URL filtering for ALIX + nanobsd install

valnar

Cool…thanks.  Any other wiki or instructions on the basics of squid?

jimp

There are a couple articles up on the doc wiki, but nothing really substantial.

http://doc.pfsense.org/index.php/Category:Squid

chudy

@valnar:

I've installed squid and squidguard on my 1.2.3 RC3 install with ALIX board.  I've installed both squid and squidguard for the sole purpose of blocking some URL's (like Facebook) for my kids.  I dont want or need any other proxy or caching services.  And considering it's running off a CF card, I probably shouldn't do it.

I setup squid per the recommended practices (I think), but I believe it's behaving as squid intended, which I don't want.  How can I turn off everything possible to just get the desired result of blocking a few URL's with SquidGuard?  I want everything to be as transparent to the user as possible, with the exception that FB is blocked.  I don't care about caching or using my precious CF space for anything.

What is the best way to set this up?

use cache_dir null /tmp.
run this at your console or @webgui command.

sed 's:^cache_dir\(.*\):cache_dir null \/tmp:g' /usr/local/pkg/squid.inc > squid.inc.tmp && mv squid.inc.tmp /usr/local/pkg/squid.inc

valnar

chudy,
I tried that command but get an error saying it's a read-only file system.  I'm running the nanobsd version on an ALIX board.

jimp

Precede that with:
/etc/rc.conf_mount_rw

And afterward use:
/etc/rc.conf_mount_ro

That will let you alter the file if you want.

valnar

@jimp:

Precede that with:
/etc/rc.conf_mount_rw

And afterward use:
/etc/rc.conf_mount_ro

That will let you alter the file if you want.

That did it.  Thanks!

valnar

OK, my pfSense install started to crawl and now the mgmt GUI is very slow.  Any change results in an error stating something is out of space, even though it's not.  I can't change any proxy settings without this error.  I have uninstalled both squid and squidguard.  Something is not right for an embedded install.

jimp

It may have exhausted the space in the memory disk (/var or /tmp)

A reboot would clear those

Did you have squid or squidguard set to log? that would certainly fill it up.

valnar

Yah, I think the memory was high - about 75%.

I thought I turned off all logging, but that's okay.  I have a different way of accomplishing the same goal now.  Thanks for the help.

valnar

My other method wasn't better, so I reinstalled squid and squidguard after reflashing my CF again (always want to start clean).

It worked fine today until I rebooted due to high memory use.  This time the two services would not (and will not) start.

It won't start from the services page, and if I go into Proxy filter separately to start it instead, I get these errors on apply:

The following input errors were detected:

    * (B1) BLACKLIST 'ads' error: file '/var/db/squidGuard/ads' not found
    * (B1) BLACKLIST 'aggressive' error: file '/var/db/squidGuard/aggressive' not found
    * (B1) BLACKLIST 'audio-video' error: file '/var/db/squidGuard/audio-video' not found
    * (B1) BLACKLIST 'drugs' error: file '/var/db/squidGuard/drugs' not found
    * (B1) BLACKLIST 'gambling' error: file '/var/db/squidGuard/gambling' not found
    * (B1) BLACKLIST 'hacking' error: file '/var/db/squidGuard/hacking' not found
    * (B1) BLACKLIST 'mail' error: file '/var/db/squidGuard/mail' not found
    * (B1) BLACKLIST 'porn' error: file '/var/db/squidGuard/porn' not found
    * (B1) BLACKLIST 'proxy' error: file '/var/db/squidGuard/proxy' not found
    * (B1) BLACKLIST 'violence' error: file '/var/db/squidGuard/violence' not found
    * (B1) BLACKLIST 'warez' error: file '/var/db/squidGuard/warez' not found

Now, I never downloaded a blacklist file before, nor did I need one to use squidguard.  Do I have to now?

valnar

My services log on bootup, with squid entries only:

Nov 27 05:02:40 	squid[1359]: Squid Parent: child process 1361 exited with status 0
Nov 27 05:02:35 	php: : Creating squid cache subdirs in /var/squid/cache
Nov 27 05:02:32 	squid[1359]: Squid Parent: child process 1361 started
Nov 27 05:02:31 	squid[1249]: Squid Parent: child process 1251 exited with status 0
Nov 27 05:02:27 	php: : Creating squid cache subdirs in /var/squid/cache
Nov 27 05:02:21 	squid[1249]: Squid Parent: child process 1251 started
Nov 27 05:02:20 	squid[1215]: Squid Parent: child process 1217 exited with status 0
Nov 27 05:02:16 	php: : Creating squid cache subdirs in /var/squid/cache
Nov 27 05:02:11 	squid[1215]: Squid Parent: child process 1217 started
Nov 27 05:02:10 	squid[1181]: Squid Parent: child process 1183 exited with status 0
Nov 27 05:02:06 	php: : Creating squid cache subdirs in /var/squid/cache
Nov 27 05:02:01 	squid[1181]: Squid Parent: child process 1183 started
Nov 27 05:02:00 	squid[1147]: Squid Parent: child process 1150 exited with status 0
Nov 27 05:01:56 	php: : Creating squid cache subdirs in /var/squid/cache
Nov 27 05:01:51 	squid[1147]: Squid Parent: child process 1150 started
Nov 27 05:01:46 	php: : Creating squid cache subdirs in /var/squid/cache
Nov 27 05:01:44 	squid[1106]: Squid Parent: child process 1109 exited with status 0
Nov 27 05:01:40 	php: : Creating squid cache subdirs in /var/squid/cache
Nov 27 05:01:36 	squid[1106]: Squid Parent: child process 1109 started
Nov 27 05:01:35 	squid[1071]: Squid Parent: child process 1073 exited with status 0
Nov 27 05:01:31 	php: : Creating squid cache subdirs in /var/squid/cache
Nov 27 05:01:25 	squid[1071]: Squid Parent: child process 1073 started
Nov 27 05:01:20 	php: : Creating squid cache subdirs in /var/squid/cache
Nov 27 05:01:20 	php: : Creating Squid cache dir /var/squid/cache
Nov 27 05:01:20 	php: : Creating squid log dir /var/squid/log/

dvserg

Disable blacklist checkbox.

valnar

It already was disabled.  Both squid and squidguard services are not starting.