Squid Returned to Packages *** PLEASE TEST ***
-
Data: i ended up having to wipe squid completely off including manually deleting the squid config files for it fo finally work. all the settings were correct and enabled as they should have been. guess it was an artifact from a previous version that was interfering. last test was P9 and was blocking what i was telling it too.
I'll try out P10 when i get home tonight.
-
Squid now works with empty fields here - great!
-
coredumps here too
latest snapshot and p10 and only "pid xxxx (squid), uid 0: exited on signal 6 (core dumped)"
pkg uninstalled, used pkg_delete to remove both squid-packages, 'find / -name "squid"' and all deleted and even removed all squid lines from /cf/conf/config.xml but it stays the same.
my pkg_info shows the following:
bsdinstaller-2.0.2006.0728 BSD Installer mega-package cpdup-1.05 A comprehensive filesystem mirroring program lighttpd-1.4.13 A secure, fast, compliant, and very flexible Web Server lua-5.0.2_1 Small, compilable scripting language providing easy access openldap-client-2.3.24 Open source LDAP client implementation openldap-client-2.3.30 Open source LDAP client implementation openntpd-3.7p1,2 OpenBSD's Network Time Protocol daemon pcre-6.7 Perl Compatible Regular Expressions library perl-5.8.8 Practical Extraction and Report Languagewhat packages can safely be removed (dependencies from squid)? maybe there is some old version in there that has to be reinstalled.
-
any plans to get wildcards working? i.e. *.blockeddomain.com would block www.blockeddomain.com and ftp.blockeddomain.com
or is this something outside the scope of what the default squid package can do?
as for testing P10, I cant get it to work except for having all fields have an entry in them. I have to have dummy information in the top 3 fields (using 192.168.255.0/24 block since my network isnt). so as far as i can tell, P10 doesnt fix anything and runs identical to P9
-
I know 'wildcards' worked in p9. I was able to enter google.com in the blacklist and was unable reach any destination at google (i.e. mail.google.com, maps.google.com, etc.) I tried others that I knew had many subdomains and got the same result. That said, true wildcards were not working as they used to. You can not enter an * in the blacklist and only allow the whitelist. Haven't had a chance to try out p10.
As far as ftp goes, I believe Squid is an HTTP proxy only. Things like ftp.host.com (i assume you meant the ftp protocol) would circumvent any sort of blacklisting that was actually working. I too would like something that could block traffic on all protocols (i.e. external proxies, remote desktop, ftp, etc.) but for now I think our only option is Squid or the captive portal (which has other limitations).
-
Then it's not p10 you are running.
I have tested this on 3 different machines, and I have just reinstalled the package from the package screen. And on all of those I see no core dumps and it works with empty fields.
Are you using reinstall xml gui components or reinstall package? Since there are 2 icons to choose from.
I use the former. If you deinstall the package and then install it again that works all the same.
No need to remove packages from the CLI. I have not required it.With regards to the blacklisting I employ a dstdomain match. so .domain.com would match all subdomains of domain.com. So no * is required. we are using dstdom regex matching for the black and whitelist.
Mikhail:
If the general settings page barks at you that you need to configure a setting. CONFIGURE A SETTING.
It's there for a reason and I really don't care that you think that you don't need it. -
If the general settings page barks at you that you need to configure a setting. CONFIGURE A SETTING.
OK, please help me out here.
Which setting is required when the log says:kernel: pid 93017 (squid), uid 0: exited on signal 6 (core dumped)
squid: No port definedThe only port I can imagine is the proxy port and that one is set to 3128.
Transparent mode is disabled currently since squid doesn't start and this would be quite … unproductive ;-)
What else can I do?Thanks for your input!
-
I just installed v.11 - it still does't work… again problems with general settings page :'(
-
And have you put in a log location field?
e.g. /var/squid/log ? -
If the general settings page complains even after providing all required fields I can troubleshoot this.
I have just committed version p13. Warning, the config format for a number of fields has changed. They should be migrated automatically. If they are not, try reinstalling the package again. When I tested this I needed 2 attempts after which it succesfully migrated the fields.
-
and p14 which might actually migrate the config correctly.
-
When i did the upgrade to P10, i selected to reinstall the whole package. it ran at first and had automatically deleted entries in the allowed subnets and whitelist field but was blocking pages i told it too. as soon as i deleted the entries in the other fields that were still dummy information, it stopped working. replacing the data had no effect and it went down hill from there. I'll fully delete and install the latest version tonight to see how it does.
I'll say this, when i can get it to read the config file right, it DOES work though so keep up the good work of sorting out the bugs. This is one of the packages that almost everyone is looking forward to be finalized.
the www. and ftp.blockeddomain.com were just example subdomains that jumped to mind. I wasnt refering to handling FTP traffic thru squid
-
And have you put in a log location field?
e.g. /var/squid/log ?Yes. I am using p14. Now one error exists:You can not run squid on the same port as the webgui.
And
Jan 17 18:48:01 kernel: pid 60080 (squid), uid 0: exited on signal 6 (core dumped)
Jan 17 18:48:01 squid: No port definedin system logs…
-
move your GUI to a different port. that issue has been around for a while and is pretty easily rectified.
-
I have a hunch. If you enable transparent mode, does it still complain then?
Note: if squid is not running, no filter rules will be installed that redirect the traffic.
-
woo woo - nice work databeestje - we are getting there :)
Testing using pfSense 1.0.1-SNAPSHOT-12-28-2006 and squid 2.6.5_1-p14 running in transparent mode - I did a bare metal reinstall of everything just to be sure.
…my squid.conf line 17 now unexpectedly reads:
Allow local network(s) on interface(s)
This is fixed :)
2007/01/11 04:01:44| ACL name 'whitelist' not defined!
FATAL: Bungled squid.conf line 65: http_access allow whitelistThis is fixed :) Blank entries now work in all sections
Blacklists now work nicely - including wildcards such as "google.com" or "ru" (no offence Russia!)
Hooray :)
Whitelists don't work for me, but I think that the fix is an easy one:
The following lines always appear in my squid.conf: (near the bottom)
Allow local network(s) on interface(s)
http_access allow localnet
These lines should be there when there is no whitelist, but I suspect that these lines should be deleted when a whitelist exists? Otherwise this rule seems to allow access to any url, even those that haven't been specified in the whitelist. If I manually comment out this line, then whitelists seem to work perfectly - i.e. users can only browse those sites specified in the whitelist as expected.
Sorry for all the smilies, but /me is happy today ;D
-
Verified. When you do not enable transparent mode it cores …. ::)
-
When you disable "allow traffic from interface" this alias goes away and would then rely on the whitelist.
At least the last time I tested this.
-
no transparent mode core dump fixed
-
Even with 2.6.5_1-p14 I get:
Jan 17 17:05:02 kernel: pid 2146 (squid), uid 0: exited on signal 6 (core dumped)
Jan 17 17:05:02 squid: No port defined
Jan 17 17:04:47 php: : SQUID is installed but not started. Not installing redirect rules.The service is marked as stopped.
My WebGUI port ist HTTPs on 445 and squid is set to 3128. Not likely they interfere.
What else can I watch out for?
