Advanced pfSense setup help. (Multi-package setup issues)
-
So right now you have squid3 running, with havp, in transparent proxy mode? And you haven't tried to install SG again yet?
Is that about right?
-
because the previous poster asked me about logs I installed SG again to see if I could find anything for them. So it is installed and SG is again not running. I'm sure if I restarted the server right now both services would be down.
-
try SSHing into the pfsense box (You need to enable SSH under System/Advanced). ( ssh admin@ <pf ip="">or use Putty on Windows)
change to
/usr/local/etc/rc.d
and then
./squid.sh start
and see if there is an error
(I'm on 2.1RC, but I imagine the directories would be the same…)</pf>
-
because the previous poster asked me about logs I installed SG again to see if I could find anything for them. So it is installed and SG is again not running. I'm sure if I restarted the server right now both services would be down.
The first time I tried it. I got nothing. However thats because squid was still running. So I wen to Status > Services, and stopped the service. Then went back to the shell and tried again.
This is what I got
FATAL: Unable to open configuration file: /usr/local/etc/squid/squid.conf: (13) Permission denied
Squid Cache (Version 2.7.STABLE9): Terminated abnormally.
CPU Usage: 0.007 seconds = 0.007 user + 0.000 sys
Maximum Resident Size: 1348 KB
Page faults with physical i/o: 0
Abort trapI went back to the services and tried starting it there and it still won't start.
-
For lack of a better Idea I tried uninstalling the pkgs and installing them in reverse order and no that does not work. So I will wait till I'm instructed to do something further as I am completely clueless as to what to try next.
Thanks to all who take the time to assist.
-
Your squid.conf has an error in it. The line http_port 127.0.0.1:3128 intercept should read http_port 127.0.0.1:3128 transparent
If it still acts up after the change please post you squid.conf
-
To me, it sounds like there are a couple of issues:
1. "Squid Cache (Version 2.7.STABLE9)" sounds like Squid v2.7 - I seem to recall, that maybe if you install SG, a certain version, it may install Squid 2.7 automatically. This may or may not be an issue.
2. in the same dir as before, do "less squid.sh", paste the contents of squid.sh here.
3. do "find / -name squid.sh" to locate all instances of squid.conf.
I'm wondering if your system is trying to use squid2.7, and squid 2.7 either doesn't have a conf file, or doesn't have one configured correctly for pf.
4. do a "pkg_info", it will list all installed packages, paste here
-
If there is a squid.conf at /usr/local/etc/squid/squid.conf, what are the permissions on it?
do an "ls -l"
If the file is there, paste its contents too.
-
Your squid.conf has an error in it. The line http_port 127.0.0.1:3128 intercept should read http_port 127.0.0.1:3128 transparent
If it still acts up after the change please post you squid.conf
I have checked more that once and it is set as transparent in Services > Proxy Server.
I have also edited the file and changed the setting.
@avp:
To me, it sounds like there are a couple of issues:
1. "Squid Cache (Version 2.7.STABLE9)" sounds like Squid v2.7 - I seem to recall, that maybe if you install SG, a certain version, it may install Squid 2.7 automatically. This may or may not be an issue.
2. in the same dir as before, do "less squid.sh", paste the contents of squid.sh here.
3. do "find / -name squid.sh" to locate all instances of squid.conf.
I'm wondering if your system is trying to use squid2.7, and squid 2.7 either doesn't have a conf file, or doesn't have one configured correctly for pf.
4. do a "pkg_info", it will list all installed packages, paste here
@avp:
If there is a squid.conf at /usr/local/etc/squid/squid.conf, what are the permissions on it?
do an "ls -l"
If the file is there, paste its contents too.
Ok here goes (I've noticed theres an formatting command in this so I added spaces to fix this. The spaces are not in the real file just this example to prevent the site from slashin out the writing.)
less squid.sh
#!/bin/shThis file was automatically generated
by the pfSense service handler.
rc_start() {
if [ -z "ps auxw | grep "[ s ]quid "|awk '{print $2}'" ];then
/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf
fi}
rc_stop() {
/usr/local/sbin/squid -k shutdown -f /usr/local/etc/squid/squid.confJust to be sure…
sleep 5
killall -9 squid 2>/dev/null
killall pinger 2>/dev/null}
case $1 in
start)
rc_start
;;
stop)
rc_stop
;;
restart)
rc_stop
rc_start
;;
esac
find / -name squid.sh
find: /etc/ntp: Permission denied
/usr/local/etc/rc.d/squid.sh
find: /var/spool/opielocks: Permission denied
find: /var/log/squid: Permission denied
find: /var/heimdal: Permission denied
find: /var/db/ipf: Permission denied
find: /var/db/freebsd-update: Permission denied
find: /var/db/entropy: Permission denied
find: /var/cron: Permission denied
find: /var/crash: Permission denied
find: /var/backups: Permission denied
find: /var/audit: Permission denied
find: /var/squid/cache: Permission denied
find: /tmp/lighttpdcompress/javascript: Permission denied
pkg_info
arc-5.21p Create & extract files from DOS .ARC files
arj-3.10.22_4 Open-source ARJ
bsdinstaller-2.0.2013.0412 BSD Installer mega-package
clamav-0.97.5_1 Command line virus scanner written entirely in C
cyrus-sasl-2.1.23_3 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-2.1.26_2 RFC 2222 SASL (Simple Authentication and Security Layer)
db41-4.1.25_4 The Berkeley DB package, revision 4.1
gettext-0.18.1.1 GNU gettext package
havp-0.91_1 HTTP Antivirus Proxy
lha-1.14i_6 Archive files using LZSS and Huffman compression (.lzh file
libiconv-1.14 A character set conversion library
libltdl-2.4.2 System independent dlopen wrapper
libwww-5.4.0_4 The W3C Reference Library
openldap-client-2.4.31_1 Open source LDAP client implementation
openldap-client-2.4.35 Open source LDAP client implementation
perl-5.14.2_3 Practical Extraction and Report Language
perl-threaded-5.12.4_4 Practical Extraction and Report Language
sqlite3-3.7.17_1 SQL database engine in a C library
squid-2.7.9_4 HTTP Caching Proxy
squid-3.1.20 HTTP Caching Proxy
squidGuard-1.4_4 A fast redirector for squid
unzoo-4.4_2 A zoo archive extractor
ls -l
total 318
-rw-r----- 1 proxy proxy 419 Sep 3 20:06 cachemgr.conf
-r--r--r-- 1 proxy proxy 419 Jun 19 2012 cachemgr.conf.default
-rw-r----- 1 proxy proxy 1547 Sep 3 20:10 errorpage.css
-r--r--r-- 1 proxy proxy 1547 Jun 19 2012 errorpage.css.default
drwxr-xr-x 81 proxy proxy 3072 Sep 3 20:10 errors
drwxr-xr-x 2 proxy proxy 1024 Sep 3 20:09 icons
-r--r--r-- 1 proxy proxy 30845 Jun 19 2012 mib.txt
-rw-r----- 1 proxy proxy 11651 Sep 3 20:06 mime.conf
-r--r--r-- 1 proxy proxy 11651 Jun 19 2012 mime.conf.default
-rw-r----- 1 proxy proxy 421 Sep 3 20:10 msntauth.conf
-r--r--r-- 1 proxy proxy 421 Jun 19 2012 msntauth.conf.default
-rw-r----- 1 proxy proxy 2003 Sep 3 20:04 squid.conf
-r--r--r-- 1 proxy proxy 2425 Jun 19 2012 squid.conf.default
-r--r--r-- 1 proxy proxy 208245 Jun 19 2012 squid.conf.documented
-rw-r--r-- 1 proxy proxy 11136 Sep 3 20:08 squidGuard.conf
-rw-r--r-- 1 proxy proxy 1616 Jun 10 13:03 squidGuard.conf.sample
I have noticed the squid it self is working now that I reinstalled them in reverse order. I can stop and start squid with no problems now.
Just need to get that squidguard working now.
Thanks so much for all the attention to my issues guys.
so whats next?
DrClaw
-
ok, so as you can see, there are 2 squid pkgs installed. This may or may not be a problem. I'd be inclined to uninstall the 2.7 one…
Are you actually running from a shell, or are you using the Execute shell command from the gui? The reason I ask, is that if you are logged into the box via SSH, you would/should have root access, and you shouldn't see so many permissions denied msgs. This is what you want to do, SSH in, use putty for Windows, or SSH on *nix variants...
In the squid gui config page, closer to the bottom, Custom settings, Integrations, you will see this:
/usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.confyou can try this from the shell to see if you can manually run SG. report any errors.
-
@avp:
ok, so as you can see, there are 2 squid pkgs installed. This may or may not be a problem. I'd be inclined to uninstall the 2.7 one…
Are you actually running from a shell, or are you using the Execute shell command from the gui? The reason I ask, is that if you are logged into the box via SSH, you would/should have root access, and you shouldn't see so many permissions denied msgs. This is what you want to do, SSH in, use putty for Windows, or SSH on *nix variants...
In the squid gui config page, closer to the bottom, Custom settings, Integrations, you will see this:
/usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.confyou can try this from the shell to see if you can manually run SG. report any errors.
I am using putty. I used to run a BBS software on telnet so me and my friend could play some old BBS games we liked.
I will try this and report what happens.
Again Thanks so much!
-
@avp:
ok, so as you can see, there are 2 squid pkgs installed. This may or may not be a problem. I'd be inclined to uninstall the 2.7 one…
In the squid gui config page, closer to the bottom, Custom settings, Integrations, you will see this:
/usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.confyou can try this from the shell to see if you can manually run SG. report any errors.
How do I uninstall just the 2.7 version?
I think the issue with the shell was I was logged in as my own user. In *nix varians I was taught to always login as a secondary user and only use root, or in this case Admin, for those rare occasions you absolutely need to.
Ok so heres what happened.
I ran that code and waited for quite a long time and the it just sat there. So I went in to the GUI and it says started! tried surfing too redtube dot com and playboy dot com and it didn't block either one. Went in and told it to download the block list from shallalist it completed successfully. check to see if the right blocks were still there. They were. saved, and applied changes. Surfed to the two sites again and still able to go there.
So it shows its up. But its not working.
Is this due to having 2 installs of Squid?
if so how do I remove just one 1?
Thanks
-
I know its tacky to reply 2 times let alone 3 on your own question, but I just tested it and notice it was blocking the sites I listed previously. So I guess what needs to be done next is just uninstall the older version of squid, and make the needed changes so if power fails or for some reason I need to power down the box to move it I can. At lease without having to manually enter that every time.
Again Thanks so much for all the help everyone!
-
Once you have the full name with pkg_info, you can delete with pkg_delete.
-
@avp:
Once you have the full name with pkg_info, you can delete with pkg_delete.
I will get right on that after work.
How do I make the change permanent?
I don't want to have to manually start SG every time.
Thanks
DrClaw
-
Once everything is installed and configured correctly SquidGuard will start when squid launches.
I'm curious, did both versions of squid show on the installed packages page? -
I would have kept squid stable and dumped the other squids…
Then I'd have backed up settings.
wiped the box and reinstall.
Then restore settings, check my squid settings... Apply them again just to be sure.
-
@avp:
Once you have the full name with pkg_info, you can delete with pkg_delete.
I tried this and got the following response.
pkg_delete squid-2.7.9_4
pkg_delete: package 'squid-2.7.9_4' is required by these other packages
and may not be deinstalled:
squidGuard-1.4_4
–-----In packages it only shows the squid3.
I would have kept squid stable and dumped the other squids…
Then I'd have backed up settings.
wiped the box and reinstall.
Then restore settings, check my squid settings... Apply them again just to be sure.
I like this concept. But I'm concerned that I will end up with the same problem. Installing again will end up with the same packages. I really wish it would not install the older squid automatically.
If I do undertake this huge task (It was a 3 day ordeal last time to get it exactly like I like it) how do I backup the settings and be sure they will retake? I ask this mainly because if I reinstall I will probably just use the older squid because of obvious reasons. Will these setting work on the older squid?
Thanks for everyones help!
DrClaw
-
Ordeals with squid shouldn't be longer than 5 minutes.
It easy to reload pfsense from nothing. Also easy to rebuild squid cache and restart it.
Delete all the packages you don't want. Install the ones you do want. Save the config even if squid seems broken.
Wipe the box, reload your pfsense. Restore your backup of configs.
You might then have to issue command to rebuild squid cache.
No biggie.
-
Ok. There are 5 pkgs for Squid and SG.
- Squid
- Squid3
- SquidGuard
- squid3-dev
- squidGuard-squid3
There are quite a few combinations a user could try. Then throw in 2.0, and 2.1.
I have these installed on 2.1:
- squid3-dev
- squidGuard-squid3
I also have HAVP installed. It has taken me days to get it working.
Maybe you can fix any squid issue in 5 minutes. Some of us can't.
All I'm saying is that depending on your version and the pkgs you choose, plus other pkgs that may have an effect, it isn't always easy to get Squid + SG working.
DrClaw, do you have things under control now?