Squid Returned to Packages *** PLEASE TEST ***

xstas

Oh.
Any of authentication methods does not work! Squid doesn't show authentication request window, just opens the requested site.

jeroen234

@ugur:

i have clean 1.0.1-SNAPSHOT-12-20-2006 built on Thu Dec 21 01:44:22 UTC 2006
squid installed (2.6.5_1-p2). status/services/squid start success. and services/proxy server/transparent proxy checked and save clicked:

"The following input errors were detected:
* You can not run squid on the same port as the webgui"

any suggestions?

i think the redirect rules are gone rong
in earlyer version the redirect rule was ignoring redirects for trafic directed to the interface ip
so then there is no problem with squid and webgui on the same port
dest !lanip dest port 80 redirect to 127.0.0.1 dest port 3128

ColdFusion

Well, I just installed squid with transparent proxy and got this…...any ideas?
he following input errors were detected:

* You must start log location with a / mark
* That is not a valid log location dir
* You can not run squid on the same port as the webgui

rsw686

@ColdFusion:

Well, I just installed squid with transparent proxy and got this…...any ideas?
he following input errors were detected:

* You must start log location with a / mark
* That is not a valid log location dir
* You can not run squid on the same port as the webgui

In the squid settings the log dir should be defined as something like /var/log/squid

Squid and the lighttpd (gui web server) can not be bound to the same port thus the error. It has nothing to do with the redirect rules.

AkumaKuruma

@rsw686:

Squid and the lighttpd (gui web server) can not be bound to the same port thus the error. It has nothing to do with the redirect rules.

Well it USED to work just fine without editing the port the WebGUI ran on. Squid is not being bound to port 80. It is being bound by default to 3128 with transparent proxy doing a redirect of all port 80 outbound traffic being forwarded to the squid port. Or at least that is what is supposed to be happening.

Umberto

guys, we didn't add the check for fun.
yes it used to work, but not anymore, there are some changes made to squid.

The older versions couldn't handle transparency, later the modified it a bit so that you could setup a nat within squid. so all port 80 request would be redirected to (for example port 3128), but that's no longer, squid can handle directly transparency without the redirection.
But this means it runs like a sort of special webserver, and you can't run 2 services on the same port (ok there are exceptions), so you can't run squid and the webserver on the same port..

nicki

Squid can be run on any port in transparent mode. In Smoothwall, it runs on port 800. In pfSense, it is set up to run on port 80. The important thing is that the pf redirection and the port squid listens on must be the same. Maybe it is a good idea to have squid on port 3128, and just change the redirect rule in pf accordingly, then this whole issue with the webgui goes away.

my 2c.
Nicki

Brian_Andle

I for one am happy to see squid working again, if it means running the webgui on a different port thats fine with me. I run it on https anyway. We should just thank everyone that took the time from it not working to working. So that being said;

Thank you to everyone that helped make squid work again. ;D

AkumaKuruma

well squid doesnt crash anymore. I have yet to see any of the ACLs actually work. no matter what i do to the settings, it runs just like as if i didn't have squid installed.

databeestje

Not sure about the acls, something might just be in the wrong order.

When I try windowsupdate with squid in transparent mode it fails to download the updates. When I enter the client IP in the unrestricted hosts field windowsupdate works again. So I am pretty sure there is something marginally worng.

Not suprised that authentication does not work. It was entirely untested.

Umberto

I have an update, again…
I have changed some routing stuff, so that in transparent mode both the webgui and squid can run on port 80.
In normal mode (non transparent) you can't run them on the same port, because in that case the browser sends the packages to pfsense's ip...

Ok here the updates...

Delete

	if (($post['transparent_proxy'] == 'on')) {
		$port = 80;
	} else {
		$port = trim($post['proxy_port']);
	}

change

	if ($port == $webgui_port) {

in

        if (($post['transparent_proxy'] != 'on') && ($port == $webgui_port)) {

then change

			$conf .= "http_port {$real_ifaces[$i][0]}";
                        if (($settings['transparent_proxy'] == 'on')) {
                           $conf .= ":80 transparent\n";
                        } else {
		 $conf .= ":$port\n";
	           }

in

                        if (($settings['transparent_proxy'] == 'on')) {
                           $conf .= "http_port 127.0.0.1:80 transparent\n";
                        } else {
                        $conf .= "http_port {$real_ifaces[$i][0]}:$port\n";
                }

and finally
change

			$rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> ($iface) port 80\n";

in

			$rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";

Umberto

I compiled a complete new squid to be sure it was not an option why the blacklist wouldn't work, but that sisn't help, so I think it's not that squid doesn't support acl, I know it did block the windows update site allready, but I wanted to be sure…

databeestje

attaching to 127.0.0.1 seems like a good idea.

I'll change that.

AkumaKuruma

might have to resort to the old Desk-Check method and do a manual trace thru the code to see if the logical flow of commands surrounding the blacklist makes sense. It can be extremely time consuming but it helps to pinpoint where the problems may be.

databeestje

well, put the deny all acl on top and see if that works :-)

sergu61

I upgraded package squid-2.5.14_2 to 2.6.5
Squid began to issue error:

./restart_squid.sh

Restarting Squid whith config
2006/12/22 19:50:54| aclParseAclLine: Invalid ACL type 'snmp_community'
FATAL: Bungled squid.conf line 83: acl snmppublic snmp_community public
Squid Cache (Version 2.6.STABLE5): Terminated abnormally.
Complete

How make on install –enable-snmp ???

Sergu

databeestje

STOP INSTALLING THE PACKAGE FROM THE SHELL/CLI/CONSOLE.

reinstall the package from the webgui. Click System -> Packages -> Installed Packages -> reinstall package Icon.

trendchiller

Hmmm, here with my system it won't install at all…
That's what it tells me:

_Downloading package configuration file… done.
Saving updated package information... done.
Downloading squid and its dependencies... done.
Checking for successful package installation... failed!

Installation aborted._

dvserg

@trendchiller:

Hmmm, here with my system it won't install at all…
That's what it tells me:

_Downloading package configuration file… done.
Saving updated package information... done.
Downloading squid and its dependencies... done.
Checking for successful package installation... failed!

Installation aborted._

May be previous version of squeed don't deinstall correctly?
Check this can in -
Command Prompt: pkg_info

deinstall squid
run pkg_info - squid package exists?
if present need deinstall them: pkg_delete squid-2.5.-next number–

after need install squid package again.

trendchiller

No, it's not that, I already tried…
I also use the latest snapshot 21-12

in which package does the ldap client come along ?
might be that one ?