Squid Returned to Packages *** PLEASE TEST ***
-
I just tested it, I already had download the snapshot ;) I've been keeping up on my reading. I got it from the above address under updates and pfSense-Full-Update-1.0.1-SNAPSHOT-12-28-2006.tgz. I got the same result (unless the image has been changed within the last 45 min), I'm going to switch back and work with it a little more. Here is what I did so far. I installed the 1.0.1 release, then I uploaded the newest snapshot (12-28), changed my webgui to 443 (https), installed squid from the package manager, turned on transparent mode.
I'll give you an update after I look at it a little more.
You are right on. Then there is some other issue lurking. BTW: Those snapshots rebuild every hour, but no changes have been made. You can check cvstrac for changes, then 45-60 minutes later you will have an updated snapshot that can be tested.
-
Added to the steps in my previous post I added DNS servers to the general settings. The messages I was recieving in prior posts still persists with the stock install with transparent mode running.
-
Ya that is a weird one… I am also now using pfSense 1.0.1-SNAPSHOT-12-28-2006 and squid 2.6.5_1-p6 and yes I am running in transparent mode, but I tried it both ways and it still works for me:
Transparent:
2007/01/05 02:35:33| Loaded Icons.
2007/01/05 02:35:33| Accepting transparently proxied HTTP connections at 127.0.0.1, port 80, FD 12.
2007/01/05 02:35:33| Accepting proxy HTTP connections at 192.168.1.33, port 3128, FD 13.
2007/01/05 02:35:33| WCCP Disabled.
2007/01/05 02:35:33| Ready to serve requests.Transparent off:
2007/01/06 02:40:19| Loaded Icons.
2007/01/06 02:40:19| Accepting proxy HTTP connections at 192.168.1.33, port 3128, FD 12.
2007/01/06 02:40:19| WCCP Disabled.
2007/01/06 02:40:19| Ready to serve requests.Did you use the .iso image to install pfSense from scratch or are you installing it on an existing FreeBSD rig?
-
I have my webgui on HTTPS, and put the proxy port on 80. I have a couple sites on the blacklist and they still come up. When I take it out of transparent proxy and enable proxy in my web browser I can't get to HTTPS websites unless I put them in my whitelist but I still can access sites in my blacklist. 1.0.1-SNAPSHOT-07-01-2007 is what I am running. Is there something that I am missing here or is this just broke still?
-
There have been no changes since p6. That is, I have not had time to troublshoot the acls since then.
-
squid acls is still not working for now so the black list and whitelist should be not working for now. 1 more point on my system the squid start up is still buggy. it starts squid 2 times. and thus wont be able to auto start when pfsense boot. i need to click save on the webgui of pfsense for squid to make it run. i'll try to look into the problem later when i have time
-
Ya that is a weird one… I am also now using pfSense 1.0.1-SNAPSHOT-12-28-2006 and squid 2.6.5_1-p6 and yes I am running in transparent mode, but I tried it both ways and it still works for me:
Transparent:
2007/01/05 02:35:33| Loaded Icons.
2007/01/05 02:35:33| Accepting transparently proxied HTTP connections at 127.0.0.1, port 80, FD 12.
2007/01/05 02:35:33| Accepting proxy HTTP connections at 192.168.1.33, port 3128, FD 13.
2007/01/05 02:35:33| WCCP Disabled.
2007/01/05 02:35:33| Ready to serve requests.Transparent off:
2007/01/06 02:40:19| Loaded Icons.
2007/01/06 02:40:19| Accepting proxy HTTP connections at 192.168.1.33, port 3128, FD 12.
2007/01/06 02:40:19| WCCP Disabled.
2007/01/06 02:40:19| Ready to serve requests.Did you use the .iso image to install pfSense from scratch or are you installing it on an existing FreeBSD rig?
Thanks for the update bender, the install comes from the 1.0.1 release iso. I will work with it more, it sounds like some other people are having a problem with it while others are not. If I find out anything new I'll post an update.
-
Afaik you have to use something newer than 1.0.1 release for squid to work correctly. Please update to a recent snapshot from http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ and test again.
-
My snapshot at the time of the previous posts was 12-28, however bender wanted to know what my base load was from, that being the 1.0.1 release version and then I upgraded to the snapshot via the firmware upgrade…
-
Since the squid.sh is used by the start, stop and restart service I will not remove that one.
What I have done instead is implement a delay in the proxy monitor script to wait 5 seconds after launhing to trigger a squid start or not.
This is reflected as version p7. I have also moved the proxy start script after our attempt to start it.
-
Enter version p8.
This should have working blacklist support.
MAC acls are removed since they do not work with 2.6Please Test.
-
So does Squid not actually work, or is it only partially working. Sorry for the newb question, but I cannot get the service to start at all. Even after a few installs/reinstalls. Here's what my log keeps displaying:
Jan 10 00:56:28 last message repeated 3 times
Jan 10 00:56:23 php: : SQUID is installed but not started. Not installing redirect rules.
Jan 10 00:56:20 check_reload_status: reloading filter
Jan 10 00:56:15 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:15 php: /pkg_mgr_install.php: Starting Squid
Jan 10 00:56:15 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:15 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:14 check_reload_status: reloading filter
Jan 10 00:56:10 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:09 php: /pkg_mgr_install.php: Creating squid cache subdirs in /var/squid/cache
Jan 10 00:56:09 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:09 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:09 php: /pkg_mgr_install.php: Reloading Squid for configuration sync
Jan 10 00:56:08 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:08 Squid_Alarm[1469]: Attempting restart…
Jan 10 00:56:08 Squid_Alarm[1467]: Squid has exited. Reconfiguring filter -
I must have fumbled that.
If you remove entries from unrestricted hosts. Does it work then?
-
I just tested this and it works for me.
Does you command output look anything like this?
# grep unrestricted /usr/local/etc/squid/squid.conf acl unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl" delay_access 1 deny unrestricted_hosts http_access allow unrestricted_hosts # more "/var/squid/acl/unrestricted_hosts.acl" 10.0.8.19 #You have a inputted the the hosts as IP addresses and comma seperated, yes?
-
I just installed the package. Checked tranparent proxy, allow users on interface, and enable logging…
-
If you go to the access control page and click save. Does that work for you?
-
That's what I get after that… Again, I am pretty new with this, so what version do I need to have installed...
Jan 10 01:25:35 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 01:25:20 php: : SQUID is installed but not started. Not installing redirect rules.
Jan 10 01:25:20 php: : SQUID is installed but not started. Not installing redirect rules.
Jan 10 01:25:17 check_reload_status: reloading filter
Jan 10 01:25:16 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 01:25:16 php: /pkg_edit.php: Starting Squid -
Hello,
after entering IPs in the fields unrestricted hosts, whitelist and blacklist squid is working again for me. Leaving the fields empty does not work.
BTW is there a way to use the blacklists from squid guard (http://squidguard.shalla.de/shallalist.html) where the domains are separated by <cr>and not by commas?</cr>
-
Since the squid.sh is used by the start, stop and restart service I will not remove that one.
What I have done instead is implement a delay in the proxy monitor script to wait 5 seconds after launhing to trigger a squid start or not.
This is reflected as version p7. I have also moved the proxy start script after our attempt to start it.
Thanks for the fix, I will test here in the next day or two!
-
Just started testing version p8. Thanks so much for your efforts on this databeestje - this is a huge feature for many of us :-)
First minor thing I noticed, my squid.conf line 17 now unexpectedly reads:
Allow local network(s) on interface(s)
I don't think that belongs there ;-) This same line appears later in squid.conf, but in that case it is properly commented out. No big deal - just wanted to let you know.