it to run.  As you can see though it isn't blocking though.

              1 Reply Last reply Reply Quote 0
              • V
                velzyboard
                last edited by

                I read the squidguard documentation and it said to test your config via something like

                echo "http://www.playboy.com 10.2.0.1/ - - GET" | /usr/pbi/squidguard-i386/bin/squidGuard -c /usr/pbi/squidguard-i386/etc/squidGuard/squidGuard.conf

                I ran that from the Diagnostic –>  Command Prompt AND ....

                it did block it and I see the block in the log!  However, if I try to hit the same url from my browser it serves it up.

                Any areas I should poke around in?  Thanks everyone.

                rob

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  Which browser?  What mode is Squid running in, standard or transparent?  Is the content cached from a previous page load before the block?  Go to a new site like Penthouse or Hustler and see if it's blocked.

                  1 Reply Last reply Reply Quote 0
                  • V
                    velzyboard
                    last edited by

                    Chrome on any OS
                    Browser(s) Cache cleared
                    Squid running in Transparent
                    Tried penthouse on browser and it let it through
                    Issue Command from pfSense Admin Command Prompt to try penthouse and it blocked it.

                    1 Reply Last reply Reply Quote 0
                    • KOMK
                      KOM
                      last edited by

                      I have to ask the obvious question: do you have your browser set to use the proxy?  Have you blocked ports 80 and 443 on LAN so that clients must use the proxy?

                      1 Reply Last reply Reply Quote 0
                      • V
                        velzyboard
                        last edited by

                        I am glad you are asking the obvious questions!  I looked at the firewall rules (assuming that is the right place) and I don't see any specific rules for 80 or 443.  Maybe the upgrade lost them and it has worked for so long that I forgot about the obvious. If I am using transparent mode then what should I see in the way of rules?

                        Thanks so much for your help.
                        Rob

                        1 Reply Last reply Reply Quote 0
                        • KOMK
                          KOM
                          last edited by

                          All you need is an alias to hold the ports and a single rule on LAN.  Go to Firewall - Aliases - Ports.  Create a new alias and add ports 80 and 443 to it.  Go to Firewall - Rules - LAN.  Add a LAN rule like you see in the screenshot with the red arrow.  Everything should be pretty obvious other than the Destination Port Range.  Set it to (other) and then type & pick your alias in the red box.

                          rule.png
                          rule.png_thumb

                          1 Reply Last reply Reply Quote 0
                          • V
                            velzyboard
                            last edited by

                            If I block port 443 that will cause https to fail right?  If I want to make that work, can you point me to the instructions for making that work i.e. block when needed.

                            Thanks!
                            Rob

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.