Squid 3.3.4 package for pfsense with ssl filtering
-
Hi, I had Squid and SquidGuard working for some time. I recently noticed that it was no longer working, probably for months. So I've uninstalled both packages. Now I'm trying to use this Squid 3.3.4 pkg. I appear to have Squid running correctly. I've copied the libs from your repo. I'm having a lot of trouble with SquidGuard. I had it running, but it was blocking everything. I had it running in the past, so I feel I am somewhat comfortable with the settings etc. Now I can no longer get it running at all. I get the msg 0/5 SG process started. I know I haven't given much specifics here for your help, but I am wondering if there are any guidelines to try and get this pkg working with SG?
In the bigger picture, I'm looking for Squid + SG + AV functionality, I don't mind if I have to use different pkgs if that is the recommendation?
Also, it seems there are so many Squids, SGs in the pkg repo, and no foolproof instructions to get SG set up…
Any advice much appreciated. Thanks.
-
Use squid 3.3.5.
Since squid 3.x squidguard is started on demand, ifyou have no traffic, tthen no squid guard daemon will be running.
-
Ok, I am using your 3.3.5.
I think I located some of my issue - Proxy server, Custom settings still had remnants from HAVP in there. I think I have Squid + SG working correctly now.
Should it be possible to get HAVP working with this Squid + SG? Or do you think you will get your AV integration working sometime soon? Can I help with this?
Thanks very much…
-
@avp:
Should it be possible to get HAVP working with this Squid + SG?
Yes, havp is a proxy daemon, if you configure it as a parent for squid, it can work.
-
Good day, I had come across having problem with transparent proxy for both http and https to remote cache. It doesn't redirect to the other proxy server when I enabled both settings.
It works perfectly fine without enable ssl transparent proxy.
(opened a thread here. http://forum.pfsense.org/index.php/topic,64192.0.html)
thanks. :)
-
I'm not sure, if this is a bug or not:
if I enter wrong code into the custom options box and save those options squid stops working (this is ok :))
But if you remove the wrong options from the custom option field and hit save/restart squid manually, it still does not work. It seems, that if squid stops responding no changes are committed to the squid.conf file when you change some options in the webinterface. The system log still displays the wrong option line and says that there was no running copy found. -
Hi marcelloc.
First thanks for all your work getting squid with ssl interception! I currently have a hacked in squid 3.3.1 with it working on pfSense 2.1-BETA.
So I really would like to replace that as it prevents me from easily updating the system.
Trying the new 3.3.5 package on a virtual machine here I was able to get squid and squidguard installed and squid will run for me but refuses connections and netstat shows me:
tcp4 0 0 192.168.56.254.3128 . CLOSED
right IP:port but CLOSED..? Let me know if you want to see cache.log or output from squid -NsXY or if you happen to know the fix? ;)
-
Hi again.
I figured out how to get squid to start. Disable pf :(
If I don't the squid cache.log stops at:
2013/07/24 13:29:21 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2013/07/24 13:29:21 kid1| sendto FD 25: (1) Operation not permitted
2013/07/24 13:29:21 kid1| ipcCreate: CHILD: hello write test failedOnce I run pfctl -d it starts up normally.
2013/07/24 13:32:34 kid1| Completed Validation Procedure
2013/07/24 13:32:34 kid1| Validated 325 Entries
2013/07/24 13:32:34 kid1| store_swap_size = 5758.00 KB
2013/07/24 13:32:35 kid1| storeLateRelease: released 0 objectsAs I mentioned this is running in a VM so that may be part of the problem but I have done similar setups in the past and did not have this issue.
-
I had 3.3.5 working well with SG and HAVP. i noticed the other day your pkg had been updated to 3.3.8. i tried to upgrade to 3.3.8 by re-installing the pkg. The re-install failed, and since then I can't get squid to work. I've tried completely removing and re-installing the pkg, but no good.
here is the log:
Jul 25 14:51:37 squid[26589]: Squid Parent: will start 1 kids
Jul 25 14:51:37 squid[26589]: Squid Parent: (squid-1) process 26798 started
Jul 25 14:51:38 (squid-1): I don't handle this error well!
Jul 25 14:51:38 squid[26589]: Squid Parent: (squid-1) process 26798 exited with status 1
Jul 25 14:51:41 squid[26589]: Squid Parent: (squid-1) process 27792 started
Jul 25 14:51:43 (squid-1): I don't handle this error well!
Jul 25 14:51:43 squid[26589]: Squid Parent: (squid-1) process 27792 exited with status 1
Jul 25 14:51:46 squid[26589]: Squid Parent: (squid-1) process 32037 started
Jul 25 14:51:47 (squid-1): I don't handle this error well!
Jul 25 14:51:47 squid[26589]: Squid Parent: (squid-1) process 32037 exited with status 1
Jul 25 14:51:50 squid[26589]: Squid Parent: (squid-1) process 32672 started
Jul 25 14:51:51 Squid_Alarm[34792]: Squid has resumed. Reconfiguring filter.
Jul 25 14:51:51 (squid-1): I don't handle this error well!
Jul 25 14:51:51 squid[26589]: Squid Parent: (squid-1) process 32672 exited with status 1
Jul 25 14:51:51 check_reload_status: Reloading filter
Jul 25 14:51:54 squid[26589]: Squid Parent: (squid-1) process 35905 started
Jul 25 14:51:55 (squid-1): I don't handle this error well!
Jul 25 14:51:55 squid[26589]: Squid Parent: (squid-1) process 35905 exited with status 1
Jul 25 14:51:55 squid[26589]: Squid Parent: (squid-1) process 35905 will not be restarted due to repeated, frequent failures
Jul 25 14:51:55 squid[26589]: Exiting due to repeated, frequent failures
Jul 25 14:52:00 php: : SQUID is installed but not started. Not installing "nat" rules.
Jul 25 14:52:03 php: : SQUID is installed but not started. Not installing "pfearly" rules.Any suggestions on how to proceed?
Thanks
-
Hi, I have problems too with the "3.3.8" package on 2.1 amd64 see system.log:
Jul 25 22:10:20 <hostname>php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '/libexec/ld-elf.so.1: Shared object "libheimntlm.so.10" not found, required by "squid"'
Seems the PBI is missing this library yet to launch?</hostname>
-
Grab the libs from the first post and copy to /usr/local/lib
squid should run.. I'm just having weird issues where it looks like pf is blocking my squid port.
-
Thanks @workingman, the thread just got a bit long (aka TL;DR) ;-)
So squid >3.3 is yet quite of a moving target. Anyhow thanks to the packager(s) for all their time put into this fine proxy.
Update:
-
Since I'm on 2.1 (I have due to H/W support) with PBIs I put the libs under /usr/pbi/squid-amd64/lib
-
Although the libs work, the build dates suggest they are from FreeBSD 8.1 (base of 2.0.x), I consider
getting those libs from a patched 8.3 for my 2.1
-
-
Hello
Since 2.1 RC1
Latest Squid doesn't works anymore:Aug 6 08:54:33 (squid-1): I don't handle this error well!
Aug 6 08:54:33 squid[64384]: Squid Parent: (squid-1) process 71825 exited with status 1
Aug 6 08:54:36 squid[64384]: Squid Parent: (squid-1) process 76944 started
Aug 6 08:54:38 (squid-1): I don't handle this error well!
Aug 6 08:54:38 squid[64384]: Squid Parent: (squid-1) process 76944 exited with status 1
Aug 6 08:54:38 squid[64384]: Squid Parent: (squid-1) process 76944 will not be restarted due to repeated, frequent failures
Aug 6 08:54:38 squid[64384]: Exiting due to repeated, frequent failuresIs there a turnaround ?
-
Squid was updated to 3.3.8 but I'm having no time to test if it was working properly or not.
-
It's working
juste had to save the settings (with no change)
Service restarted and didn't crashed -
Pretty sure I just figured out why my port was CLOSED.
I had Allow IPv6 disabled under System -> Advanced -> Networking
After checking that box and restarting squid:
tcp4 0 0 192.168.56.254.3128 . LISTEN
Finally… a-testing I will go.
-
hi
i want to install squid tahat support icap and integrate with anti virus.but i dont now.
can you help? -
hi
i want to install squid tahat support icap and integrate with anti virus.but i dont now.
can you help?It's still under development on squid3-dev
-
I was wondering if Dansguardian is suppose to be working on this version of squid?
I am on PFSense 2.1(AMD64). DG works with Squid3 but not the dev version.
For some reason DG is unable to connect with Squid3dev.
Squid3dev works perfectly on its own.
-
I use dansguardian with squid3-dev.
What errors are you getting?
