pfSense – Setup and configure Squid3 transparent proxy “Updated”
After i updated to Pfsense version 2.2.3 i had to reinstall squid to make it work probably
If you don’t know what a proxy server is, you are properly asking yourself why you should use one, and the last time a proxy server was popular wasn’t it before we got the NAT ?
Well a proxy server there is serving cache to your NAT network is actually pretty damn useful!
let’s for an example say you are on your home network and you have 4-6 users, where everybody is using windows 7, and windows ask you to update your computer.
Without a proxy server everybody has to download the same update from Microsoft, but if you have a proxy server there is caching the data then when the first user on the network is downloading the update then the update is being cached on the proxy server’s harddisk. and then the next time someone is updating windows with the same update then will the update not come directly from Microsoft but from the proxy server’s cache and with much more speed! and you will save tremendous amount of your bandwidth.
And the same way goes with websites when you are surfing around. you could also choose to cache your server to save some performance and load. but in this guide will i guide you through a basic setup of Squid transparent proxy.
I am going to guide you through the installation and basic configuration of Squid3.
it is a good idea to follow the guide 100% at first just to check if Squid i working, and then you can play around with the configuration after we have confirmed squid i working.
First go System tab and then to Packages
Click on the tab Available Packages
Scroll down until you find the package Squid3 and click on the icon with an + in the right side to installConfirm to install Squid3
And then the only thin is to do now is to wait until the installation is finished
It is always a good idea to check if there has been any fails in the installation
Go to the Service tab and find Proxy Server. This is the Squid3 Package we installed.
In most cases you properly want to cache the LAN interface
I’ve had some problems with ICMP and my permissions so in order to get Squid to work i had to disable it.
Scrool down in the General tab until you find Transparent Proxy Settings
Check Transparent HTTP proxy to enablconfigratione the transparent proxy.
I always enable the log options in most of the programs/packages i have installed
Because if there should be a fail or misconfiguration then it is easier to locate.
in order to get Real Time monitor to work you have to enable logging.
Scroll to the top and find Local CacheFind Squid Hard Disk Cache Settings you should set the amount of space you want to use for cached objects. I think 10 Gb. should be fine but i have a lot of space i don’t use so why not use it on cache.
I like to have my cache cleared automatic and if you are choosing to Clear cache on log rotate then it will be cleared automatic if it is filling more than 75% of the Hdd or else every 30 day in my case.
This is the Memory(Ram) we are using to cache.
You shouldn’t use more than 50% of your total installed amount of ram!
I have set Maximum object size in ram to 100 kbs.
In Dynamic and update content leave all blank at first! you can always enable it after you have confirmed Squid is working.
I had a problem that after i enabled transparent proxy my internet became very slow and it wan’t all site i could get access to! it was driving me crazy! like really crazy!
But all i had to do was to reboot the machine so for Christ sake don’t forget to reboot the machine for your own sake and mentally health.
to chech if Squid is working then make sure squid services are running.
You can find it under the Status tab and the in Services.
You can see here i have squid3 Running
If Squid3 is running then try to surf around on the internet for a little while, just visit a couple of sites and then SSH into the pfSense machine and run the command below on the picture. The output comes in Kbs. and if this size of the cache folder is growing when you are using the internet then is should work.
remember to take a look at Real Time monitoring, i have seen a couple of topics around that people have some problems to get it to work, so if it isn’t working the go to the step below.
you can always check the log files under /var/squid/logs/ if you want to be 100% sure!!
You should by now have a Fully functional proxy server running in your pfsense system.
And now is the time where you can have your configuration madness time and try different configurations.
If you want to know more about the tree different types of proxys the visit this site.
I think this is the most detailed and simplified version of the tree different types i ever have seen and i now i can’t do it as good as this article.