4. Firewall optimization change breaks Squid / Squidguard

Firewall optimization change breaks Squid / Squidguard

  • M

    We have about 120 clients that route all web traffic through a pfSense VM, used for content filtering with Squid 2.x and Squidguard. We moved 20 of these clients to Office 365 and pfSense is dropping the SSL connections (when we route around pfsense it works but it's not a permanent fix, had to fudge hosts files to point to a single IP but it could change anytime due to load balancing on the cloud). When we change the firewall optimization mode to Conservative, or better yet, disable firewall packet filtering altogether (better performance), Office starts to work, but SquidGuard breaks and the service won't start (The redirector helpers are crashing too rapidly, need help!).

    Due to the clients being remove VPN sites and the way our routing is setup, we can't easily bypass pfsense for the Office 365 traffic, so we either need to make pfsense work, or we replace it with another product (orders from above). I'd love to stick with pfsense. Help?

    0
  • M

    Actually noticed the error is "The url_rewriter helpers are crashing too rapidly, need help!" if we use Squid 2.x but with Squid 3 it's "The redirector helpers are crashing too rapidly, need help!".

    0

  • If squidGuard is barfing, is there anything in /var/squidGuard/log/squidGuard.log?

    0
  • M

    Nothing for SquidGuard, but getting a lot of "Shared object "libldap-2.4.so.2" not found, required by "squidGuard""

    Found another post you commented on, below:

    https://forum.pfsense.org/index.php?topic=88221.0

    Might be worth trying to clone this setup in 2.1.5 and see if we get the same issues. We're on 2.2.1 in production right now. Will try it tomorrow, see what happens.

    I suppose the short answer I'm looking for is: Do Squid or Squidguard require the pfSense firewall component to be enabled to function? This VM is in a place where the firewall and / or NAT are not needed.

    0
  • M

    Looks like this particular issue is confined to 2.2.2 as it's working fine in 2.2.1 and 2.1.5, so there you have it.

    0
 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy