Squid3 - New GUI with sync, normal and reverse proxy
-
Sounds like the same issue I'm having, however it looks like one of your mappings isnt ON. Maybe that will fix it, if so I need to look over my config again.
-
I looked at my squid.config file at its basically the same as cjbujold's.
Is there anything else to try, or does anyone have any idea why this isnt working?
Thanks for the help.
-
Hi,
There is no possible to restart/start squid service from dashboard and services GUI pages.
Best regards
IGIdeus -
Hi,
IMHO squid as a package for firewall should be hardened a little bit more.
From my perspective ACL safe_ports should include only 21, 80, 443 and 1025-65535 ports, ACL SSL should include only 443 port. All other ports should be added manually.
There could be information about other ports in description of the options.The brilliant function could be possibility to manage the ACLs like in Webmin or like firewall rules in pfSense.
Best regards
IGIdeus -
There is no possible to restart/start squid service from dashboard and services GUI pages.
Apply this patch on your 2.0.1 install to fix restart service option
https://github.com/bsdperimeter/pfsense/commit/6ae78f0808747893f30b867c51b744dfe39e2190From my perspective ACL safe_ports should include only 21, 80, 443 and 1025-65535 ports, ACL SSL should include only 443 port. All other ports should be added manually.
the current list (21 70 80 210 280 443 488 563 591 631 777 901 1025-65535) is not that big. I think(and in some cases I remove) that 1025-65535 is the most "unsecure" port range on this array. You can chage it editing squid.inc file.
The brilliant function could be possibility to manage the ACLs like in Webmin or like firewall rules in pfSense.
It's on the todo list, but I need some free time to finish.
-
The setup looks fine, I'll try to simulate it.
Did you ever have a chance to simulate the reverse proxy traffic?
-
Pfsense 2.0.1 32 BIT
Squid services not started :(
-php: /pkg_edit.php: The command '/usr/local/sbin/squid -k shutdown' returned exit code '1', the output was 'FATAL: Bungled squid.conf line 4: http_port 127.0.0.1:3128 intercept Squid Cache (Version 2.7.STABLE9): Terminated abnormally.'
-squid[54825]: Bungled squid.conf line 4: http_port 127.0.0.1:3128 intercept
-
Squid Cache (Version 2.7.STABLE9)
Did you installed squidguard after squid? force a squid3 reinstall, check config, apply settings and test again.
-
Thanks its working ;)
-
Hi,
Is there a way that we can enable LDAP and NT authentication properly on this module, I was not able to run this using LDAP or NT.
** PLease advise
TIA
-
any news on pbi package? I did a new install of 2.1 and can't install the package.. I may follow these step to manually install; http://forum.pfsense.org/index.php/topic,50572.0.html
-
-
http://lists.pfsense.org/pipermail/dev/2012-June/000178.html
thanks. Guess I should had read the whole thing… I missed the bottom part
EDIT: Squid 3 has been built it looks, http://files.pfsense.com/packages/8/All/squid-3.1.19-i386.pbi
EDIT2: Since the package showed up, I installed it... Looks like it needs some options added to it when the pbi is being built:
2012/06/18 13:19:24| cache_cf.cc(381) parseOneConfigFile: squid.conf:17 unrecognized: 'sslcrtd_children' 2012/06/18 13:19:24| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2012/06/18 13:19:24| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2012/06/18 13:19:24| WARNING: You should probably remove '127.0.0.1' from the ACL named 'ext_manager' 2012/06/18 13:19:24| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2012/06/18 13:19:24| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2012/06/18 13:19:24| WARNING: You should probably remove '127.0.0.1' from the ACL named 'ext_manager' 2012/06/18 13:19:24| cache_cf.cc(381) parseOneConfigFile: squid.conf:73 unrecognized: 'delay_pools' 2012/06/18 13:19:24| cache_cf.cc(381) parseOneConfigFile: squid.conf:74 unrecognized: 'delay_class' 2012/06/18 13:19:24| cache_cf.cc(381) parseOneConfigFile: squid.conf:75 unrecognized: 'delay_parameters' 2012/06/18 13:19:24| cache_cf.cc(381) parseOneConfigFile: squid.conf:76 unrecognized: 'delay_initial_bucket_level' 2012/06/18 13:19:24| cache_cf.cc(381) parseOneConfigFile: squid.conf:77 unrecognized: 'delay_access'
2012/06/18 13:24:54| cache_cf.cc(381) parseOneConfigFile: squid-reverse.conf:11 unrecognized: 'netdb_filename' 2012/06/18 13:24:54| cache_cf.cc(381) parseOneConfigFile: squid-reverse.conf:16 unrecognized: 'sslcrtd_children'
It wont start, I manually was able to start squid by taking the unrecognized commands out.. hand edit the squid.inc file so they aren't added
EDIT3: Still testing but looks like option -f will be needed to keep the config files in the same location:
-f file Use given config-file instead of
/usr/pbi/squid-i386/etc/squid/squid.conf -
What build_options were used when making the custom package? I can add whatever is needed to get it building. I tried adding ECAP and that just blew up the build.
If it isn't known, just get /var/db/ports/squid/options from the box that built the current .tbz and post it and I can translate it into the syntax we need.
And yes all packages with config files should be using whatever parameter is there like -f to manually specify where you want the config (should really be /var/etc/something, not /usr/local/etc/something)
-
thanks Jim, I'll let Marcelloc charm in on the dev stuff ;-)
-
Hi jimp,
these are the options on /var/db/ports/squid31/options
# This file is auto-generated by 'make config'. # No user-servicable parts inside! # Options for squid-3.1.19 _OPTIONS_READ=squid-3.1.19 WITH_SQUID_KERB_AUTH=true WITH_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITH_SQUID_SASL_AUTH=true WITH_SQUID_IPV6=true WITH_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_SSL=true WITH_SQUID_SSL_CRTD=true WITH_SQUID_PINGER=true WITHOUT_SQUID_DNS_HELPER=true WITH_SQUID_HTCP=true WITH_SQUID_VIA_DB=true WITH_SQUID_CACHE_DIGESTS=true WITHOUT_SQUID_WCCP=true WITH_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true WITH_SQUID_IDENT=true WITH_SQUID_REFERER_LOG=true WITH_SQUID_USERAGENT_LOG=true WITH_SQUID_ARP_ACL=true WITH_SQUID_IPFW=true WITH_SQUID_PF=true WITHOUT_SQUID_IPFILTER=true WITH_SQUID_FOLLOW_XFF=true WITHOUT_SQUID_ECAP=true WITHOUT_SQUID_ICAP=true WITHOUT_SQUID_ESI=true WITH_SQUID_AUFS=true WITHOUT_SQUID_COSS=true WITHOUT_SQUID_KQUEUE=true WITH_SQUID_LARGEFILE=true WITHOUT_SQUID_STACKTRACES=true WITHOUT_SQUID_DEBUG=true
-
sure your ports tree is up-to-date? (portsnap fetch extract, then go to that port and do 'make config' again) They changed the format of that file recently.
We need the format you posted this time, but I just wanted to make sure you had all of the possible config variables set.
EDIT: Looks like they were all set. I updated the pkg xml, as soon as the builders are done with their current jobs I'll try new builds.
-
i'll update my ports and check
compile options that are not checked:
SQUID_DNS_HELPER
SQUID_WCCP
SQUID_STRICT_HTTP
SQUID_IPFILTER
SQUID_ECAP
SQUID_YCAP
SQUID_ESI
SQUID_COSS
SQUID_KQUEUE
SQUID_STACKTRACES
SQUID_DEBUGupdated options filemore /var/db/ports/squid31/options
# This file is auto-generated by 'make config'. # Options for squid-3.1.20 _OPTIONS_READ=squid-3.1.20 _FILE_COMPLETE_OPTIONS_LIST=SQUID_KERB_AUTH SQUID_LDAP_AUTH SQUID_NIS_AUTH SQUID_SASL_AUTH SQUID_IPV6 SQUID_DELAY_POOLS SQUID_SNMP SQUID_SSL SQUID_SSL_CRTD SQUID_PINGER SQUID_DNS_HELPER SQUID_HTCP SQUID_VIA_DB SQUID_CACHE_DIGESTS SQUID_WCCP SQUID_WCCPV2 SQUID_STRICT_HTTP SQUID_IDENT SQUID_REFERER_LOG SQUID_USERAGENT_LOG SQUID_ARP_ACL SQUID_IPFW SQUID_PF SQUID_IPFILTER SQUID_FOLLOW_XFF SQUID_ECAP SQUID_ICAP SQUID_ESI SQUID_AUFS SQUID_COSS SQUID_KQUEUE SQUID_LARGEFILE SQUID_STACKTRACES SQUID_DEBUG OPTIONS_FILE_SET+=SQUID_KERB_AUTH OPTIONS_FILE_SET+=SQUID_LDAP_AUTH OPTIONS_FILE_SET+=SQUID_NIS_AUTH OPTIONS_FILE_SET+=SQUID_SASL_AUTH OPTIONS_FILE_SET+=SQUID_IPV6 OPTIONS_FILE_SET+=SQUID_DELAY_POOLS OPTIONS_FILE_SET+=SQUID_SNMP OPTIONS_FILE_SET+=SQUID_SSL OPTIONS_FILE_SET+=SQUID_SSL_CRTD OPTIONS_FILE_SET+=SQUID_PINGER OPTIONS_FILE_UNSET+=SQUID_DNS_HELPER OPTIONS_FILE_SET+=SQUID_HTCP OPTIONS_FILE_SET+=SQUID_VIA_DB OPTIONS_FILE_SET+=SQUID_CACHE_DIGESTS OPTIONS_FILE_UNSET+=SQUID_WCCP OPTIONS_FILE_SET+=SQUID_WCCPV2 OPTIONS_FILE_UNSET+=SQUID_STRICT_HTTP OPTIONS_FILE_SET+=SQUID_IDENT OPTIONS_FILE_SET+=SQUID_REFERER_LOG OPTIONS_FILE_SET+=SQUID_USERAGENT_LOG OPTIONS_FILE_SET+=SQUID_ARP_ACL OPTIONS_FILE_SET+=SQUID_IPFW OPTIONS_FILE_SET+=SQUID_PF OPTIONS_FILE_UNSET+=SQUID_IPFILTER OPTIONS_FILE_SET+=SQUID_FOLLOW_XFF OPTIONS_FILE_UNSET+=SQUID_ECAP OPTIONS_FILE_UNSET+=SQUID_ICAP OPTIONS_FILE_UNSET+=SQUID_ESI OPTIONS_FILE_SET+=SQUID_AUFS OPTIONS_FILE_UNSET+=SQUID_COSS OPTIONS_FILE_UNSET+=SQUID_KQUEUE OPTIONS_FILE_SET+=SQUID_LARGEFILE OPTIONS_FILE_UNSET+=SQUID_STACKTRACES OPTIONS_FILE_UNSET+=SQUID_DEBUG
-
ok I think that lines up with what I have on there now (close enough :-)
has anyone tried the PBI in the last couple hours? The new one should be up now, at least for i386. I thought I uploaded another amd64 also that should be fixed.
-
ok I think that lines up with what I have on there now (close enough :-)
has anyone tried the PBI in the last couple hours? The new one should be up now, at least for i386. I thought I uploaded another amd64 also that should be fixed.
I just installed it and i'm getting the same errors:
: /usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf 2012/06/19 13:49:45| cache_cf.cc(381) parseOneConfigFile: squid.conf:17 unrecognized: 'sslcrtd_children' 2012/06/19 13:49:45| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2012/06/19 13:49:45| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2012/06/19 13:49:45| WARNING: You should probably remove '127.0.0.1' from the ACL named 'ext_manager' 2012/06/19 13:49:45| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2012/06/19 13:49:45| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2012/06/19 13:49:45| WARNING: You should probably remove '127.0.0.1' from the ACL named 'ext_manager' 2012/06/19 13:49:45| cache_cf.cc(381) parseOneConfigFile: squid.conf:73 unrecognized: 'delay_pools' 2012/06/19 13:49:45| cache_cf.cc(381) parseOneConfigFile: squid.conf:74 unrecognized: 'delay_class' 2012/06/19 13:49:45| cache_cf.cc(381) parseOneConfigFile: squid.conf:75 unrecognized: 'delay_parameters' 2012/06/19 13:49:45| cache_cf.cc(381) parseOneConfigFile: squid.conf:76 unrecognized: 'delay_initial_bucket_level' 2012/06/19 13:49:45| cache_cf.cc(381) parseOneConfigFile: squid.conf:77 unrecognized: 'delay_access'
Still able to get squid3 to run with a few hand edits of squid.inc