SquidGuard doesn't start on restart
-
Hi to all,
i got a strange problem! When i restart the machine squidguard doesn't filter anything! The much stranger thing is that if i click on APPLY and after on SAVE all start to works perfectly.
I've installed pfsense 1.2.2, my configuration is the following:
- WebGUI over HTTPS
- FreeRadius
- Captive Portal with FreeRadius (configured as client with own shared secret)
- Squid as Trasparent Proxy
- SquidGuard with blacklists
After the configuration all worked perfetcly! After restart … squidguard doesn't filter anymore.
Looking to squid configuration file doesn't show anything of strange
# Custom options redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf redirector_bypass on redirect_children 3
These are the standard redirect options for squidguard
Looking to processes, using ps, shows that squidguard is correctly started and logs doesn't shows anything.
The strangest thing is that if i go on squidguard page and press before APPLY and after SAVE all start to work correctly
Do you have any idea?
-
After a lot of retries i got it working on restart too, but i really didn't understand why it doesn't work on restart
However i put all not working stuff on a virtual machine (vmware) if someone wants i can do some other test or check logs
-
After a lot of retries i got it working on restart too, but i really didn't understand why it doesn't work on restart
However i put all not working stuff on a virtual machine (vmware) if someone wants i can do some other test or check logs
Possible look /usr/local/etc/squidGuard/squidGuard.conf after restart ?
-
It seems to be correct
# cat /usr/local/etc/squidGuard/squidGuard.conf
# ============================================================ # SquidGuard configuration file # This file generated automaticly with SquidGuard configurator # (C)2006 Serg Dvoriancev # email: dv_serg@mail.ru # ============================================================ logdir /var/squidGuard/log dbhome /var/db/squidGuard # dest blk_blacklists_ads { domainlist blk_blacklists_ads/domains urllist blk_blacklists_ads/urls log block.log } # dest blk_blacklists_aggressive { domainlist blk_blacklists_aggressive/domains urllist blk_blacklists_aggressive/urls log block.log } # dest blk_blacklists_audio-video { domainlist blk_blacklists_audio-video/domains urllist blk_blacklists_audio-video/urls log block.log } # dest blk_blacklists_drugs { domainlist blk_blacklists_drugs/domains urllist blk_blacklists_drugs/urls log block.log } # dest blk_blacklists_gambling { domainlist blk_blacklists_gambling/domains urllist blk_blacklists_gambling/urls log block.log } # dest blk_blacklists_hacking { domainlist blk_blacklists_hacking/domains urllist blk_blacklists_hacking/urls log block.log } # dest blk_blacklists_mail { domainlist blk_blacklists_mail/domains log block.log } # dest blk_blacklists_porn { domainlist blk_blacklists_porn/domains expressionlist blk_blacklists_porn/expressions urllist blk_blacklists_porn/urls log block.log } # dest blk_blacklists_proxy { domainlist blk_blacklists_proxy/domains urllist blk_blacklists_proxy/urls log block.log } # dest blk_blacklists_redirector { domainlist blk_blacklists_redirector/domains urllist blk_blacklists_redirector/urls log block.log } # dest blk_blacklists_spyware { domainlist blk_blacklists_spyware/domains urllist blk_blacklists_spyware/urls log block.log } # dest blk_blacklists_suspect { domainlist blk_blacklists_suspect/domains urllist blk_blacklists_suspect/urls log block.log } # dest blk_blacklists_violence { domainlist blk_blacklists_violence/domains expressionlist blk_blacklists_violence/expressions urllist blk_blacklists_violence/urls log block.log } # dest blk_blacklists_warez { domainlist blk_blacklists_warez/domains urllist blk_blacklists_warez/urls log block.log } # acl { # default { pass !blk_blacklists_ads !blk_blacklists_aggressive !blk_blacklists_audio-video !blk_blacklists_drugs !blk_blacklists_gambling !blk_blacklists_hacking !blk_blacklists_mail !blk_blacklists_porn !blk_blacklists_proxy !blk_blacklists_redirector !blk_blacklists_spyware !blk_blacklists_suspect !blk_blacklists_violence !blk_blacklists_warez all redirect http://10.0.0.254:8000/captiveportal-error.php?url=&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u log block.log } }
-
Hi, I have this issue too, my configuration - WebGUI over HTTPS
-
Hi, I have this issue too, my configuration - WebGUI over HTTPS
pfSense 1.2.2 too? I will test this.
-
Same problem without https :\
The thing i noticed is that there are five instances of squidguard started
[root@gateway /var/log]# ps -A | grep squid 969 ?? Is 0:00.00 /usr/local/sbin/squid -D 972 ?? I 0:00.10 (squid) -D (squid) 979 ?? Is 0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard) 980 ?? Is 0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard) 981 ?? Is 0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard) 982 ?? Is 0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard) 983 ?? Is 0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard) 3782 p0 R+ 0:00.00 grep squid
Instead of three, as setted in configuration (this is the list of instances after a APPLY/SAVE on SquidGuard interface)
[root@gateway /var/log]# ps -A | grep squid 969 ?? Is 0:00.00 /usr/local/sbin/squid -D 972 ?? I 0:00.68 (squid) -D (squid) 4293 ?? Is 0:00.09 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard) 4294 ?? Is 0:00.02 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard) 4295 ?? Is 0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard) 5492 p0 R+ 0:00.00 grep squid
On another reboot, instead, the correct number of instances is started
[root@gateway ~]# ps -A | grep squid 963 ?? Is 0:00.00 /usr/local/sbin/squid -D 965 ?? I 0:00.04 (squid) -D (squid) 980 ?? Is 0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard) 981 ?? Is 0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard) 983 ?? Is 0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard) 1174 p0 R+ 0:00.00 grep squid
Log output of squidguard is this
2009-01-23 09:57:59 [980] squidGuard 1.3 started (1232701079.208) 2009-01-23 09:57:59 [980] squidGuard ready for requests (1232701079.395) 2009-01-23 09:57:59 [983] squidGuard 1.3 started (1232701079.208) 2009-01-23 09:57:59 [983] squidGuard ready for requests (1232701079.395) 2009-01-23 09:57:59 [981] squidGuard 1.3 started (1232701079.208) 2009-01-23 09:57:59 [981] squidGuard ready for requests (1232701079.395)
and it seems to be ok
This is the log output of squid
2009/01/23 09:56:55| Squid Cache (Version 2.6.STABLE21): Exiting normally. 2009/01/23 09:57:58| Starting Squid Cache version 2.6.STABLE21 for i386-portbld-freebsd7.0... 2009/01/23 09:57:58| Process ID 965 2009/01/23 09:57:58| With 11072 file descriptors available 2009/01/23 09:57:58| Using kqueue for the IO loop 2009/01/23 09:57:58| helperOpenServers: Starting 5 'dnsserver' processes 2009/01/23 09:57:59| helperOpenServers: Starting 3 'squidGuard' processes 2009/01/23 09:57:59| User-Agent logging is disabled. 2009/01/23 09:57:59| Referer logging is disabled. 2009-01-23 09:57:59 [980] (squidGuard): can't write to logfile /var/log/squidGuard.log 2009-01-23 09:57:59 [983] (squidGuard): can't write to logfile /var/log/squidGuard.log 2009-01-23 09:57:59 [981] (squidGuard): can't write to logfile /var/log/squidGuard.log 2009-01-23 09:57:59 [983] New setting: logdir: /var/squidGuard/log 2009-01-23 09:57:59 [983] New setting: dbhome: /var/db/squidGuard 2009-01-23 09:57:59 [983] init domainlist /var/db/squidGuard/blk_blacklists_ads/domains 2009-01-23 09:57:59 [980] New setting: logdir: /var/squidGuard/log 2009-01-23 09:57:59 [980] New setting: dbhome: /var/db/squidGuard 2009-01-23 09:57:59 [980] init domainlist /var/db/squidGuard/blk_blacklists_ads/domains 2009-01-23 09:57:59 [981] New setting: logdir: /var/squidGuard/log 2009-01-23 09:57:59 [981] New setting: dbhome: /var/db/squidGuard 2009-01-23 09:57:59 [981] init domainlist /var/db/squidGuard/blk_blacklists_ads/domains 2009-01-23 09:57:59 [983] loading dbfile /var/db/squidGuard/blk_blacklists_ads/domains.db 2009-01-23 09:57:59 [980] loading dbfile /var/db/squidGuard/blk_blacklists_ads/domains.db 2009-01-23 09:57:59 [981] loading dbfile /var/db/squidGuard/blk_blacklists_ads/domains.db 2009-01-23 09:57:59 [981] init urllist /var/db/squidGuard/blk_blacklists_ads/urls 2009-01-23 09:57:59 [981] loading dbfile /var/db/squidGuard/blk_blacklists_ads/urls.db 2009-01-23 09:57:59 [983] init urllist /var/db/squidGuard/blk_blacklists_ads/urls 2009-01-23 09:57:59 [983] loading dbfile /var/db/squidGuard/blk_blacklists_ads/urls.db 2009-01-23 09:57:59 [980] init urllist /var/db/squidGuard/blk_blacklists_ads/urls 2009-01-23 09:57:59 [980] loading dbfile /var/db/squidGuard/blk_blacklists_ads/urls.db 2009-01-23 09:57:59 [983] init domainlist /var/db/squidGuard/blk_blacklists_aggressive/domains 2009-01-23 09:57:59 [981] init domainlist /var/db/squidGuard/blk_blacklists_aggressive/domains 2009-01-23 09:57:59 [980] init domainlist /var/db/squidGuard/blk_blacklists_aggressive/domains . . . a tons of logs about blaclists . . 2009-01-23 09:57:59 [980] init urllist /var/db/squidGuard/blk_blacklists_warez/urls 2009-01-23 09:57:59 [980] loading dbfile /var/db/squidGuard/blk_blacklists_warez/urls.db 2009-01-23 09:57:59 [981] init urllist /var/db/squidGuard/blk_blacklists_warez/urls 2009-01-23 09:57:59 [981] loading dbfile /var/db/squidGuard/blk_blacklists_warez/urls.db 2009-01-23 09:57:59 [983] init urllist /var/db/squidGuard/blk_blacklists_warez/urls 2009-01-23 09:57:59 [983] loading dbfile /var/db/squidGuard/blk_blacklists_warez/urls.db 2009/01/23 09:57:59| Unlinkd pipe opened on FD 18 2009/01/23 09:57:59| Swap maxSize 33554432 + 524288 KB, estimated 0 objects 2009/01/23 09:57:59| Target number of buckets: 131072 2009/01/23 09:57:59| Using 131072 Store buckets 2009/01/23 09:57:59| Max Mem size: 524288 KB 2009/01/23 09:57:59| Max Swap size: 33554432 KB 2009/01/23 09:57:59| Store logging disabled 2009/01/23 09:57:59| Rebuilding storage in /var/squid/cache (CLEAN) 2009/01/23 09:57:59| Using Least Load store dir selection 2009/01/23 09:57:59| Current Directory is /tmp 2009/01/23 09:57:59| Loaded Icons. 2009/01/23 09:57:59| Accepting proxy HTTP connections at 192.168.0.74, port 8080, FD 21. 2009/01/23 09:57:59| Accepting transparently proxied HTTP connections at 127.0.0.1, port 80, FD 22. 2009/01/23 09:57:59| Accepting HTCP messages on port 4827, FD 23. 2009/01/23 09:57:59| WCCP Disabled. 2009/01/23 09:57:59| Pinger socket opened on FD 25 2009/01/23 09:57:59| NETDB state reloaded; 26 entries, 10 msec 2009/01/23 09:57:59| Configuring Parent localhost/8081/0 2009/01/23 09:57:59| Ready to serve requests. 2009/01/23 09:57:59| Done reading /var/squid/cache swaplog (755 entries) 2009/01/23 09:57:59| Finished rebuilding storage from disk. 2009/01/23 09:57:59| 755 Entries scanned 2009/01/23 09:57:59| 0 Invalid entries. 2009/01/23 09:57:59| 0 With invalid flags. 2009/01/23 09:57:59| 755 Objects loaded. 2009/01/23 09:57:59| 0 Objects expired. 2009/01/23 09:57:59| 0 Objects cancelled. 2009/01/23 09:57:59| 0 Duplicate URLs purged. 2009/01/23 09:57:59| 0 Swapfile clashes avoided. 2009/01/23 09:57:59| Took 0.8 seconds ( 991.6 objects/sec). 2009/01/23 09:57:59| Beginning Validation Procedure 2009/01/23 09:57:59| Completed Validation Procedure 2009/01/23 09:57:59| Validated 755 Entries 2009/01/23 09:57:59| store_swap_size = 4274k 2009/01/23 09:58:00| storeLateRelease: released 0 objects
note:
2009/01/23 09:57:59| Configuring Parent localhost/8081/0
refer to the HAVP setted as cache parent … squid is configured to never do direct requestes
-
just to advise that i downgraded all the stuff to pfSense 1.2.0 (using freebsd 6.2) and all works perfectly
-
i discovered the problem!!!
Trasparent proxying doesn't start :)
After some tests i noticed that pages weren't filtered by the machine, it seems to me working because i used it, in these days, directly as proxy and effectively it works. If i set it as trasparent proxy and i set my gateway as needed pages doesn't get filtered!