SquidGuard doesn't start on restart

daniele_dll

Hi to all,

i got a strange problem! When i restart the machine squidguard doesn't filter anything! The much stranger thing is that if i click on APPLY and after on SAVE all start to works perfectly.

I've installed pfsense 1.2.2, my configuration is the following:

• WebGUI over HTTPS
• FreeRadius
• Captive Portal with FreeRadius (configured as client with own shared secret)
• Squid as Trasparent Proxy
• SquidGuard with blacklists

After the configuration all worked perfetcly! After restart … squidguard doesn't filter anymore.

Looking to squid configuration file doesn't show anything of strange

# Custom options
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 3

These are the standard redirect options for squidguard

Looking to processes, using ps, shows that squidguard is correctly started and logs doesn't shows anything.

The strangest thing is that if i go on squidguard page and press before APPLY and after SAVE all start to work correctly

Do you have any idea?

daniele_dll

After a lot of retries i got it working on restart too, but i really didn't understand why it doesn't work on restart

However i put all not working stuff on a virtual machine (vmware) if someone wants i can do some other test or check logs

dvserg

@daniele_dll:

After a lot of retries i got it working on restart too, but i really didn't understand why it doesn't work on restart

However i put all not working stuff on a virtual machine (vmware) if someone wants i can do some other test or check logs

Possible look /usr/local/etc/squidGuard/squidGuard.conf after restart ?

daniele_dll

It seems to be correct

# cat /usr/local/etc/squidGuard/squidGuard.conf

# ============================================================
# SquidGuard configuration file
# This file generated automaticly with SquidGuard configurator
# (C)2006 Serg Dvoriancev
# email: dv_serg@mail.ru
# ============================================================

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

#
dest blk_blacklists_ads {
        domainlist blk_blacklists_ads/domains
        urllist blk_blacklists_ads/urls
        log block.log
}

#
dest blk_blacklists_aggressive {
        domainlist blk_blacklists_aggressive/domains
        urllist blk_blacklists_aggressive/urls
        log block.log
}

#
dest blk_blacklists_audio-video {
        domainlist blk_blacklists_audio-video/domains
        urllist blk_blacklists_audio-video/urls
        log block.log
}

#
dest blk_blacklists_drugs {
        domainlist blk_blacklists_drugs/domains
        urllist blk_blacklists_drugs/urls
        log block.log
}

#
dest blk_blacklists_gambling {
        domainlist blk_blacklists_gambling/domains
        urllist blk_blacklists_gambling/urls
        log block.log
}

#
dest blk_blacklists_hacking {
        domainlist blk_blacklists_hacking/domains
        urllist blk_blacklists_hacking/urls
        log block.log
}

#
dest blk_blacklists_mail {
        domainlist blk_blacklists_mail/domains
        log block.log
}

#
dest blk_blacklists_porn {
        domainlist blk_blacklists_porn/domains
        expressionlist blk_blacklists_porn/expressions
        urllist blk_blacklists_porn/urls
        log block.log
}

#
dest blk_blacklists_proxy {
        domainlist blk_blacklists_proxy/domains
        urllist blk_blacklists_proxy/urls
        log block.log
}

#
dest blk_blacklists_redirector {
        domainlist blk_blacklists_redirector/domains
        urllist blk_blacklists_redirector/urls
        log block.log
}

#
dest blk_blacklists_spyware {
        domainlist blk_blacklists_spyware/domains
        urllist blk_blacklists_spyware/urls
        log block.log
}

#
dest blk_blacklists_suspect {
        domainlist blk_blacklists_suspect/domains
        urllist blk_blacklists_suspect/urls
        log block.log
}

#
dest blk_blacklists_violence {
        domainlist blk_blacklists_violence/domains
        expressionlist blk_blacklists_violence/expressions
        urllist blk_blacklists_violence/urls
        log block.log
}

#
dest blk_blacklists_warez {
        domainlist blk_blacklists_warez/domains
        urllist blk_blacklists_warez/urls
        log block.log
}

#
acl  {
        #
        default  {
                pass !blk_blacklists_ads !blk_blacklists_aggressive !blk_blacklists_audio-video !blk_blacklists_drugs !blk_blacklists_gambling !blk_blacklists_hacking !blk_blacklists_mail !blk_blacklists_porn !blk_blacklists_proxy !blk_blacklists_redirector !blk_blacklists_spyware !blk_blacklists_suspect !blk_blacklists_violence !blk_blacklists_warez all
                redirect http://10.0.0.254:8000/captiveportal-error.php?url=&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
                log block.log
        }
}

rafael.cardoso

Hi, I have this issue too, my configuration - WebGUI over HTTPS

dvserg

@rafael.cardoso:

Hi, I have this issue too, my configuration - WebGUI over HTTPS

pfSense 1.2.2 too? I will test this.

daniele_dll

Same problem without https :\

The thing i noticed is that there are five instances of squidguard started

[root@gateway /var/log]# ps -A | grep squid
  969  ??  Is     0:00.00 /usr/local/sbin/squid -D
  972  ??  I      0:00.10 (squid) -D (squid)
  979  ??  Is     0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
  980  ??  Is     0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
  981  ??  Is     0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
  982  ??  Is     0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
  983  ??  Is     0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
 3782  p0  R+     0:00.00 grep squid

Instead of three, as setted in configuration (this is the list of instances after a APPLY/SAVE on SquidGuard interface)

[root@gateway /var/log]# ps -A | grep squid
  969  ??  Is     0:00.00 /usr/local/sbin/squid -D
  972  ??  I      0:00.68 (squid) -D (squid)
 4293  ??  Is     0:00.09 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
 4294  ??  Is     0:00.02 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
 4295  ??  Is     0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
 5492  p0  R+     0:00.00 grep squid

On another reboot, instead, the correct number of instances is started

[root@gateway ~]# ps -A | grep squid
  963  ??  Is     0:00.00 /usr/local/sbin/squid -D
  965  ??  I      0:00.04 (squid) -D (squid)
  980  ??  Is     0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
  981  ??  Is     0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
  983  ??  Is     0:00.01 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
 1174  p0  R+     0:00.00 grep squid

Log output of squidguard is this

2009-01-23 09:57:59 [980] squidGuard 1.3 started (1232701079.208)
2009-01-23 09:57:59 [980] squidGuard ready for requests (1232701079.395)
2009-01-23 09:57:59 [983] squidGuard 1.3 started (1232701079.208)
2009-01-23 09:57:59 [983] squidGuard ready for requests (1232701079.395)
2009-01-23 09:57:59 [981] squidGuard 1.3 started (1232701079.208)
2009-01-23 09:57:59 [981] squidGuard ready for requests (1232701079.395)

and it seems to be ok

This is the log output of squid

2009/01/23 09:56:55| Squid Cache (Version 2.6.STABLE21): Exiting normally.
2009/01/23 09:57:58| Starting Squid Cache version 2.6.STABLE21 for i386-portbld-freebsd7.0...
2009/01/23 09:57:58| Process ID 965
2009/01/23 09:57:58| With 11072 file descriptors available
2009/01/23 09:57:58| Using kqueue for the IO loop
2009/01/23 09:57:58| helperOpenServers: Starting 5 'dnsserver' processes
2009/01/23 09:57:59| helperOpenServers: Starting 3 'squidGuard' processes
2009/01/23 09:57:59| User-Agent logging is disabled.
2009/01/23 09:57:59| Referer logging is disabled.
2009-01-23 09:57:59 [980] (squidGuard): can't write to logfile /var/log/squidGuard.log
2009-01-23 09:57:59 [983] (squidGuard): can't write to logfile /var/log/squidGuard.log
2009-01-23 09:57:59 [981] (squidGuard): can't write to logfile /var/log/squidGuard.log
2009-01-23 09:57:59 [983] New setting: logdir: /var/squidGuard/log
2009-01-23 09:57:59 [983] New setting: dbhome: /var/db/squidGuard
2009-01-23 09:57:59 [983] init domainlist /var/db/squidGuard/blk_blacklists_ads/domains
2009-01-23 09:57:59 [980] New setting: logdir: /var/squidGuard/log
2009-01-23 09:57:59 [980] New setting: dbhome: /var/db/squidGuard
2009-01-23 09:57:59 [980] init domainlist /var/db/squidGuard/blk_blacklists_ads/domains
2009-01-23 09:57:59 [981] New setting: logdir: /var/squidGuard/log
2009-01-23 09:57:59 [981] New setting: dbhome: /var/db/squidGuard
2009-01-23 09:57:59 [981] init domainlist /var/db/squidGuard/blk_blacklists_ads/domains
2009-01-23 09:57:59 [983] loading dbfile /var/db/squidGuard/blk_blacklists_ads/domains.db
2009-01-23 09:57:59 [980] loading dbfile /var/db/squidGuard/blk_blacklists_ads/domains.db
2009-01-23 09:57:59 [981] loading dbfile /var/db/squidGuard/blk_blacklists_ads/domains.db
2009-01-23 09:57:59 [981] init urllist /var/db/squidGuard/blk_blacklists_ads/urls
2009-01-23 09:57:59 [981] loading dbfile /var/db/squidGuard/blk_blacklists_ads/urls.db
2009-01-23 09:57:59 [983] init urllist /var/db/squidGuard/blk_blacklists_ads/urls
2009-01-23 09:57:59 [983] loading dbfile /var/db/squidGuard/blk_blacklists_ads/urls.db
2009-01-23 09:57:59 [980] init urllist /var/db/squidGuard/blk_blacklists_ads/urls
2009-01-23 09:57:59 [980] loading dbfile /var/db/squidGuard/blk_blacklists_ads/urls.db
2009-01-23 09:57:59 [983] init domainlist /var/db/squidGuard/blk_blacklists_aggressive/domains
2009-01-23 09:57:59 [981] init domainlist /var/db/squidGuard/blk_blacklists_aggressive/domains
2009-01-23 09:57:59 [980] init domainlist /var/db/squidGuard/blk_blacklists_aggressive/domains
.
.
. a tons of logs about blaclists
.
.
2009-01-23 09:57:59 [980] init urllist /var/db/squidGuard/blk_blacklists_warez/urls
2009-01-23 09:57:59 [980] loading dbfile /var/db/squidGuard/blk_blacklists_warez/urls.db
2009-01-23 09:57:59 [981] init urllist /var/db/squidGuard/blk_blacklists_warez/urls
2009-01-23 09:57:59 [981] loading dbfile /var/db/squidGuard/blk_blacklists_warez/urls.db
2009-01-23 09:57:59 [983] init urllist /var/db/squidGuard/blk_blacklists_warez/urls
2009-01-23 09:57:59 [983] loading dbfile /var/db/squidGuard/blk_blacklists_warez/urls.db
2009/01/23 09:57:59| Unlinkd pipe opened on FD 18
2009/01/23 09:57:59| Swap maxSize 33554432 + 524288 KB, estimated 0 objects
2009/01/23 09:57:59| Target number of buckets: 131072
2009/01/23 09:57:59| Using 131072 Store buckets
2009/01/23 09:57:59| Max Mem  size: 524288 KB
2009/01/23 09:57:59| Max Swap size: 33554432 KB
2009/01/23 09:57:59| Store logging disabled
2009/01/23 09:57:59| Rebuilding storage in /var/squid/cache (CLEAN)
2009/01/23 09:57:59| Using Least Load store dir selection
2009/01/23 09:57:59| Current Directory is /tmp
2009/01/23 09:57:59| Loaded Icons.
2009/01/23 09:57:59| Accepting proxy HTTP connections at 192.168.0.74, port 8080, FD 21.
2009/01/23 09:57:59| Accepting transparently proxied HTTP connections at 127.0.0.1, port 80, FD 22.
2009/01/23 09:57:59| Accepting HTCP messages on port 4827, FD 23.
2009/01/23 09:57:59| WCCP Disabled.
2009/01/23 09:57:59| Pinger socket opened on FD 25
2009/01/23 09:57:59| NETDB state reloaded; 26 entries, 10 msec
2009/01/23 09:57:59| Configuring Parent localhost/8081/0
2009/01/23 09:57:59| Ready to serve requests.
2009/01/23 09:57:59| Done reading /var/squid/cache swaplog (755 entries)
2009/01/23 09:57:59| Finished rebuilding storage from disk.
2009/01/23 09:57:59|       755 Entries scanned
2009/01/23 09:57:59|         0 Invalid entries.
2009/01/23 09:57:59|         0 With invalid flags.
2009/01/23 09:57:59|       755 Objects loaded.
2009/01/23 09:57:59|         0 Objects expired.
2009/01/23 09:57:59|         0 Objects cancelled.
2009/01/23 09:57:59|         0 Duplicate URLs purged.
2009/01/23 09:57:59|         0 Swapfile clashes avoided.
2009/01/23 09:57:59|   Took 0.8 seconds ( 991.6 objects/sec).
2009/01/23 09:57:59| Beginning Validation Procedure
2009/01/23 09:57:59|   Completed Validation Procedure
2009/01/23 09:57:59|   Validated 755 Entries
2009/01/23 09:57:59|   store_swap_size = 4274k
2009/01/23 09:58:00| storeLateRelease: released 0 objects

note:

2009/01/23 09:57:59| Configuring Parent localhost/8081/0

refer to the HAVP setted as cache parent … squid is configured to never do direct requestes

daniele_dll

just to advise that i downgraded all the stuff to pfSense 1.2.0 (using freebsd 6.2) and all works perfectly

daniele_dll

i discovered the problem!!!

Trasparent proxying doesn't start :)

After some tests i noticed that pages weren't filtered by the machine, it seems to me working because i used it, in these days, directly as proxy and effectively it works. If i set it as trasparent proxy and i set my gateway as needed pages doesn't get filtered!