Squid Returned to Packages *** PLEASE TEST ***
-
Downloading package configuration file… done.
Saving updated package information... done.
Downloading squid and its dependencies... done.
Checking for successful package installation... failed!Installation aborted.
Any suggestions?
-
On boot, the screen freezes on the line "Stopping /usr/local/etc/rc.d/proxy_monitor.sh" I know this was an issue under previous versions as well but never really got resolved. The system boots, the proxy runs, there is just no console.
-
You need to update to the latest testing snapshot…
http://www.pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-14-2006/
-
Running 1.0.1-SNAPSHOT-12-20-2006 and the 2.6.5_1-p2 release of squid and cannot get the blacklist to work at all. there is nothing being output to show an error. Its like its just ignoring the list. also i noticed that I could not get my browser to connect directly to port 3128 when setting it to manually use the proxy until i changed it to a different port.
-
Running 1.0.1-SNAPSHOT-12-20-2006 and the 2.6.5_1-p2 release of squid and cannot get the blacklist to work at all. there is nothing being output to show an error. Its like its just ignoring the list. also i noticed that I could not get my browser to connect directly to port 3128 when setting it to manually use the proxy until i changed it to a different port.
That works good over here, did you dissable the transparent proxy? In transparent proxy the port setting does nothing..
-
yes i did. i turned it off before trying it manually. with it not blacklisting, its next to impossible to tell if the transparent proxy is even doing anything so I wanted to see what was happening when i ran it manually thru the proxy. both ways ignore the blacklist. just providing feedback for the guys working on this port.
-
i have clean 1.0.1-SNAPSHOT-12-20-2006 built on Thu Dec 21 01:44:22 UTC 2006
squid installed (2.6.5_1-p2). status/services/squid start success. and services/proxy server/transparent proxy checked and save clicked:"The following input errors were detected:
* You can not run squid on the same port as the webgui"any suggestions?
-
"NT domain" authentication method doesn't work. Squid dies after several seconds of run :'(
-
Oh.
Any of authentication methods does not work! Squid doesn't show authentication request window, just opens the requested site. -
i have clean 1.0.1-SNAPSHOT-12-20-2006 built on Thu Dec 21 01:44:22 UTC 2006
squid installed (2.6.5_1-p2). status/services/squid start success. and services/proxy server/transparent proxy checked and save clicked:"The following input errors were detected:
* You can not run squid on the same port as the webgui"any suggestions?
i think the redirect rules are gone rong
in earlyer version the redirect rule was ignoring redirects for trafic directed to the interface ip
so then there is no problem with squid and webgui on the same port
dest !lanip dest port 80 redirect to 127.0.0.1 dest port 3128 -
Well, I just installed squid with transparent proxy and got this…...any ideas?
he following input errors were detected:* You must start log location with a / mark
* That is not a valid log location dir
* You can not run squid on the same port as the webgui -
Well, I just installed squid with transparent proxy and got this…...any ideas?
he following input errors were detected:* You must start log location with a / mark
* That is not a valid log location dir
* You can not run squid on the same port as the webguiIn the squid settings the log dir should be defined as something like /var/log/squid
Squid and the lighttpd (gui web server) can not be bound to the same port thus the error. It has nothing to do with the redirect rules.
-
Squid and the lighttpd (gui web server) can not be bound to the same port thus the error. It has nothing to do with the redirect rules.
Well it USED to work just fine without editing the port the WebGUI ran on. Squid is not being bound to port 80. It is being bound by default to 3128 with transparent proxy doing a redirect of all port 80 outbound traffic being forwarded to the squid port. Or at least that is what is supposed to be happening.
-
guys, we didn't add the check for fun.
yes it used to work, but not anymore, there are some changes made to squid.The older versions couldn't handle transparency, later the modified it a bit so that you could setup a nat within squid. so all port 80 request would be redirected to (for example port 3128), but that's no longer, squid can handle directly transparency without the redirection.
But this means it runs like a sort of special webserver, and you can't run 2 services on the same port (ok there are exceptions), so you can't run squid and the webserver on the same port.. -
Squid can be run on any port in transparent mode. In Smoothwall, it runs on port 800. In pfSense, it is set up to run on port 80. The important thing is that the pf redirection and the port squid listens on must be the same. Maybe it is a good idea to have squid on port 3128, and just change the redirect rule in pf accordingly, then this whole issue with the webgui goes away.
my 2c.
Nicki -
I for one am happy to see squid working again, if it means running the webgui on a different port thats fine with me. I run it on https anyway. We should just thank everyone that took the time from it not working to working. So that being said;
Thank you to everyone that helped make squid work again. ;D
-
well squid doesnt crash anymore. I have yet to see any of the ACLs actually work. no matter what i do to the settings, it runs just like as if i didn't have squid installed.
-
Not sure about the acls, something might just be in the wrong order.
When I try windowsupdate with squid in transparent mode it fails to download the updates. When I enter the client IP in the unrestricted hosts field windowsupdate works again. So I am pretty sure there is something marginally worng.
Not suprised that authentication does not work. It was entirely untested.
-
I have an update, again…
I have changed some routing stuff, so that in transparent mode both the webgui and squid can run on port 80.
In normal mode (non transparent) you can't run them on the same port, because in that case the browser sends the packages to pfsense's ip...Ok here the updates...
Delete
if (($post['transparent_proxy'] == 'on')) { $port = 80; } else { $port = trim($post['proxy_port']); }
change
if ($port == $webgui_port) {
in
if (($post['transparent_proxy'] != 'on') && ($port == $webgui_port)) {
then change
$conf .= "http_port {$real_ifaces[$i][0]}"; if (($settings['transparent_proxy'] == 'on')) { $conf .= ":80 transparent\n"; } else { $conf .= ":$port\n"; }
in
if (($settings['transparent_proxy'] == 'on')) { $conf .= "http_port 127.0.0.1:80 transparent\n"; } else { $conf .= "http_port {$real_ifaces[$i][0]}:$port\n"; }
and finally
change$rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> ($iface) port 80\n";
in
$rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";
-
I compiled a complete new squid to be sure it was not an option why the blacklist wouldn't work, but that sisn't help, so I think it's not that squid doesn't support acl, I know it did block the windows update site allready, but I wanted to be sure…