Comments on pfSense - Squid + Squidguard / Traffic Shapping Tutorial

When you mentioned "set your proxy port to port number 3128 ( remember this port number as we will need it when we set the firewall rules up)", there are no screenshots added as to what rules should you set in the firewall.

 As for "ACL Safeports and ACL SSLPorts", do we need to add in port 53 for resolving of URL?

Sorry to say this. why don't you start from the beginning how to configure. Include on your tutorials simple Network diagrams + the following list of configurations. Otherwise it is a waste of time reading your tutorials. 1. NIC configuration 2.Pfsense WAN and LAN Config 3. The Firewall Rules 4. Proxy server config. 5. SquidGuard Config. You have said in the beginning " When you mentioned "set your proxy port to port number 3128 ( remember this port number as we will need it when we set the firewall rules up)", there are no screenshots added as to what rules should you set in the firewall." . It seams you don't know the firewall part configurations. Because screen shots are easy to put one your tutorials. It is a matter of copy and paste. I am Sory for my words. I am really looking to solve this problem. But never came with a simple, step by step configuration to configure 1. Pfsense to work just for internet access without proxy and filtering. a. adding a firewall. 2. Pfsense and Proxy only. 3. Add on the above filtering capability (SquidGuard). 4. Testing your configurations. 5. Reporting using Light Squid. I believe the above steps are a fully functional firewall applications only if they are properly configured and tested.

In order to manage PFSense or any other network appliance, one will need a bit of prerequisite knowledge of networking. If you don't have the basics down (such as configuring proxy settings in IE) and you followed a tutorial to setup a full blown PFSense install from scratch - if something breaks then you will be completely lost.

Thank you for this!

Thank you for your nice tutorial. Do you also know how to configure squid as https proxy in non transparent mode?

Pfsense 2.0.1 latest build. Everything working great with Squid, squidguard,and Muli-wan.

Trying to rewrite youtbe.com -> http://youtube.com/?edufilter=zyshXjlHxWvXP-I9x3Wqjg

Should be easy? Not sure I understand rewrite vs. redirect as the best solution.

Added target category youtube
block youtube in ACL
Have rewrite defined
click on apply and also restarted squid and squidguard services

I will keep trying
At one point using redirect only was getting it to redirect but getting a redirect loop in the client browser.

Have not found any step by step how to do a simple redirect.

Any advice is appreciated.

International school in Chiang Mai Thailand

I see this post again because for the first when see then setting required to me.I have a knowledge about PFSense that given below and below link.

Pfsense is a FreeBSD based Open source Firewall Router. Pfsense is basically using as a gateway device (firewall and router). But it can be expandable as many Server services like DNS, DHCP, and Proxy Servers. Here I submit step by step procedure to install a Pfsense based Proxy server.

Proxy Servers

Hi guys,

I am using pfsense on my network and working good but have one problem that sometime pfsense not open sites on one click when we hit 3,4 or 5 times then open.

Any one know what reason and solution plz share with me. Ntop,Squid and squid guard also installed in pfsense.

thanks

you need to mention the transperant proxy option

Working if reboot ?

Any one solved this issue with clickinf 2 or 3 times and the website works?

Hi to Toshky and other people with the same problem. Your problem seem to be that NAT didnt work with your proxy. Im not an expert but i know this problem from an older router (linksys RV082). I blocked all ports from 1024-65535 on my old router because of filesharing in the past (i share 150mbit line with like 50 people in a studens flat).

After i changed to the Pfsense the problem with 2-5 times-hitting-for-full-load was solved. And im sure its the NAT of pfsense. Its portmapping (hope i dont talk wron things now). I used TcpView on Windows to see what ports are opend when i start a browser (Firefox and Chrome). And there are opend random ports e.g. tcp-54875 to tcp-54905 which try to reach port 80 on the destination side. Problem could be that these high ports opend randomly. So i think you problem is that the proxy block the mapping to port 80 on the server side (destination). Hope my post help you, sorry for my lack of english. Greets

I have setup 2.2.4 v. pfsense squid proxy  separate  machine  I set all as you mentioned above but when I restart machine  squid proxy stopped .    this service start when I upload again blacklist url.

I have setup 2.2.4 v. pfsense squid proxy  separate  machine  I set all as you mentioned above but when I restart machine  squid proxy stopped . this service start when I upload again blacklist url. Please help

can i play together Firewall: Rules and Proxy filter SquidGuard ? pls advice.. pls email me..thank you in advance

I can use this proxy server , to serve different server on my lan from the same wan port 80 with hostname based settings?

Hey guys, if anyone on this thread is a pfSense expert I'd like to hire you to help me with a new pfSense instance I want to setup with failover internet, traffic shaping and possibly squid.  If interested I'm available to get electronic messages; shelton a-t dickson resources daught commericial.

Buen día... No prodrian hacer un tutorial con manejo de horarios con el proxy, la verdad he intentado con el  Proxy filter SquidGuard y  no me sale, no tengo activo proxy transparente, he buscado en toda la internet y no encuentro un tutorial completo al respecto. Espero me ayuden, mil gracias.

Hi,

I have installed the pfsense and squidguard and squid proxy.But on my network whats app is not working..Can some one help me to sort this issue.I tried to check the port which is used by whats app 443,5222,52223,52228,4244,5242.

I tried to open the ports on firewall but no sccess.I don't know how to configure the right parameters.

Please help and thanks in advance.

Narendra

Hello everyone!!! I have configured the proxy server. It's all okie but I face some problems. If user don't put the proxy, all user can access the internet through pfsense without blocking any web site. How can I block the user that don't put the proxy at browser? Please send email to me.

Thanks.

What if you want to store pfsense cache to a network attached storage(NAS) or to a shared folder from your network. Is this possible? I need help for that setup.

hi..I have installed Squid and SquidGuard. But its blocking our whole sites. Then i uninstalled these pacakages because its stucking our enviornment. Now as i install again it blocks all. So how can i stop this without stuck.

I set squid proxy on lan. My squid configration has problem and I can not log in pfsense webgui. It said ip not found. Is there any way to access pfsense webgui without resotre pfsense from backup?

i am having problem getting the squidguard to work. i followed all of the steps and when testing the blocked categories. it is still being allowed through. what am i missing? is there other settings that i need to configure before completing these steps?

thank you