Squid Returned to Packages *** PLEASE TEST ***
-
Could the dual instances of Squid be killing the ACLs? Are the ACLs up and running on one instance but all traffic is being routed through the other?
-
I just performed a upgrade to the latest code and after a reboot there are no errors and start properly. At least with the current -p6 version.
-
I'll test it and let you know
-
I just performed a upgrade to the latest code and after a reboot there are no errors and start properly. At least with the current -p6 version.
What version of pfSense are you using? I'd like to try this too. I tried a clean install of the 12-23 build, but those errors I posted were from that. Also, have you tried transparent mode?
-
I'm using Pfsense 1.0.1-SNAPSHOT-12-23-2006, and your updated squid 2.6.5_1-p6. I am using transparent mode with access log enabled.
on a clean boot this is the error I get in the system logs:
Jan 4 09:05:43 php: : Starting Squid
Jan 4 09:05:43 squid[658]: Squid Parent: child process 662 started
Jan 4 09:05:43 squid[657]: Squid Parent: child process 660 started
Jan 4 09:05:43 check_reload_status: check_reload_status is starting
Jan 4 09:05:44 check_reload_status: check_reload_status is starting
Jan 4 09:05:44 (squid): Cannot open HTTP Port
Jan 4 09:05:44 kernel: pid 660 (squid), uid 62: exited on signal 6
Jan 4 09:05:44 squid[657]: Squid Parent: child process 660 exited due to signal 6
Jan 4 09:05:47 squid[657]: Squid Parent: child process 702 started
Jan 4 09:05:47 squid[657]: Squid Parent: child process 702 exited with status 1
Jan 4 09:05:50 squid[657]: Squid Parent: child process 706 started
Jan 4 09:05:50 squid[657]: Squid Parent: child process 706 exited with status 1
Jan 4 09:05:53 squid[657]: Squid Parent: child process 708 started
Jan 4 09:05:53 squid[657]: Squid Parent: child process 708 exited with status 1
Jan 4 09:05:56 squid[657]: Squid Parent: child process 712 started
Jan 4 09:05:56 squid[657]: Squid Parent: child process 712 exited with status 1
Jan 4 09:05:56 squid[657]: Exiting due to repeated, frequent failuresIn cache.log I am getting:
2007/01/04 09:05:43| Starting Squid Cache version 2.6.STABLE5 for i386-portbld-freebsd6.1…
2007/01/04 09:05:43| Process ID 662
2007/01/04 09:05:43| With 7232 file descriptors available
2007/01/04 09:05:43| Using kqueue for the IO loop
2007/01/04 09:05:43| Starting Squid Cache version 2.6.STABLE5 for i386-portbld-freebsd6.1...
2007/01/04 09:05:43| Process ID 660
2007/01/04 09:05:43| With 7232 file descriptors available
2007/01/04 09:05:43| Using kqueue for the IO loop
2007/01/04 09:05:43| DNS Socket created at 0.0.0.0, port 61421, FD 10
2007/01/04 09:05:43| Adding nameserver xxx.xxx.xxx.xxx from /etc/resolv.conf
2007/01/04 09:05:43| Adding nameserver xxx.xxx.xxx.xxx from /etc/resolv.conf
2007/01/04 09:05:43| DNS Socket created at 0.0.0.0, port 61798, FD 5
2007/01/04 09:05:43| Adding nameserver xxx.xxx.xxx.xxx from /etc/resolv.conf
2007/01/04 09:05:43| Adding nameserver xxx.xxx.xxx.xxx from /etc/resolv.conf
2007/01/04 09:05:43| Unlinkd pipe opened on FD 10
2007/01/04 09:05:43| Unlinkd pipe opened on FD 15
2007/01/04 09:05:43| Swap maxSize 256000 KB, estimated 1575384 objects
2007/01/04 09:05:43| Target number of buckets: 78769
2007/01/04 09:05:43| Using 131072 Store buckets
2007/01/04 09:05:43| Max Mem size: 16384 KB
2007/01/04 09:05:43| Max Swap size: 256000 KB
2007/01/04 09:05:43| Store logging disabled
2007/01/04 09:05:43| Swap maxSize 256000 KB, estimated 1575384 objects
2007/01/04 09:05:43| Target number of buckets: 78769
2007/01/04 09:05:43| Using 131072 Store buckets
2007/01/04 09:05:43| Max Mem size: 16384 KB
2007/01/04 09:05:43| Max Swap size: 256000 KB
2007/01/04 09:05:43| Store logging disabled
2007/01/04 09:05:43| Rebuilding storage in /var/squid/cache (CLEAN)
2007/01/04 09:05:43| Rebuilding storage in /var/squid/cache (DIRTY)
2007/01/04 09:05:43| Using Least Load store dir selection
2007/01/04 09:05:43| Current Directory is /var/run
2007/01/04 09:05:43| Using Least Load store dir selection
2007/01/04 09:05:43| Current Directory is /etc
2007/01/04 09:05:43| Loaded Icons.
2007/01/04 09:05:44| Accepting transparently proxied HTTP connections at 127.0.0.1, port 80, FD 12.
2007/01/04 09:05:44| Accepting proxy HTTP connections at 192.168.104.1, port 3128, FD 13.
2007/01/04 09:05:44| WCCP Disabled.
2007/01/04 09:05:44| Ready to serve requests.
2007/01/04 09:05:43| Loaded Icons.
2007/01/04 09:05:44| commBind: Cannot bind socket FD 17 to 127.0.0.1:80: (48) Address already in use
2007/01/04 09:05:44| commBind: Cannot bind socket FD 17 to 192.168.104.1:3128: (48) Address already in use
FATAL: Cannot open HTTP Port
Squid Cache (Version 2.6.STABLE5): Terminated abnormally.
CPU Usage: 0.059 seconds = 0.016 user + 0.043 sys
Maximum Resident Size: 7964 KB
Page faults with physical i/o: 4
2007/01/04 09:05:44| Done reading /var/squid/cache swaplog (63 entries)
2007/01/04 09:05:44| Finished rebuilding storage from disk.
2007/01/04 09:05:44| 63 Entries scanned
2007/01/04 09:05:44| 0 Invalid entries.
2007/01/04 09:05:44| 0 With invalid flags.
2007/01/04 09:05:44| 63 Objects loaded.
2007/01/04 09:05:44| 0 Objects expired.
2007/01/04 09:05:44| 0 Objects cancelled.
2007/01/04 09:05:44| 0 Duplicate URLs purged.
2007/01/04 09:05:44| 0 Swapfile clashes avoided.
2007/01/04 09:05:44| Took 0.9 seconds ( 67.9 objects/sec).
2007/01/04 09:05:44| Beginning Validation Procedure
2007/01/04 09:05:44| Completed Validation Procedure
2007/01/04 09:05:44| Validated 63 Entries
2007/01/04 09:05:44| store_swap_size = 152k
2007/01/04 09:05:44| storeLateRelease: released 0 objectsIt seems strange to me that PHP thinks its starting squid when no other package does that, it looks like it still gets executed that way and in the rc.d? I'm thinking that the bind error and the one that stalls out is the second one being started, because after all those error messages under status > services squid is still running and a ps -U proxy reveals:
662 ?? S 0:01.49 (squid) -D (squid)
Still looking into how to fix it on my end, any help is appreciated though
Update:
After changing squid.sh to squid in the rc.d so it doesn't startup on boot I get this in the systme logs:php: : Starting Squid
Jan 4 09:36:24 check_reload_status: check_reload_status is starting
Jan 4 09:36:24 check_reload_status: reloading filter
Jan 4 09:36:25 squid[664]: Squid Parent: child process 669 started
Jan 4 09:36:25 check_reload_status: check_reload_status is starting
Jan 4 09:36:26 login: login on ttyv0 as rootclean start
-
Jan 4 09:05:44 (squid): Cannot open HTTP Port
Jan 4 09:05:44 kernel: pid 660 (squid), uid 62: exitewebConfigurator running on port 80?
-
I am testing pfSense 1.0.1-SNAPSHOT-12-28-2006 and squid 2.6.5_1-p6
Everything seemed to be working fine until I tried adding some access control lists ;) I tried entering a mac address in the "Unrestricted MAC Addresses" text box.
Now when I enter: /usr/local/sbin/squid status
at a shell prompt, I get:2007/01/04 20:50:37| aclParseAclLine: Invalid ACL type 'arp'
FATAL: Bungled squid.conf line 40: acl unrestricted_macs arp "/var/squid/acl/unrestricted_macs.acl"
Squid Cache (Version 2.6.STABLE5): Terminated abnormally.I believe that this error would occur when the configuration parameter: –enable-arp-acl
was not included when squid was compiled.I haven't had a chance to dig through the php code yet to see if or where this might be missing but wanted to know if maybe I have missed something obvious before I do.
Thanks.
-
To Sullrich:
Webconfigurator is running on an off-port right around 38000
-
To Sullrich:
Webconfigurator is running on an off-port right around 38000
Strange. Then I am not sure why it is giving that error. Another squid guru would have to chime in.
-
well after the rc.d file is removed, squid still starts, and the errors for the most part disappear, I think its because it starts once, then it tries to start again, but it can't bind because those ports are already in use by the previous instance of squid.
-
Did you install squid from the command line, or did you use pfSense's package manager (latest version)? I didn't encounter the problem that you are seeing even when using the same versions. Have you tried resinstalling everything from scratch? As long as you save your config first, maybe that would be the fastest way to resolve your issue?
-
The rc.d problem was fixed in a recent snapshot. Make sure your running something recent.
-
The last attempt for me was on 1.0.1-SNAPSHOT-12-28-2006, latest squid package availble on the package manager. I will try a scratch install again though and see if that fixes it.
Did you install squid from the command line, or did you use pfSense's package manager (latest version)? I didn't encounter the problem that you are seeing even when using the same versions. Have you tried resinstalling everything from scratch? As long as you save your config first, maybe that would be the fastest way to resolve your issue?
Are you running squid in transparent mode?
-
Install a version from http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ to test with.
-
I just tested it, I already had download the snapshot ;) I've been keeping up on my reading. I got it from the above address under updates and pfSense-Full-Update-1.0.1-SNAPSHOT-12-28-2006.tgz. I got the same result (unless the image has been changed within the last 45 min), I'm going to switch back and work with it a little more. Here is what I did so far. I installed the 1.0.1 release, then I uploaded the newest snapshot (12-28), changed my webgui to 443 (https), installed squid from the package manager, turned on transparent mode.
I'll give you an update after I look at it a little more.
-
I just tested it, I already had download the snapshot ;) I've been keeping up on my reading. I got it from the above address under updates and pfSense-Full-Update-1.0.1-SNAPSHOT-12-28-2006.tgz. I got the same result (unless the image has been changed within the last 45 min), I'm going to switch back and work with it a little more. Here is what I did so far. I installed the 1.0.1 release, then I uploaded the newest snapshot (12-28), changed my webgui to 443 (https), installed squid from the package manager, turned on transparent mode.
I'll give you an update after I look at it a little more.
You are right on. Then there is some other issue lurking. BTW: Those snapshots rebuild every hour, but no changes have been made. You can check cvstrac for changes, then 45-60 minutes later you will have an updated snapshot that can be tested.
-
Added to the steps in my previous post I added DNS servers to the general settings. The messages I was recieving in prior posts still persists with the stock install with transparent mode running.
-
Ya that is a weird one… I am also now using pfSense 1.0.1-SNAPSHOT-12-28-2006 and squid 2.6.5_1-p6 and yes I am running in transparent mode, but I tried it both ways and it still works for me:
Transparent:
2007/01/05 02:35:33| Loaded Icons.
2007/01/05 02:35:33| Accepting transparently proxied HTTP connections at 127.0.0.1, port 80, FD 12.
2007/01/05 02:35:33| Accepting proxy HTTP connections at 192.168.1.33, port 3128, FD 13.
2007/01/05 02:35:33| WCCP Disabled.
2007/01/05 02:35:33| Ready to serve requests.Transparent off:
2007/01/06 02:40:19| Loaded Icons.
2007/01/06 02:40:19| Accepting proxy HTTP connections at 192.168.1.33, port 3128, FD 12.
2007/01/06 02:40:19| WCCP Disabled.
2007/01/06 02:40:19| Ready to serve requests.Did you use the .iso image to install pfSense from scratch or are you installing it on an existing FreeBSD rig?
-
I have my webgui on HTTPS, and put the proxy port on 80. I have a couple sites on the blacklist and they still come up. When I take it out of transparent proxy and enable proxy in my web browser I can't get to HTTPS websites unless I put them in my whitelist but I still can access sites in my blacklist. 1.0.1-SNAPSHOT-07-01-2007 is what I am running. Is there something that I am missing here or is this just broke still?
-
There have been no changes since p6. That is, I have not had time to troublshoot the acls since then.