Havp + Squid problem (connect failed)

goliy

Hi everyone!
I've just installed clean pfsense version 1.2.3-RELEASE, then I've installed squid, havp and configured its. (in browser, of coz)

My squid config:

Do not edit manually !

http_port 1.0.0.1:3128
http_port 127.0.0.1:80 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /dev/null
cache_log /var/squid/logs/cache.log
cache_store_log none
shutdown_lifetime 3 seconds

Allow local network(s) on interface(s)

acl localnet src  1.0.0.0/255.255.255.0
httpd_suppress_version_string on
uri_whitespace strip

cache_mem 1024 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 20480 256 256
minimum_object_size 0 KB
maximum_object_size 10240 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95

No redirector configured

Setup some default acls

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 22222 3128 1025-65535
acl sslports port 443 563 22222
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
cache deny dynamic
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections

http_access allow localhost

request_body_max_size 0 KB
reply_body_max_size 0 deny all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all

Setup allowed acls

Allow local network(s) on interface(s)

http_access allow localnet

Default block all to be sure

http_access deny all

cat /usr/local/etc/squid/squid.conf | grep havp

cache_peer 127.0.0.1 parent 8080 0 name=havp no-query no-digest no-netdb-exchange default

cat /usr/local/etc/squid/squid.conf

Do not edit manually !

http_port 1.0.0.1:3128
http_port 127.0.0.1:80 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /dev/null
cache_log /var/squid/logs/cache.log
cache_store_log none
shutdown_lifetime 3 seconds

Allow local network(s) on interface(s)

acl localnet src  1.0.0.0/255.255.255.0
httpd_suppress_version_string on
uri_whitespace strip

cache_mem 1024 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 20480 256 256
minimum_object_size 0 KB
maximum_object_size 10240 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95

No redirector configured

Setup some default acls

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 22222 3128 1025-65535
acl sslports port 443 563 22222
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
cache deny dynamic
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections

http_access allow localhost

request_body_max_size 0 KB
reply_body_max_size 0 deny all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all

Setup allowed acls

Allow local network(s) on interface(s)

http_access allow localnet

Custom options

never_direct allow all
cache_peer 127.0.0.1 parent 8080 0 name=havp no-query no-digest no-netdb-exchange default

Default block all to be sure

http_access deny all

my havp config:

============================================================

HAVP config file

This file generated automaticly with HAVP configurator (part of pfSense)

(C)2008 Serg Dvoriancev

email: dv_serg@mail.ru

============================================================

USER          havp
GROUP          havp
DAEMON        true
PIDFILE        /var/run/havp.pid

For small home use, 8 should be minimum.

For 500 users corporate use, start at 40.

SERVERNUMBER  3
MAXSERVERS    100

log

ACCESSLOG      /var/log/havp/access.log
ERRORLOG      /var/log/havp/havp.log

syslog

USESYSLOG      true
SYSLOGNAME    havp
SYSLOGFACILITY daemon
SYSLOGLEVEL    info

Level of HAVP logging

#  0 = Only serious errors and information
#  1 = Less interesting information is included
LOG_OKS        false
LOGLEVEL      0

temp

SCANTEMPFILE  /var/tmp/havpRAM/havp-XXXXXX
TEMPDIR        /var/tmp

DBRELOAD      180
TRANSPARENT    false

if HAVP is used as parent proxy by some other proxy, this allows to write the real users IP to log, instead of proxy IP.

FORWARDED_IP    false
X_FORWARDED_FOR false

havp is listening on

PORT          8080
BIND_ADDRESS  127.0.0.1

Path to template files

TEMPLATEPATH  /usr/local/share/examples/havp/templates/ru

whitelist and blacklist

WHITELISTFIRST true
WHITELIST      /usr/local/etc/havp/whitelist
BLACKLIST      /usr/local/etc/havp/blacklist

block file if error scanning

FAILSCANERROR  true

scanner

SCANNERTIMEOUT 10
RANGE          false

stream scan disabled

STREAMSCANSIZE  0
SCANIMAGES      true
MAXSCANSIZE    5120000
KEEPBACKBUFFER  200000
KEEPBACKTIME    5

After Trickling Time (seconds), some bytes are sent to browser to keep the connection alive

TRICKLING      10
TRICKLINGBYTES  1

Downloads larger than MAXDOWNLOADSIZE will be blocked.

MAXDOWNLOADSIZE 0

ClamAV Library Scanner (libclamav)

ENABLECLAMLIB        false

Clamd scanner (Clam daemon)

ENABLECLAMD          true
CLAMDSERVER          127.0.0.1
CLAMDPORT            3310

All servises is Started, but errors like this:
Feb 17 20:54:56 havp[36213]: connect() failed: Operation not permitted
Feb 17 20:54:54 havp[36455]: 127.0.0.1 GET 200 http://autocontext.begun.ru/blockcounter? 343+43 SCANERROR Clamd: Could not connect to scanner socket
Feb 17 20:54:54 havp[36455]: Scanner errors: Clamd: Could not connect to scanner socket (lasturl: http://autocontext.begun.ru/blockcounter?)
Feb 17 20:54:54 havp[36457]: Clamd: Could not connect to scanner! Scanner down?
Feb 17 20:54:54 havp[36457]: connect() failed: Operation not permitted
Feb 17 20:54:54 havp[34945]: connect() failed: Operation not permitted

That's wrong? Help me, please

dvserg

Update you Antivirus DB.

goliy

my AV DB is ClamAV 0.95.3/12720/Thu Feb 17 17:48:08 2011

but when i try to update now i see in log:
Feb 17 22:33:43 freshclam[6857]: Current functionality level = 44, recommended = 58
Feb 17 22:33:25 freshclam[7092]: getpatch: Can't download safebrowsing-27355.cdiff from db.at.clamav.net
Feb 17 22:33:24 freshclam[7092]: Can't download safebrowsing.cvd from clamav.citrin.ru
Feb 17 22:33:02 freshclam[6944]: Incremental update failed, trying to download safebrowsing.cvd
Feb 17 22:33:02 freshclam[6944]: getpatch: Can't download safebrowsing-27355.cdiff from clamav.citrin.ru
Feb 17 22:32:58 freshclam[6944]: Local version: 0.95.3 Recommended version: 0.97
Feb 17 22:32:58 freshclam[6944]: Your ClamAV installation is OUTDATED!
and so on.

And
Update status
Start Update 17.02.2011 22:33:10 Antivirus update started.
                        17.02.2011 22:33:10 Antivirus database already is updated.
                        17.02.2011 22:33:43 Antivirus update end.

But, nevertheless, my DB is fresh:
daily.cld 17.02.2011 2.93 M 12720 47541 ccordes
main.cvd 14.11.2010 25.01 M 53 846214 sven
safebrowsing.cld 17.02.2011 20.60 M 27355 415448 google

dvserg

What if run from console

> clamd --debug

And then look log/syslog for ErroR messages ?

goliy

Something news:
Feb 19 00:31:12 clamd[11486]: MaxThreads * MaxRecursion is too high: 25500, open file descriptor limit is: 11095
Feb 19 00:29:40 freshclam[8625]: Invalid DNS reply. Falling back to HTTP mode.
Feb 19 00:35:28 freshclam[7977]: Current functionality level = 44, recommended = 58

I've deleted squid. Now HAVP works as transparent proxy.

clamd –debug

LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************

dvserg

@goliy:

Something news:
Feb 19 00:31:12 clamd[11486]: MaxThreads * MaxRecursion is too high: 25500, open file descriptor limit is: 11095

Possible change /usr/local/etc/clamd.conf :

# daemon
MaxThreads                10
# scanner
MaxDirectoryRecursion     100

Then test new.

goliy

I'm sorry, but I am compelled to postpone the tests until I decide the main problem - with packets loss (http://forum.pfsense.org/index.php/topic,33467.msg173515.html)
very thx

goliy

Do you speak Russian?
My previous error was associated with the overflow table sizes. I fixed it.
Now it works, but the logs written some suspicious messages, like this:
Feb 24 10:36:19 havp[27558]: accept() failed: Software caused connection abort
Feb 24 10:34:47 havp[27586]: accept() failed: Software caused connection abort
Feb 24 10:34:43 havp[27803]: accept() failed: Software caused connection abort