• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

2 pfsense box - 1 only for squid 3 ( cache and proxy filter ) is possible ?

Scheduled Pinned Locked Moved Cache/Proxy
10 Posts 5 Posters 2.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    whitexp
    last edited by Feb 3, 2016, 2:24 PM

    Hi , is possible use 2 pfsense , 1 for dhcp , firewall , nat and others , and dedicated pfsense only for squid ?

    and if possible , how ?

    thanks

    1 Reply Last reply Reply Quote 0
    • C
      chris4916
      last edited by Feb 3, 2016, 10:16 PM

      Of course you can achieve it, quite easily BTW but I don't think this is efficient.
      What would be the purpose of such design ? TO benefit from GUI while managing Squid & Squidguard ?
      Why not instead deploying Squid and Squidguard on bare server and install webmin on top of it if you do need GUI ?

      Or there is another goal but I don't get for the time being.

      Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

      1 Reply Last reply Reply Quote 0
      • W
        whitexp
        last edited by Feb 5, 2016, 1:10 PM

        i want for modify squid withou break my system ..

        weh i said modify squid , i talking about install samba , and other things ..

        how i can made this scenario ?

        thanks

        1 Reply Last reply Reply Quote 0
        • C
          chris4916
          last edited by Feb 6, 2016, 10:44 AM

          IMHO, best option would be to deploy Squid + SquidGuard (or DansGuardian) on standalone server acting as true proxy instead of either deploying Squid on pfSense or rely on another pfSense which will not provide firewall features but only graphic user interface for Squid and Squidguard management (assuming I understand well what you explain).

          Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

          1 Reply Last reply Reply Quote 0
          • N
            Netizen1
            last edited by Mar 3, 2016, 8:20 PM

            @whitexp:

            Hi , is possible use 2 pfsense , 1 for dhcp , firewall , nat and others , and dedicated pfsense only for squid ?

            and if possible , how ?

            thanks

            I just did this… Installed one pfsense box to act as firewall, vpn server etc. It has 3 interfaces, LAN, WAN, and DMZ. The other pfsense has squid etc, and 2 interfaces LAN + WAN.

            The WAN interface of pfsense2 is in the same network as the DMZ interface of pfsense1.

            pfsense2 (squid) uses IP address of pfsense1 DMZ interface as default gateway.

            I recycled two OptiPlex's that were due to be disposed, but I might eventually move the pfsense running squid to a VM, one of these good days...

            1 Reply Last reply Reply Quote 0
            • C
              chris4916
              last edited by Mar 4, 2016, 11:03 AM

              @Netizen1:

              I just did this… Installed one pfsense box to act as firewall, vpn server etc. It has 3 interfaces, LAN, WAN, and DMZ. The other pfsense has squid etc, and 2 interfaces LAN + WAN.

              The WAN interface of pfsense2 is in the same network as the DMZ interface of pfsense1.

              In term of feasibility, for sure it works but I would not say this is efficient neither scalable.
              It really depends about your needs and requirements.

              For relatively small environment, running Squid on pfSense might be acceptable (even if we have endless debate about this in the French section  :-X) but as soon as you have some load due to significant amount of HTTP requests, you may face some performance issue that can't be solved if you stay with pfSense "distribution". This is mainly due to the fact that there is, as far as I understand, no way you can customize partitioning and spindles to be used in order to ensure that Squid cache is attached to dedicated spindle(s)
              Log and rsyslog aspects is another reason.

              Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

              1 Reply Last reply Reply Quote 0
              • M
                Mufasa
                last edited by Feb 14, 2017, 6:00 PM

                @Netizen1:

                @whitexp:

                Hi , is possible use 2 pfsense , 1 for dhcp , firewall , nat and others , and dedicated pfsense only for squid ?

                and if possible , how ?

                thanks

                I just did this… Installed one pfsense box to act as firewall, vpn server etc. It has 3 interfaces, LAN, WAN, and DMZ. The other pfsense has squid etc, and 2 interfaces LAN + WAN.

                The WAN interface of pfsense2 is in the same network as the DMZ interface of pfsense1.

                pfsense2 (squid) uses IP address of pfsense1 DMZ interface as default gateway.

                I recycled two OptiPlex's that were due to be disposed, but I might eventually move the pfsense running squid to a VM, one of these good days...

                Hi i am trying to achieve this on a hyper-V, but cant get them to communicate, can you elaborate on how you got this to work and maybe some advice on how to achieve this with my setup, does your squid pfsense have internet connectivity to allow the install of of squid or did you install it standalone.

                I am running AIRVpn on my firewall Pfsense on Hyper-V, and can connect to the internet no problem, but installing squid on here too causes leaks, and i must have squid to block certain sites ect from prying eyes.

                This is the tutorial i followed to set up AIRVPN https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/

                I would really appreciate any help anyone can give on this, been at it now for days, and am not much further forward, other setups like squid on bare metal are too much of an additional  learning curve for me at the minuet, I have spent countless hours trying to get this working.

                Thanks in advance.

                1 Reply Last reply Reply Quote 0
                • S
                  sichent Banned
                  last edited by Feb 14, 2017, 7:38 PM

                  Why not to drop a preconfigured virtual appliance with web filter into your network in addition to pfsense? One example is https://www.diladele.com/download_next_version.html
                  It is much easier.

                  1 Reply Last reply Reply Quote 0
                  • M
                    Mufasa
                    last edited by Feb 14, 2017, 10:14 PM

                    @sichent:

                    Why not to drop a preconfigured virtual appliance with web filter into your network in addition to pfsense? One example is https://www.diladele.com/download_next_version.html
                    It is much easier.

                    Thank you, I am going to give this one a try, https://sourceforge.net/projects/artica-squid/ something different to look at for the next few days, I think i am still going to have an issue with connecting it to my pfsense hyper-V though, will my pfsense VM still handle the DHCP, then pass the ip's to the proxy and back again, sorry if this is a stupid question i am not very knowledgeable with this stuff.

                    Thanks.

                    1 Reply Last reply Reply Quote 0
                    • S
                      sichent Banned
                      last edited by Feb 15, 2017, 8:08 AM

                      Yes, leave DHCP role on your pfSense and let the proxy have static IP.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received