Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Does Squid and Squidguard work in PF Sense 2.2.2

    Scheduled Pinned Locked Moved Cache/Proxy
    21 Posts 12 Posters 5.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jdeloach
      last edited by

      I am a novice to using PF Sense.  I used version 2.1.1 at one time and then went back IPCOP.  I've decided to try PF Sense again and installed 2.2.2.

      The problem is I can't get squid and squidguard to run.  I seem to remember at one time there was a file that showed how to configure squid and squidguard to get them to run but I don't see that anymore.  I really would like to use PF Sense but if I can't get these to run, I'm probably going to leave again and never return.

      Just a comment, how the packages associated with PF Sense should be configured seem to be very poorly documented, at least for someone new to this firewall package which I think is a great firewall but you have to be an expert in order to use it.  I think this drives off a lot of folks like myself that would like to use it.

      Any help in getting these packages to run would be appreciated.  There seems to be errors everywhere as to what files and directories should be named when the packages are installed, like should it be "Logs" or "Log" in these packages.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        I really would like to use PF Sense but if I can't get these to run, I'm probably going to leave again and never return.

        Look, people are happy to try and help but honestly, nobody cares if you leave and never come back.

        The problem is I can't get squid and squidguard to run.

        You're looking for assistance, but you can't be bothered in supplying any details about your problem.  Which squid & squidguard, i386, x64, v2, v3?  What have you done, transparent or standard mode?  How does it not work?  D you have any ACLs?  Blacklists?  What error messages, if any, are you receiving?  Anything in the logs?

        Just sitting there saying that it doesn't work and you'll take your ball and go home if nobody helps you won't get you very far.

        1 Reply Last reply Reply Quote 0
        • E
          exograpix
          last edited by

          Hi,

          i agree squid and squidguard documentation is bit sketchy and bit difficult to implement for beginner, but that is applicable to almost all open source firewall. Difficulty level is dependent on what you exactly want to achieve in above two packages. Please give us complete details of your installation, may be we can provide you detailed step for installation.

          You can search and find out basic installation steps in forum only. You have to do bit of exercise to work on these but once done they are very stable.

          1 Reply Last reply Reply Quote 0
          • J
            jdeloach
            last edited by

            Upon further digging it appears that the directory structure has changed with PF 2.2.X so Squid and SquidGuard install scripts need to be customized for each installation.  I don't have the time to experiment with modifying the scripts to get the packages to install on PF 2.2.X since different messages show changing directories to different names depending who is working the installation.

            I'll just stick with version 2.1.2 that works and maybe move to 2.1.5 since version 2.1.X appears to work and is stable from the messages I read on this forum.

            I appreciate the work the developers and others do to support this great program.  I'll try future versions and see if they work but will keep a working version that I can fall back on incase they don't work.

            1 Reply Last reply Reply Quote 0
            • P
              pfcode
              last edited by

              Squid3 never works for me in pfSense 2.2.2, no idea why it is listed on the pfSense 2.2.2 packages (amd64).  Clean install 2.2.2 from Live CD, and clean install Squid3, never works with Transparent HTTP proxy mode turned on.

              EDIT:  its working now. the KEY step: after turning on Transparent HTTP proxy mode, and SAVE. you must restart the Squid service or reboot the machine. then continue to setup others.

              Release: pfSense 2.4.3(amd64)
              M/B: Supermicro A1SRi-2558F
              HDD: Intel X25-M 160G
              RAM: 2x8Gb Kingston ECC ValueRAM
              AP: Netgear R7000 (XWRT), Unifi AC Pro

              1 Reply Last reply Reply Quote 0
              • A
                aGeekhere
                last edited by

                I have squid3 and squidGuard working on pfsenes 2.2.2 (had it working using a transparent proxy, however now i am using a wpad). The major issue that i am finding is google image search. If you navigate to a banned website directly or through a search then the filter works, however if you search in google images and turn off safe search nothing is blocked, Use SafeSearch engine in squidGuard used to work but not anymore (I think we are waiting for e2guardian to fix this).

                The another issue that I find with squidguard is that I must reinstall the block list every time the router restarts in order for squidGuard to start.

                Never Fear, A Geek is Here!

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  I can confirm that squid3 explicit mode works in 2.2.2.  All the people with problems seem to be using transparent mode.

                  1 Reply Last reply Reply Quote 0
                  • A
                    aGeekhere
                    last edited by

                    Hi KOM can you do a test for me, if you go to google images and turn off safe mode does your filter block banned images from showing?

                    Never Fear, A Geek is Here!

                    1 Reply Last reply Reply Quote 0
                    • KOMK
                      KOM
                      last edited by

                      I'll reply when I can.  I just upgraded from 2.1.5 to 2.2.2 this past Friday after hours, and I haven't got squidguard running yet.  That's part of tomorrow's workload.

                      1 Reply Last reply Reply Quote 0
                      • A
                        agismaniax
                        last edited by

                        afaik, squid3's transparent proxy is not working in pfsense 2.2.2 (i386).

                        1 Reply Last reply Reply Quote 0
                        • A
                          aGeekhere
                          last edited by

                          it is/was working for me (amd64) now using wpad

                          Never Fear, A Geek is Here!

                          1 Reply Last reply Reply Quote 0
                          • NetViciousN
                            NetVicious
                            last edited by

                            Squidguard needs SquidGuard-devel package to work with Squid3 on 2.2.2

                            It's working for me in 2.2.2-RELEASE (i386)

                            ..//\/ e t . \/ i c i o u s ..

                            1 Reply Last reply Reply Quote 0
                            • A
                              aGeekhere
                              last edited by

                              hmm, working for me with just using the normal squidGuard (although google images are not being filtered and force safe search does not work).

                              Never Fear, A Geek is Here!

                              1 Reply Last reply Reply Quote 0
                              • KOMK
                                KOM
                                last edited by

                                if you go to google images and turn off safe mode does your filter block banned images from showing?

                                I'm not quite sure.  While I have safesearch enabled, I can still get some juicy images if I try.  I don't know if this is a limitation of safesearch or not since I don't care about it too much.

                                1 Reply Last reply Reply Quote 0
                                • A
                                  aGeekhere
                                  last edited by

                                  Hi KOM, Are you able to get around the squidguard filter by turning off safe search from google and search for "juicy images"? because for me it looks like squidguard is not working for google images.

                                  Never Fear, A Geek is Here!

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    sujyo1
                                    last edited by

                                    squid3's transparent proxy is not working in pfsense 2.2.2 (i386).

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      srk3461
                                      last edited by

                                      @sujyo1:

                                      squid3's transparent proxy is not working in pfsense 2.2.2 (i386).

                                      Need little more details than that…. screenshots, config type and logs(if any).

                                      1 Reply Last reply Reply Quote 0
                                      • F
                                        foresthus
                                        last edited by

                                        @agismaniax:

                                        afaik, squid3's transparent proxy is not working in pfsense 2.2.2 (i386).

                                        That is incorrect.
                                        If you install squid3 (do not enable clamav and c-icap),  …
                                        reboot the machine,
                                        install squidguard,
                                        reboot the machine,
                                        install the blacklist ...
                                        then everything is working. Do not change the port 3128 or it will not work anymore. You can enable transparent mode for http. If the machine ie rebootet, you need to fetch your blacklist again for squidguard.

                                        If you do it ins this way everything is OK. I did not enable "SSL man in the middle Filtering" yet.

                                        ;)

                                        1 Reply Last reply Reply Quote 0
                                        • G
                                          ghachey
                                          last edited by

                                          Hi,

                                          I've got squid3 in transparent mode with SSL interception and squidguard working on pfSense 2.2.2 (amd64). It's even working nicely with the Captive Portal (though I am not using squid's captive portal authentication feature, only CP authentication with RADIUS/LDAP). However, I can't get the "Use SafeSearch engine" to work properly. My observation so far if it can help anyone are:

                                          • Google searches seem to be rewritten with "&safe=active172.16.1.121/–GET" (also working with HTTPS) at the end of the search though this has no effect (can still see juicy stuff). The funny part is if I manually remove "172.16.1.121/--GET" from the search in the URL and press enter the safe option kicks in with this same URL rewritten ("&safe=active172.16.1.121/--GET")
                                          • Bing does not get "adlt=strict" rewritten in the URL at all (HTTP and HTTPS)
                                          • Yandex does not get "adlt=strict" rewritten in the URL
                                          • Live does not get "adlt=strict" rewritten in the URL
                                          • Yahoo does not get "&vm=r&v=1" rewritten in the URL

                                          I tried all combinations of check marking "Use SafeSearch engine" and "Rewrite" condition (just below it) always getting the same result.

                                          I'm using Shallalist blacklist.

                                          My next step was to try deactivating the "Use SafeSearch engine" and try manual Rewrite rules.

                                          1 Reply Last reply Reply Quote 0
                                          • T
                                            technical ownage
                                            last edited by

                                            Hello, sorry to revive an oldish thread.

                                            Any update on this? I'm currently using Squid3 + SquidGuard (not dev) on their latest versions and everything is working properly except forcing safesearch. This is all transparent.

                                            Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.