Problem with squid3 + squidguard on pfsense 2.2.3
-
Hello to all,
since my alix does not work anymore, I tried to install the latest version of pfsense on a VM, no problem.
Then install squid and squidguard and until here everything is right, then the pains begin.What I would like would do is set the filter contained in the transparent proxy.
Anyway I'm having big problems.I started with simple rules, however, things do not work: I tried to block a site very normal: tomshw.it. It is initially locked, and I think "good." Then I swhitch off the filter, but the site continues to be blocked. Pfsense reboot, reboot the pc but nothing, the site is still blocked. Last Resort: I detach myself from pfsense and i use another internet connection to go online. Site is still blcoket :o. I uninstalled and reinstalled squid and squidguard but nothing.
I noticed that the problem affects only the browser on which I tried to connect to that site when it was locked.
I repeated the procedure with other sites and other browser and the problem persists.What am I doing wrong?
Then I tried it with the blacklist: same result.
By the way I tried to block facebook via IP beacause non tpossibile in trasparent way, but nothing, not even with the blacklist.
Definitely I did something wrong, but what?
-
None can help me?
-
i got it working on bare metal. follow the online guides for same, get a free startssl certificate, and create the wpad files so transparent mode works
-
Dear All,
I spend the whole nights awake to find out why this issue is happening.
But Finally I came to the cause root that has a work around solution but not permanent.
The cause root is shown in the system logs with frequent error message keeps logging every second:
a looped back NS message is detected during DAD : HEXADECIMAL … etc.I read about it in google and came to know that this will happen if Duplicate (IPV6) detected.
This is happening because VMWare workstation is configuring the WAN interface within Virtual Machine settings as ( Bridged: Connected directly to the physical network --> Replicate physical network connection state )
Work around solution is to configure this virtual interface to be (NAT: Used to share the host's IP address)
But this is not a solution for me because in my company WAN we have already installed pfSense 2.2.6 hosted as virtual machine in ESXi Server and the NAT option will change the network ID which is not practical for DMZs.
There is a bug in pFsense 2.3 which is related to IPv6 and need to be solved by developers.
and maybe there is relation to post https://forum.pfsense.org/index.php?topic=110380.0;topicseen
I wish I helped you to work around.
-
Update:
At the moment i'm not interested blocking https sites…this will be a problem when everything else will be working.I unistalled pfsense 2.3 and installed an old 2.2.3. Everything is running in VM on VirtualBOx (I'm a home user), but when I'll find a solution I'll move pfsense on a dedicated HW.
After the install of the os, i've installed squid3 and squid guard.
Installed blacklist and tried to block porn sites: It works.
Removed the filter and the site was still blocked.Restarted Squidguard and the became accessible again.
Blocked again the porn sites in the squidguard ma this time the site in still accessible. Restarted squid, squidguard but nothing. Tried to activate proxy in the browser (avoiding trasparent mode) but porn site are still accessibile.What i did wrong?
-
Just a guess: Try clearing Squid's cache?
-
Done, but nothing changed.
Porn sites are accessible even if blocked in squidguard.