Squid on 2.1 nanobsd

phil.davis

I have loaded the V2.1 1GB nanobsd image onto a 2GB compact flash (I only have 2GB CF cards). Installled it into an ALIX board. I load Squid from the packages menu, all seems to go fine. Then when I try to configure a very basic Squid transparent provy and save it, Squid doesn't start. The system log complains about "squid[9740]: cache_dir /var/squid/cache: (2) No such file or directory". Indeed there is no /var/squid/cache dir, there is /var/squid/acl and /var/squid/logs. Also /etc/passwd has no squid user listed. My production 2.0.1 systems have all these things!

/tmp/squid.info has normal looking output from the package install:

–----------------------------------
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...done.
Executing custom_php_resync_config_command()...done.
Menu items... done.
Integrated Tab items... done.
Services... done.
Writing configuration... done.

Installation completed.  Please check to make sure that the package is configured from the respective menu then start the package.

I repeated the whole process on another CF card and got the same result.

Am I supposed to get newer packages from somewhere special to go with 2.1?

Is this anything to do with using a 2GB CF card with the 1GB image?

Any other ideas?

phil.davis

I notice that http://files.pfsense.org/packages/8/All/ has some new Squid and SquidGuard packages put there on 3 March 2012:

http://files.pfsense.org/packages/8/All/squid-2.7.9_1.tbz
http://files.pfsense.org/packages/8/All/squidGuard-1.4_4.tbz

Are these for 2.1?

Neither of my 2.0.1 or 2.1 systems see these, the Package Manager shows 2.7.9 pkg v.4.3.1 and 1.4_2 pkg v.1.9.1 respectively.

Should either 2.0.1 or 2.1 Package Manager be seeing these newer versions?

I am wanting to test 2.1 with Squid and SquidGuard, so I want to find versions of these intended for FreeBSD 8.3 and pfSense 2.1.

jimp

pfSense 2.1 uses PBI packages to those tbz files are not for it. I haven't tried squid on a full install of 2.1 (and haven't attempted a NanoBSD either) so there may still be some issues to work out there.

Making the cache folder and such is usually done by the package install though. You can just try to make /var/squid/cache, run squid -z, and see what happens.

phil.davis

I started again with a fresh 2.1-DEVELOPMENT 1G nanobsd image on a CF card. I used the webGUI Package interface to install Squid. Although the text in the "Available Packages" list indicates 2.7.9, it actually downloads a 2.7.9_1 PBI file, so it is correctly getting the PBI package from files.pfsense.org.

After installing Squid from the package installer web interface I had to:

pw useradd -g proxy -s /sbin/nologin -d /var/squid -n squid
chown -R squid /var/squid
mkdir /var/squid/cache
chown -R squid /var/squid/cache
squid -z

Then I tried restarting from the webGUI Status, Services.
It looks like it starts OK, /var/squid/logs/cache.log has good looking stuff in it, the system log looks like it has started a process for the service. But "Status, Service" says it is not running, and "ps ax | grep squid" doesn't find a process any more! It disappears for some reason that I haven't worked out yet.

squid -s

starts it happily and it runs.

So there are issues with the Squid installation scripts and startup mechanism on 2.1-DEVELOPMENT.

After a reboot the /var/squid stuff doesn't get setup properly. To run squid again I do:

chown -R squid /var/squid
mkdir /var/squid/cache
chown -R squid /var/squid/cache
squid -z
squid -s

phil.davis

Next I tried installing the SquidGuard package. The package manager says 1.4_2, but it actually fetched 1.4_4 PBI file. The installation messages looked OK. I configured times, target categories, groups ACL, common ACL and General Settings, saving at each point, then select "enable" and apply.

It puts the usual redirect_program stuff into the Squid config:

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3

But SquidGuard doesn't run. I get 1 log file:

/var/SquidGuard/log/SquidGuard.log
2012-03-06 13:59:04 [27157] squidGuard 1.4 started (1331021644.566)
2012-03-06 13:59:04 [27157] db update done
2012-03-06 13:59:04 [27157] squidGuard stopped (1331021644.953)
2012-03-06 13:59:38 [52037] squidGuard 1.4 started (1331021678.521)
2012-03-06 13:59:38 [52037] db update done
2012-03-06 13:59:38 [52037] squidGuard stopped (1331021678.539)

My working 2.0.1 system has a block.log and sg_configurator.log in /var/squidGuard/log but that file does not appear on this 2.1-DEVELOPMENT system.

At this point I don't get any proxy service. After disabling SquidGuard and getting Squid going again from the command line, I get responses in Firefox or Opera like:

–--------------------------------------------------------------------------------
ERROR
The requested URL could not be retrieved

While trying to process the request:

GET / HTTP/1.1
Host: www.pfsense.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __utma=232063710.1466445493.1327575010.1331005933.1331011558.14; __utmz=232063710.1327575010.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

The following error was encountered:

Invalid Request

Some aspect of the HTTP Request is invalid. Possible problems:

Missing or unknown request method
    Missing URL
    Missing HTTP Identifier (HTTP/1.0)
    Request is too large
    Content-Length missing for POST or PUT requests
    Illegal character in hostname; underscores are not allowed

Your cache administrator is webmaster.
Generated Tue, 06 Mar 2012 08:03:35 GMT by davispf.localdomain (squid/2.7.STABLE9)

I tried stopping squid, doing "squid -z", then "squid -s" again. Lots of stuff, but couldn't get Squid back servicing transparent proxy again. Finally I rebooted and did the manual commands to get Squid going (in post above) and it is back functioning.

So, no success yet getting SquidGuard to function on 2.1-DEVELOPMENT.
(My original objective was to try out Squid and SquidGuard with Times, Target Categories and Group ACLs to see if the handling of on/off times worked correctly in 2.1 - but I haven't been able to get SquidGuard to work at all on 2.1 yet, so my original objective has fallen by the wayside!)

I better go and do some other work! If anyone is working on this, then I am happy to help with testing or look at some code (once I am pointed in the right direction for what is expected from PBI package installations and how it is all intended to hang together).

jimp

Locking this since http://forum.pfsense.org/index.php/topic,45487.0.html seems to have more active discussion.