Configuring the Squid Package as a Transparent HTTP Proxy¶
This recipe describes how to install and configure Squid as a transparent proxy on pfSense® software.
Install the Package¶
First, install the Squid package.
Click System > Package Manager
Click Available Packages
squidin the search bar and click search or scroll down until the squid package listing is visible
Click the install button on the far right
Click Confirm when prompted
Wait for the installer to download, install, and do post-install tasks for squid, such as creating the cache directories.
Configure the Squid Package¶
After the installation has finished, the Squid proxy server may be configured.
Click on the Local Cache tab.
Set options as follows:
- Hard disk cache size (in MB)
Set this as needed, but keep it a reasonable size. 3000 (3GB) may be a good place to start.
- Hard disk cache location
/var/squid/cachebut may be moved if needed
- Memory cache size
The amount of RAM that squid should claim for caching. Use as much as can be spared, as this is much faster than caching to disk. It should not exceed 50% of the installed RAM, however.
- Hard disk cache location
The directory where the cache will be stored. If using a non-default location enter it here.
- Minimum object size
Can be left at 0 to cache everything, but may be raised if small objects are not desired in the cache.
- Maximum object size
Objects larger than this setting will not be saved on disk. If speed is more desirable than saving bandwidth, this should be set to a low value.
- Do Not Cache
Set a list of domains that should never be cached. This may also be left blank.
Click on Services > Squid Proxy Server
Set the options on the General tab as desired.
- Proxy Interface(s)
Select which interface(s) the proxy will listen on. LAN is probably the desired setting.
- Allow users on interface
If this is checked, the subnets for the interfaces selected in the last step will automatically have access. There will be no need to add them on the Access Control tab.
- Transparent Proxy
Check this to have pfSense software automatically redirect outbound HTTP (tcp/80) traffic through the proxy.
- Enabled logging
Check this if logging is needed, be sure to put a path in the following box
- Log Store Directory
/var/squid/logunless another location is absolutely necessary.
- Proxy Port
Leave this as 3128. There is no need to change the port number for the transparent proxy to work.
The remaining settings may be left at their defaults, or changed if desired. It is likely best to leave them alone until the proxy is operational and tested.
Click on the ACLs tab (optional for most)
Enter any other subnets will pass through the proxy aside from the subnet for the interface squid is using.
That’s it! Squid should be up and running. The status of the squid proxy can be checked by clicking Status > Services.
Also available are:
Lightsquid package to view web access reports from the squid log.
squidGuard package for who wish to have more fine-grained control over what web resources may be viewed by clients.