Does Squid and Squidguard work in PF Sense 2.2.2

  • I am a novice to using PF Sense.  I used version 2.1.1 at one time and then went back IPCOP.  I've decided to try PF Sense again and installed 2.2.2.

    The problem is I can't get squid and squidguard to run.  I seem to remember at one time there was a file that showed how to configure squid and squidguard to get them to run but I don't see that anymore.  I really would like to use PF Sense but if I can't get these to run, I'm probably going to leave again and never return.

    Just a comment, how the packages associated with PF Sense should be configured seem to be very poorly documented, at least for someone new to this firewall package which I think is a great firewall but you have to be an expert in order to use it.  I think this drives off a lot of folks like myself that would like to use it.

    Any help in getting these packages to run would be appreciated.  There seems to be errors everywhere as to what files and directories should be named when the packages are installed, like should it be "Logs" or "Log" in these packages.

  • I really would like to use PF Sense but if I can't get these to run, I'm probably going to leave again and never return.

    Look, people are happy to try and help but honestly, nobody cares if you leave and never come back.

    The problem is I can't get squid and squidguard to run.

    You're looking for assistance, but you can't be bothered in supplying any details about your problem.  Which squid & squidguard, i386, x64, v2, v3?  What have you done, transparent or standard mode?  How does it not work?  D you have any ACLs?  Blacklists?  What error messages, if any, are you receiving?  Anything in the logs?

    Just sitting there saying that it doesn't work and you'll take your ball and go home if nobody helps you won't get you very far.

  • Hi,

    i agree squid and squidguard documentation is bit sketchy and bit difficult to implement for beginner, but that is applicable to almost all open source firewall. Difficulty level is dependent on what you exactly want to achieve in above two packages. Please give us complete details of your installation, may be we can provide you detailed step for installation.

    You can search and find out basic installation steps in forum only. You have to do bit of exercise to work on these but once done they are very stable.

  • Upon further digging it appears that the directory structure has changed with PF 2.2.X so Squid and SquidGuard install scripts need to be customized for each installation.  I don't have the time to experiment with modifying the scripts to get the packages to install on PF 2.2.X since different messages show changing directories to different names depending who is working the installation.

    I'll just stick with version 2.1.2 that works and maybe move to 2.1.5 since version 2.1.X appears to work and is stable from the messages I read on this forum.

    I appreciate the work the developers and others do to support this great program.  I'll try future versions and see if they work but will keep a working version that I can fall back on incase they don't work.

  • Squid3 never works for me in pfSense 2.2.2, no idea why it is listed on the pfSense 2.2.2 packages (amd64).  Clean install 2.2.2 from Live CD, and clean install Squid3, never works with Transparent HTTP proxy mode turned on.

    EDIT:  its working now. the KEY step: after turning on Transparent HTTP proxy mode, and SAVE. you must restart the Squid service or reboot the machine. then continue to setup others.

  • I have squid3 and squidGuard working on pfsenes 2.2.2 (had it working using a transparent proxy, however now i am using a wpad). The major issue that i am finding is google image search. If you navigate to a banned website directly or through a search then the filter works, however if you search in google images and turn off safe search nothing is blocked, Use SafeSearch engine in squidGuard used to work but not anymore (I think we are waiting for e2guardian to fix this).

    The another issue that I find with squidguard is that I must reinstall the block list every time the router restarts in order for squidGuard to start.

  • I can confirm that squid3 explicit mode works in 2.2.2.  All the people with problems seem to be using transparent mode.

  • Hi KOM can you do a test for me, if you go to google images and turn off safe mode does your filter block banned images from showing?

  • I'll reply when I can.  I just upgraded from 2.1.5 to 2.2.2 this past Friday after hours, and I haven't got squidguard running yet.  That's part of tomorrow's workload.

  • afaik, squid3's transparent proxy is not working in pfsense 2.2.2 (i386).

  • it is/was working for me (amd64) now using wpad

  • Squidguard needs SquidGuard-devel package to work with Squid3 on 2.2.2

    It's working for me in 2.2.2-RELEASE (i386)

  • hmm, working for me with just using the normal squidGuard (although google images are not being filtered and force safe search does not work).

  • if you go to google images and turn off safe mode does your filter block banned images from showing?

    I'm not quite sure.  While I have safesearch enabled, I can still get some juicy images if I try.  I don't know if this is a limitation of safesearch or not since I don't care about it too much.

  • Hi KOM, Are you able to get around the squidguard filter by turning off safe search from google and search for "juicy images"? because for me it looks like squidguard is not working for google images.

  • squid3's transparent proxy is not working in pfsense 2.2.2 (i386).

  • @sujyo1:

    squid3's transparent proxy is not working in pfsense 2.2.2 (i386).

    Need little more details than that…. screenshots, config type and logs(if any).

  • @agismaniax:

    afaik, squid3's transparent proxy is not working in pfsense 2.2.2 (i386).

    That is incorrect.
    If you install squid3 (do not enable clamav and c-icap),  …
    reboot the machine,
    install squidguard,
    reboot the machine,
    install the blacklist ...
    then everything is working. Do not change the port 3128 or it will not work anymore. You can enable transparent mode for http. If the machine ie rebootet, you need to fetch your blacklist again for squidguard.

    If you do it ins this way everything is OK. I did not enable "SSL man in the middle Filtering" yet.


  • Hi,

    I've got squid3 in transparent mode with SSL interception and squidguard working on pfSense 2.2.2 (amd64). It's even working nicely with the Captive Portal (though I am not using squid's captive portal authentication feature, only CP authentication with RADIUS/LDAP). However, I can't get the "Use SafeSearch engine" to work properly. My observation so far if it can help anyone are:

    • Google searches seem to be rewritten with "&safe=active172.16.1.121/–GET" (also working with HTTPS) at the end of the search though this has no effect (can still see juicy stuff). The funny part is if I manually remove "" from the search in the URL and press enter the safe option kicks in with this same URL rewritten ("&safe=active172.16.1.121/--GET")
    • Bing does not get "adlt=strict" rewritten in the URL at all (HTTP and HTTPS)
    • Yandex does not get "adlt=strict" rewritten in the URL
    • Live does not get "adlt=strict" rewritten in the URL
    • Yahoo does not get "&vm=r&v=1" rewritten in the URL

    I tried all combinations of check marking "Use SafeSearch engine" and "Rewrite" condition (just below it) always getting the same result.

    I'm using Shallalist blacklist.

    My next step was to try deactivating the "Use SafeSearch engine" and try manual Rewrite rules.

  • Hello, sorry to revive an oldish thread.

    Any update on this? I'm currently using Squid3 + SquidGuard (not dev) on their latest versions and everything is working properly except forcing safesearch. This is all transparent.

  • forcing safesearch is not working for me.

Log in to reply