Squid not logging traffic, configuration issue?
-
Let me first start off by saying the squid IS currently running and traffic IS getting to the outside, it's just not being logged by squid.
For reference, I use a bridged firewall configuration with just 2 interfaces, LAN and WAN. You can see a little more detailed info about my setup in this thread from a few months back:
http://forum.pfsense.org/index.php/topic,46143.0.htmlCurrent squid configuration
General Tab
Proxy interface: WAN
Allow users on interface: checked
Transparent proxy: checked
Log store directory: /var/squid/logs
Proxy port: 3128There are no other settings adjusted on any other tabs. When viewing services status, it shows squid service as running.
I originally installed squid, then sarg, then squidguard. I believe for a time it seemed to be working because when I went to view real-time status report in sarg I could see traffic. This essentially let me know that entries were being made to the access.log file. Well I ended inadvertantly blocking some stuff in squidguard that I didn't want so I decided to turn squidguard off until I could get it resolved. So the squidguard service has been stopped ever since, but now squid doesn't seem to be logging anything at all.
I have squid set to transparent proxy on port 3128. I have to bind squid to the WAN port since it is a static IP. The only other options are loopback and LAN. If I set it to LAN, since it is type "none", squid essentially configures this the same as it would a loopback. I tried this once and took a look at the squid configuration file it set it to 127.0.0.1 if it was set to the LAN interface. No traffic would be able to get out at all.
Contents of current squid.conf
# Do not edit manually ! http_port X.X.X.X:3128 http_port 127.0.0.1:3128 transparent icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/local/etc/squid/errors/English icon_directory /usr/local/etc/squid/icons visible_hostname localhost cache_mgr admin@localhost access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none logfile_rotate 0 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src X.X.X.0/255.255.255.0 uri_whitespace strip cache_mem 8 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir ufs /var/squid/cache 100 16 256 minimum_object_size 0 KB maximum_object_size 10 KB offline_mode off # No redirector configured # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535 acl sslports port 443 563 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl dynamic urlpath_regex cgi-bin \? acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl" cache deny dynamic http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB reply_body_max_size 0 deny all delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow all # Block access to blacklist domains http_access deny blacklist # Setup allowed acls # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny all
Lastly, plenty of disk space is available, so that's not an issue.
-
What version of pfSense are you using?
-
Sorry, I am on pfsense 2.0.1 using squid 2.7.9 pkg v.4.3.1.
-
I don't know about 2.0.1. I have an issue with 2.1 but after an update, it worked like it should.