It’s about time to move on with our pfSense tutorial series. This time we will cover: How to install Squid and ClamAV on pfSense.
Squid is a powerful proxy server that helps you keep your network traffic low by caching data locally from web pages you were visiting. For example, if you just visited arstechnica.com and 5 minutes later one of your colleagues visits arstechnica too, he will get the previously cached version of it, hence it’s saving you bandwidth. Of course, if there was anything new released on the web page in the meanwhile he will get that new information directly from the web, but you get the idea.
In this guide, we will install a non-transparent proxy. If you want to install a transparent proxy, just tick Transparent HTTP Proxy and Bypass Proxy for Private Address Destination in the process.
So let’s dive right into the installation.
Step 1: Installing and configuring the Squid Proxy Server
Log in to your pfSense firewall and navigate to System / Package Manager / Available Packages
1 - Enter Squid as a search term 2 - Click on Search 3 - Click on Install next to Squid
That done, Navigate to Services / Squid Proxy Server / General
Just change the values I mention, leave everything else by default.
1 - Select LAN as your Proxy Interface 2 - Tick Allow Users on Interface
Navigate to Services / Squid Proxy Server / Local Cache
Configure the Hard Disk Cache Size to your liking and also according to your available hard drive space. You don’t necessarily want to dedicate 90% of your hard drive space to Squid.
I got a 25GB SSD and dedicated 3000 MB for a start. Start low and if you run full, increase or clear the disk cache once in a while.
For Maximum Object Size, I went with 10 MB but you can leave it on the default 4 MB if you want. The lower this value, the higher the speed, the bigger the value, the more bandwidth you safe.
1 - Increase Hard Disk Cache Size to your liking 2 - Set Maximum Object Size to your liking
Next, we configure the Memory Cache Settings.
This setting can significantly increase your speed, but it should not surpass 50% of your total memory.
I got 8 GB of RAM on my box so I dedicated 2048MB. You can adjust this value accordingly. Shoot for around 25% of your total memory.
1 - Adjust Memory Cache Size
Navigate to Services / Squid Proxy Server / General
1 - Tick Enable Squid Proxy and hit save
Step 2: Create a Firewall rule for your Proxy Server
Now we need to add a quick Firewall Rule to your LAN Network.
Navigate to Firewall / Rules / LAN and click on add.
1 - Inteface: LAN 2 - Source: LAN Net 3 - From Destination 3128 (TCP) 4 - To Destination 3128 (TCP)
Step 3: Setting the Proxy Server on your System
On Windows 10 hit the Windows Button and type: Proxy
Sorry, my locale is German but you should get the point.
Alternatively, you can set the proxy in the browser of your choice only.
1 - Switch on the Manual Proxy 2 - Enter the IP Address of your pfSense box 3 - Enter the port 3128 4 - Check Don't use proxy for local addresses (Intranet)
Step 4: Activating ClamAV
Now we are already at the last step: Activating ClamAV.
Head back to your pfSense Firewall and Navigate to Services / Squid Proxy Server / Antivirus
1 - Tick Enable AV 2 - You can enter a redirect URL of your liking 3 - I enabled Google Safe Browsing, choice is up to you, uses quite some RAM. 4 - Set the ClamAV Database Update Time to a schedule of your liking, I go with 6 hours 5 - Select your Regional ClamAV Database Update Mirror (Important! Slow otherwise!) Hit Save
At last, Navigate to Status / Services and make sure that:
Services are running.
Now you should be all set up. It took a while for me until the proxy was fully working and the internet was quite slow at first, but after a little while, all worked fine.
I experienced this behavior several times before. If you have problems accessing HTTPS sites head to Services / Squid Proxy Server / General and tick: Resolve DNS IPv4 First.
This was just the first article covering Squid. We will play around with it quite a bit in the future so stay tuned for more fishy content 😉
And as always, if this was helpful for you consider getting your hardware from my affiliate links below.
You can get pre-installed pfSense hardware here:
- Firewall Micro Appliance With 4x Gbe Intel Lan Ports for PFSense
- Firewall Micro Appliance with 2x Gbe Intel LAN Ports for PFSense Barebone
- Firewall micro appliance with 4x Gigabit Intel LAN Ports for pfSense with 4GB RAM / 16GB mSATA
- Firewall micro appliance with 2x Gigabit Intel LAN Ports for pfSense with 2GB RAM / 16GB mSATA
I use a PC Engines APU.1D4 Bundle which is only available on the German Amazon, so you have to look how to get it in the US, but I assume the options above are of equal quality.