Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall optimization change breaks Squid / Squidguard

    Scheduled Pinned Locked Moved Cache/Proxy
    5 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mike.birmingham
      last edited by

      We have about 120 clients that route all web traffic through a pfSense VM, used for content filtering with Squid 2.x and Squidguard. We moved 20 of these clients to Office 365 and pfSense is dropping the SSL connections (when we route around pfsense it works but it's not a permanent fix, had to fudge hosts files to point to a single IP but it could change anytime due to load balancing on the cloud). When we change the firewall optimization mode to Conservative, or better yet, disable firewall packet filtering altogether (better performance), Office starts to work, but SquidGuard breaks and the service won't start (The redirector helpers are crashing too rapidly, need help!).

      Due to the clients being remove VPN sites and the way our routing is setup, we can't easily bypass pfsense for the Office 365 traffic, so we either need to make pfsense work, or we replace it with another product (orders from above). I'd love to stick with pfsense. Help?

      1 Reply Last reply Reply Quote 0
      • M
        mike.birmingham
        last edited by

        Actually noticed the error is "The url_rewriter helpers are crashing too rapidly, need help!" if we use Squid 2.x but with Squid 3 it's "The redirector helpers are crashing too rapidly, need help!".

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          If squidGuard is barfing, is there anything in /var/squidGuard/log/squidGuard.log?

          1 Reply Last reply Reply Quote 0
          • M
            mike.birmingham
            last edited by

            Nothing for SquidGuard, but getting a lot of "Shared object "libldap-2.4.so.2" not found, required by "squidGuard""

            Found another post you commented on, below:

            https://forum.pfsense.org/index.php?topic=88221.0

            Might be worth trying to clone this setup in 2.1.5 and see if we get the same issues. We're on 2.2.1 in production right now. Will try it tomorrow, see what happens.

            I suppose the short answer I'm looking for is: Do Squid or Squidguard require the pfSense firewall component to be enabled to function? This VM is in a place where the firewall and / or NAT are not needed.

            1 Reply Last reply Reply Quote 0
            • M
              mike.birmingham
              last edited by

              Looks like this particular issue is confined to 2.2.2 as it's working fine in 2.2.1 and 2.1.5, so there you have it.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.