Dual Lan + Squid + SquidGuard causing trouble

  • LAYER 8

    Hello, I am new to pfsense. I have following setup

    Pfsense 2.2.3 64 bit with dual LAN port and single WAN.

    WAN - dhcp
    LAN1 - 192.168.4.1/24
    LAN2 - 192.168.5.1/24

    Packages : Captive portal, Squid, Squidguard

    I am able to ping cross lan and wan from both the subnets.

    I have enabled captive portal on both the interfaces.
    In squid I have selected both the interface LAN1 & LAN2.

    The problem starts when I enable squidguard. I am unable to browse the net from either of the LAN subnets. My ping works. If I disable squidguard I am able to surf again. I guess I am missing something trival.

    Is it something to do with dns… squidguard unable to resolve or something else. Please help.

    Thank you,
    regards,
    Ashima


  • When you installed and configured squidguard, did you change the Default access action in the Common ACL from Deny to Allow?

  • LAYER 8

    Yes I have set the default settings to allow in SquidGuard.

    I think I have forgotten to set the squid in transparent mode. I'll go to office and check that in case that is the issue.

    Correct me if I am wrong. With Captive portal I guess squid have to run in transparent mode.


  • I have no idea as I've never used Captive Portal.  I know that only the default LAN subnet is added to Squid's ACL so your second subnet would not have proxy access unless you manually added it.

    Do NOT use Transparent mode.  It is completely useless these days.  Instead, use WPAD to allow your clients to auto-detect the proxy and then disable ports 80/443 on LAN.

    WPAD Autoconfigure for Squid

  • LAYER 8

    Thanks for the reply.
    I ahve added both subnet in Squid's Acl

    I'll test the setup with wpad.

    Right now I am running squid in transparent mode. The moment I enable squidGuard my webGui becomes slow and I am unable to surf. Things become normal if I disable it again. Any help ? It's urgent

    Thank you
    regards
    Ashima


  • Hm sounds real strange.

    Could you have a look at the cpu usage when you enable squidguard , at the home screen of pfsense or with the command "top".

    If the usage is high please have a look which task cause the usage.

    You could also have a look at the "integrations" field of the proxy server my default setting after installed squidguard

    url_rewrite_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 16 startup=8 idle=4 concurrency=0
    

  • squidGuard is a helper process that gets spawned by squid on demand.  I can't imagine how it would make the GUI slow as it doesn't really interact with it.  Anything in /var/log/squidguard.log?  Anything in /var/squid/logs/cache.log?


  • @KOM:

    squidGuard is a helper process that gets spawned by squid on demand.  I can't imagine how it would make the GUI slow as it doesn't really interact with it.  Anything in /var/log/squidguard.log?  Anything in /var/squid/logs/cache.log?

    I just could imagine that the helper (with standard config 5 helpers starts at the start of squid) cause a high cpu workload and these let the webui responst "slow",

    and the cause of the high work load could be a miss configuration or failed / or a failed installation.

  • LAYER 8

    Hello,

    My Cpu usage was going quite high 28% earlier it was 1%-3%.

    But my problem seems to be solved now. I did a fresh install in this order :

    Install pfsense 2.2.3 64 bit.
    Install squid
    Install squidguard
    enable captive portal

    I don't know why my previous installation was causing issue. The only difference is

    Earlier I had enable captive portal before installing squid and squidGuard. (I don't know whether that caused the issue ( I doubt)

    Another factor could be I guess when downloading blacklist I think I surfed away in webgui before it could  complete it. This might have resulted it corrupting the db. Can that be the cause.

    Also another reason could be after selecting custom target list or apply changes option  I might have moved to different page on webgui before it could actually do it. As I have observed that it takes couple of seconds to do so. This might have corrupted the config.xml.

    I don't know what might have caused it. If anyone have any pointers, it'll be helpful so that I take extra care from now on.

    Thanks for all the help.

    Next thing I am going to try is run squid in non transparent mode with wpad. I am loving it.

    PS just a small question regarding that can I server wpad file from a windows 7 machine or we need a webserver to do so.

    with warm regards,
    Ashima.


  • My Cpu usage was going quite high 28%

    That's not what I would call high, or at least it doesn't appear to be enough to slow down the WebGUI.

    can I server wpad file from a windows 7 machine or we need a webserver to do so.

    You need some sort of HTTP (not HTTPS) server to serve the wpad.dat/proxy.pac files.  Which OS it lives on is irrelevant.I use pfSense itself for this.  I don't have it running in HTTPS mode (you can't access it at all via WAN) and I just dropped my files in /usr/local/www.