Like the previous how to guide which is how to install and setup snort in PFsense, we will now be tackling how to install and setup Squid proxy. Now Squid is a known proxy server, and luckily PFsense supports it which would make the installation pretty easy.
It would be really helpful if we could cache the( websites?/ im not sure of the word ) , it would make browsing the net faster, and squid is the perfect plugin for that.
How to Install
So to start off, we login to our PFsense web UI , and navigate to System-> Packages, and click on the Available Packages tab . Look for Squid.
For now let us install only Squid, since Squid3 has a warning that it would conflict with other packages. Click on the Add button and confirm installation.
Next we will install the file manager package because we need to manage the files that squid will be producing and prevent unwanted misallocation of data space. So go back again to the available packages tab and search File Manager
And then Click on the add button, and confirm installation.
Now going back to the dashboard we can see that the disk space usage is in the root file system.
Now go to Diagnostics->File Manager and create a folder ( you could name that folder anything, for this demo we will be using the folder name Cache)
Now remember your folder location ( in this demo it is /cache/). Next is setting up the proxy server, we go to Services->Proxy Server.
First we will setup the proxy interface in the LAN interface, which we created before, and create the proxy as a transparent proxy. We will not enable logging in this demo, but if you would enable it, please be sure to change the location of the logs.
Lastly check the suppress squid version, this would make the squid version invisible to other viewers, and no custom options. We don’t have upstream proxies , but if in the future you would have then you could specify it in the upstream proxy tab .
The Next thing to do is to go setup the cache management.
You could specify the size of the hard disk cache, in this case I left it in 100Mb same as the default setting. Next is Change the Hard disk cache location to the folder that you created earlier using the File management plugin ( in this demo’s case its /cache ), because the default setting of PFsense is located at var, and it would be filled up fast. Next is change the Memory Cache size to 256 and Maximum Object Size to 2048 , and then click on save.
The access control tab lets you configure allowed subnets to enter , whitelist / blacklist sites, restricted IP’s etc, depending on your network’s needs .
Lets block a website, lets use Facebook, from being accessed by someone from the Lan network as an example.
go to the ACL/Access Control Tab and enter the website you want to be blocked in the blacklist text box.
Next is to go to your browser settings and edit the proxy settings, check the use proxy server for your LAN Checkbox and enter the IP address of your LAN interface in PFsense and the port number of your proxy server.
restart your browser and try accessing the blocked website, in this case it is www.facebook.com
Try accessing another website ( for example www.google.com)
Next is the Throttle management.
Here you can specify the min/max download size of the network , Useful for limiting the bandwidth if you have a strict network policy. The next thing you need to do is to specify the proxy of each host in your network to look for your proxy server (PFsense Server).
Now that pretty much sums up the tutorial on how to setup squid as a transparent proxy server, this is a powerful tool to add up in your PFsense setup to increase the level of security and performance of your network .