2 pfsense box - 1 only for squid 3 ( cache and proxy filter ) is possible ?

whitexp · Feb 3, 2016, 2:24 PM

Hi , is possible use 2 pfsense , 1 for dhcp , firewall , nat and others , and dedicated pfsense only for squid ?

and if possible , how ?

thanks

chris4916 · Feb 3, 2016, 10:16 PM

Of course you can achieve it, quite easily BTW but I don't think this is efficient.
What would be the purpose of such design ? TO benefit from GUI while managing Squid & Squidguard ?
Why not instead deploying Squid and Squidguard on bare server and install webmin on top of it if you do need GUI ?

Or there is another goal but I don't get for the time being.

whitexp · Feb 5, 2016, 1:10 PM

i want for modify squid withou break my system ..

weh i said modify squid , i talking about install samba , and other things ..

how i can made this scenario ?

thanks

chris4916 · Feb 6, 2016, 10:44 AM

IMHO, best option would be to deploy Squid + SquidGuard (or DansGuardian) on standalone server acting as true proxy instead of either deploying Squid on pfSense or rely on another pfSense which will not provide firewall features but only graphic user interface for Squid and Squidguard management (assuming I understand well what you explain).

Netizen1 · Mar 3, 2016, 8:20 PM

@whitexp:

Hi , is possible use 2 pfsense , 1 for dhcp , firewall , nat and others , and dedicated pfsense only for squid ?

and if possible , how ?

thanks

I just did this… Installed one pfsense box to act as firewall, vpn server etc. It has 3 interfaces, LAN, WAN, and DMZ. The other pfsense has squid etc, and 2 interfaces LAN + WAN.

The WAN interface of pfsense2 is in the same network as the DMZ interface of pfsense1.

pfsense2 (squid) uses IP address of pfsense1 DMZ interface as default gateway.

I recycled two OptiPlex's that were due to be disposed, but I might eventually move the pfsense running squid to a VM, one of these good days...

chris4916 · Mar 4, 2016, 11:03 AM

@Netizen1:

I just did this… Installed one pfsense box to act as firewall, vpn server etc. It has 3 interfaces, LAN, WAN, and DMZ. The other pfsense has squid etc, and 2 interfaces LAN + WAN.

The WAN interface of pfsense2 is in the same network as the DMZ interface of pfsense1.

In term of feasibility, for sure it works but I would not say this is efficient neither scalable.
It really depends about your needs and requirements.

For relatively small environment, running Squid on pfSense might be acceptable (even if we have endless debate about this in the French section :-X) but as soon as you have some load due to significant amount of HTTP requests, you may face some performance issue that can't be solved if you stay with pfSense "distribution". This is mainly due to the fact that there is, as far as I understand, no way you can customize partitioning and spindles to be used in order to ensure that Squid cache is attached to dedicated spindle(s)
Log and rsyslog aspects is another reason.

Mufasa · Feb 14, 2017, 6:00 PM

@Netizen1:

@whitexp:

Hi , is possible use 2 pfsense , 1 for dhcp , firewall , nat and others , and dedicated pfsense only for squid ?

and if possible , how ?

thanks

I just did this… Installed one pfsense box to act as firewall, vpn server etc. It has 3 interfaces, LAN, WAN, and DMZ. The other pfsense has squid etc, and 2 interfaces LAN + WAN.

The WAN interface of pfsense2 is in the same network as the DMZ interface of pfsense1.

pfsense2 (squid) uses IP address of pfsense1 DMZ interface as default gateway.

I recycled two OptiPlex's that were due to be disposed, but I might eventually move the pfsense running squid to a VM, one of these good days...

Hi i am trying to achieve this on a hyper-V, but cant get them to communicate, can you elaborate on how you got this to work and maybe some advice on how to achieve this with my setup, does your squid pfsense have internet connectivity to allow the install of of squid or did you install it standalone.

I am running AIRVpn on my firewall Pfsense on Hyper-V, and can connect to the internet no problem, but installing squid on here too causes leaks, and i must have squid to block certain sites ect from prying eyes.

This is the tutorial i followed to set up AIRVPN https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/

I would really appreciate any help anyone can give on this, been at it now for days, and am not much further forward, other setups like squid on bare metal are too much of an additional learning curve for me at the minuet, I have spent countless hours trying to get this working.

Thanks in advance.

sichent · Feb 14, 2017, 7:38 PM

Why not to drop a preconfigured virtual appliance with web filter into your network in addition to pfsense? One example is https://www.diladele.com/download_next_version.html
It is much easier.

Mufasa · Feb 14, 2017, 10:14 PM

@sichent:

Why not to drop a preconfigured virtual appliance with web filter into your network in addition to pfsense? One example is https://www.diladele.com/download_next_version.html
It is much easier.

Thank you, I am going to give this one a try, https://sourceforge.net/projects/artica-squid/ something different to look at for the next few days, I think i am still going to have an issue with connecting it to my pfsense hyper-V though, will my pfsense VM still handle the DHCP, then pass the ip's to the proxy and back again, sorry if this is a stupid question i am not very knowledgeable with this stuff.

Thanks.

sichent · Feb 15, 2017, 8:08 AM

Yes, leave DHCP role on your pfSense and let the proxy have static IP.