• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Squid 3.3.10 para pfsense 2.0 e 2.1 com filtro de SSL/HTTPS

Portuguese
129
593
358.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    marcelloc
    last edited by May 14, 2013, 11:06 PM

    Tente sem o squidguard e veja nos logs do squid, principalmente o cache.log.

    Treinamentos de Elite: http://sys-squad.com

    Help a community developer! ;D

    1 Reply Last reply Reply Quote 0
    • G
      gst.freitas
      last edited by May 14, 2013, 11:24 PM

      desabilitei a integração, reinstalei o pacote.. e nada

      segue o log no cache.log

      2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_SECURE_CONNECT_FAIL': (2) No such file or directory
2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_UNSUP_HTTPVERSION': (2) No such file or directory
2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_PRECONDITION_FAILED': (2) No such file or directory
2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_CONFLICT_HOST': (2) No such file or directory
2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_ESI': (2) No such file or directory
2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_ICAP_FAILURE': (2) No such file or directory
2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_GATEWAY_FAILURE': (2) No such file or directory
2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_DIR_LISTING': (2) No such file or directory
2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/error-details.txt': (2) No such file or directory
2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 20:32:44 kid1| Logfile: opening log /var/squid/logs/access.log
2013/05/14 20:32:44 kid1| WARNING: log parameters now start with a module name. Use 'stdio:/var/squid/logs/access.log'
2013/05/14 20:32:44 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2013/05/14 20:32:44 kid1| Store logging disabled
2013/05/14 20:32:44 kid1| Swap maxSize 0 + 8192 KB, estimated 630 objects
2013/05/14 20:32:44 kid1| Target number of buckets: 31
2013/05/14 20:32:44 kid1| Using 8192 Store buckets
2013/05/14 20:32:44 kid1| Max Mem  size: 8192 KB
2013/05/14 20:32:44 kid1| Max Swap size: 0 KB
2013/05/14 20:32:44 kid1| Using Least Load store dir selection
2013/05/14 20:32:44 kid1| Current Directory is /usr/local/www
2013/05/14 20:32:44 kid1| Loaded Icons.
2013/05/14 20:32:44 kid1| HTCP Disabled.
2013/05/14 20:32:44 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2013/05/14 20:32:44 kid1| sendto FD 19: (1) Operation not permitted
2013/05/14 20:32:44 kid1| ipcCreate: CHILD: hello write test failed
      1 Reply Last reply Reply Quote 0
      • M
        marcelloc
        last edited by May 15, 2013, 12:35 AM

        Consegue interpretar o que o log esta mostrando?

        Mude a linguagem do relatório.

        Subi uma atualização agora a pouco para corrigir os warnings de acl para 127.0.0.1. Basta reinstalar o pacote.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • G
          gst.freitas
          last edited by May 15, 2013, 12:46 AM

          ja mudei. e continua sem acessar.. só acessa sem passar pelo proxy..

          1 Reply Last reply Reply Quote 0
          • M
            marcelloc
            last edited by May 15, 2013, 1:21 AM

            @gst.freitas:

            ja mudei. e continua sem acessar.. só acessa sem passar pelo proxy..

            E o que tem nos logs? Passe mais informações para facilitar o diagnostico.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • G
              gst.freitas
              last edited by May 15, 2013, 1:41 AM 

              2013/05/14 21:52:04 kid1| Max Mem  size: 8192 KB
2013/05/14 21:52:04 kid1| Max Swap size: 0 KB
2013/05/14 21:52:04 kid1| Using Least Load store dir selection
2013/05/14 21:52:04 kid1| Current Directory is /usr/local/www
2013/05/14 21:52:04 kid1| Loaded Icons.
2013/05/14 21:52:04 kid1| HTCP Disabled.
2013/05/14 21:52:04 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2013/05/14 21:52:04 kid1| sendto FD 19: (1) Operation not permitted
2013/05/14 21:52:04 kid1| ipcCreate: CHILD: hello write test failed

              as telas

              errosquid.jpg
              errosquid.jpg_thumb
              errosquid1.jpg
              errosquid1.jpg_thumb

              1 Reply Last reply Reply Quote 0
              • M
                marcelloc
                last edited by May 15, 2013, 1:58 AM

                ps ax | grep squid

                nestat -an | grep -i listen

                Consegue ver o squid rodando e ouvindo na 3128?

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • G
                  gst.freitas
                  last edited by May 15, 2013, 2:43 AM May 15, 2013, 2:14 AM

                  esta rodando, mas não na porta, apesar que esta setado na 3128.

                  [2.0.3-RELEASE][admin@pfSense]/var/squid/logs(31): netstat  -an | grep -i listen
tcp4       0      0 *.80                   *.*                    LISTEN
tcp4       0      0 *.8080                 *.*                    LISTEN
tcp6       0      0 *.53                   *.*                    LISTEN
tcp4       0      0 *.53                   *.*                    LISTEN
tcp4       0      0 *.443                  *.*                    LISTEN
tcp4       0      0 *.22                   *.*                    LISTEN
tcp6       0      0 *.22                   *.*                    LISTEN
[2.0.3-RELEASE][admin@pfSense]/var/squid/logs(32): ps ax | grep squid
 3776  ??  Is     0:00.00 /usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf
 4021  ??  I      0:00.08 (squid-1) -f /usr/local/etc/squid/squid.conf (squid)
25013   0  R+     0:00.00 grep squid

                  a porta esta CLOSED..

                  tcp4       0      0 192.168.0.8.8080       192.168.0.3.50584      ESTABLISHED
tcp4       0      0 127.0.0.1.3128         *.*                    CLOSED
tcp4       0      0 192.168.0.8.3128       *.*                    CLOSED
tcp4       0     52 192.168.0.8.22         192.168.0.3.59640      ESTABLISHED

                  continua apresentando erro de linguagem..  mesmo escolhendo "ingles"

                  2013/05/14 23:51:36 kid1| '/usr/local/etc/squid/errors/English/ERR_SECURE_CONNECT_FAIL': (2) No such file or directory
2013/05/14 23:51:36 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 23:51:36 kid1| '/usr/local/etc/squid/errors/English/ERR_UNSUP_HTTPVERSION': (2) No such file or directory
2013/05/14 23:51:36 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 23:51:36 kid1| '/usr/local/etc/squid/errors/English/ERR_PRECONDITION_FAILED': (2) No such file or directory
2013/05/14 23:51:36 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 23:51:36 kid1| '/usr/local/etc/squid/errors/English/ERR_CONFLICT_HOST': (2) No such file or directory
2013/05/14 23:51:36 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 23:51:36 kid1| '/usr/local/etc/squid/errors/English/ERR_ESI': (2) No such file or directory
2013/05/14 23:51:36 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 23:51:36 kid1| '/usr/local/etc/squid/errors/English/ERR_ICAP_FAILURE': (2) No such file or directory
2013/05/14 23:51:36 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 23:51:36 kid1| '/usr/local/etc/squid/errors/English/ERR_GATEWAY_FAILURE': (2) No such file or directory
2013/05/14 23:51:36 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 23:51:36 kid1| '/usr/local/etc/squid/errors/English/ERR_DIR_LISTING': (2) No such file or directory
2013/05/14 23:51:36 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 23:51:36 kid1| '/usr/local/etc/squid/errors/English/error-details.txt': (2) No such file or directory
2013/05/14 23:51:36 kid1| Unable to load default error language files. Reset to backups.
2013/05/14 23:51:36 kid1| Logfile: opening log /var/squid/logs/access.log
2013/05/14 23:51:36 kid1| WARNING: log parameters now start with a module name. Use 'stdio:/var/squid/logs/access.log'
2013/05/14 23:51:36 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2013/05/14 23:51:36 kid1| Store logging disabled
2013/05/14 23:51:36 kid1| Swap maxSize 0 + 8192 KB, estimated 630 objects
2013/05/14 23:51:36 kid1| Target number of buckets: 31
2013/05/14 23:51:36 kid1| Using 8192 Store buckets
2013/05/14 23:51:36 kid1| Max Mem  size: 8192 KB
2013/05/14 23:51:36 kid1| Max Swap size: 0 KB
2013/05/14 23:51:36 kid1| Using Least Load store dir selection
2013/05/14 23:51:36 kid1| Current Directory is /usr/local/www
2013/05/14 23:51:36 kid1| Loaded Icons.
2013/05/14 23:51:36 kid1| HTCP Disabled.
2013/05/14 23:51:36 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2013/05/14 23:51:36 kid1| sendto FD 19: (1) Operation not permitted
2013/05/14 23:51:36 kid1| ipcCreate: CHILD: hello write test failed
                  1 Reply Last reply Reply Quote 0
                  • M
                    marcelloc
                    last edited by May 15, 2013, 10:13 AM

                    Tenta esta versão do squid compilada sem ipv6

                    amd64
                    http://e-sac.siteseguro.ws/packages/amd64/8/All/squid-3.3.4.tbz

                    i386
                    http://e-sac.siteseguro.ws/packages/8/All/squid-3.3.4.tbz

                    Com relação a linguagem do report, veja quais existem no filesystem, antes de alterar.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • T
                      thiagomespb
                      last edited by May 15, 2013, 11:25 AM

                      Marcelo,

                      Tambem fiz o teste e deu erro, como se instala essa versão sem o ipv6.

                      1 Reply Last reply Reply Quote 0
                      • M
                        marcelloc
                        last edited by May 15, 2013, 12:49 PM

                        @thiagomespb:

                        Marcelo,

                        Tambem fiz o teste e deu erro, como se instala essa versão sem o ipv6.

                        Instala o squid3-dev de depois na console instala esta versão sem ipv6 com o pkg_add -rf url_para_o_pacote.

                        Lembre de postar mais detalhes como os que descrevi no post acima.

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • D
                          dbannack
                          last edited by May 15, 2013, 2:31 PM

                          Ola,

                          Com a versão sem ipv6 tá funcionando…
                          Mais como faço p/ funcionar o ssl na 443, não estou conseguindo setar os certificados..
                          Fica aparecendo a mensagem  de erro de certificado no navegador..
                          Consegue nos passar uma breve explicação para fazer a configuração dos certificados da ssl?

                          1 Reply Last reply Reply Quote 0
                          • M
                            marcelloc
                            last edited by May 15, 2013, 2:33 PM

                            @dbannack:

                            Consegue nos passar uma breve explicação para fazer a configuração dos certificados da ssl?

                            Cria uma ca e um certificado no pfsense(system -> cert manager) no lugar de usar o certificado webconfigurator padrão.

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • D
                              didonsom
                              last edited by May 15, 2013, 6:11 PM

                              Olá Marcelloc Boa tarde!

                              Sabe dizer se agora com esse novo pacote do squid o sguidguard exibe a sgerror.php em paginas https?

                              abraços

                              Diego

                              1 Reply Last reply Reply Quote 0
                              • M
                                marcelloc
                                last edited by May 15, 2013, 8:48 PM

                                @didonsom:

                                Sabe dizer se agora com esse novo pacote do squid o sguidguard exibe a sgerror.php em paginas https?

                                Com o filtro ssl habilitado e funcionando sim.

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                1 Reply Last reply Reply Quote 0
                                • D
                                  didonsom
                                  last edited by May 16, 2013, 1:46 AM

                                  Olá Marcelloc

                                  Fiz os testes e o squid3 funcionou perfeitamente, mas o squidguard deu erro, não subiu de jeito nenhum…

                                  abraços,

                                  diego

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    marcelloc
                                    last edited by May 16, 2013, 3:06 AM

                                    No squid 3.3, o squidguard é executado sob demanda.

                                    Treinamentos de Elite: http://sys-squad.com

                                    Help a community developer! ;D

                                    1 Reply Last reply Reply Quote 0
                                    • G
                                      gilmarcabral
                                      last edited by May 16, 2013, 11:59 AM

                                      Bom dia.
                                      Comecei a testar o squid-dev.
                                      Fiz a instalação utilizando a GUI, baixei as bibliotecas que o squid-dev necessita e fiz a configuração do squid via GUI.
                                      Porem o serviço não inicializa.
                                      Quando tento iniciar o serviço via console para ver o erro recebo a seguinte mensagem.

                                      squid -k reconfigure
                                      2013/05/16 09:06:50| ERROR: auth_param basic program /usr/local/libexec/squid/squid_ldap_auth: (2) No such file or directory
                                      FATAL: auth_param basic program /usr/local/libexec/squid/squid_ldap_auth: (2) No such file or directory
                                      Squid Cache (Version 3.3.4): Terminated abnormally.
                                      CPU Usage: 0.010 seconds = 0.010 user + 0.000 sys
                                      Maximum Resident Size: 40208 KB
                                      Page faults with physical i/o: 0

                                      Configurei o squid para autenticar em base openldap.
                                      Obs.
                                      Só instalei o squid-dev não instalei squidguard e nem outra versão do squid.
                                      Desde já agradeço

                                      1 Reply Last reply Reply Quote 0
                                      • L
                                        LFCavalcanti
                                        last edited by May 16, 2013, 12:21 PM

                                        Olá!

                                        Marcelloc,
                                        Primeiro, parabéns pelo trabalho e obrigado por esta função que pode ser muito interessante.

                                        Duas perguntas:
                                        1 - O Filtro SSL é de certa forma um exploit?
                                        2 - O Snort ou o próprio antivírus não irão detectar alguma mudança nos pacotes?

                                        –

                                        Luiz Fernando Cavalcanti
                                        IT Manager
                                        Arriviera Technology Group

                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          marcelloc
                                          last edited by May 16, 2013, 4:30 PM

                                          @LFCavalcanti:

                                          1 - O Filtro SSL é de certa forma um exploit?

                                          Não é um exploit, a técnica aplicada é a do men-in-the-middle. O squid fecha um ssl com o site e outro com o cliente.

                                          @LFCavalcanti:

                                          2 - O Snort ou o próprio antivírus não irão detectar alguma mudança nos pacotes?

                                          Não, quem vai altertar e reclamar é o browser cliente se o certificado do servidor não estiver instalado.

                                          Treinamentos de Elite: http://sys-squad.com

                                          Help a community developer! ;D

                                          1 Reply Last reply Reply Quote 0
                                          27 out of 593
                                          • First post
                                            27/593
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.