Proxy Autenticado e Mult WAN

A Former User

system.log


/pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'

Não estou conseguindo resolver isso.

LFCavalcanti

@UnDr3aD:

system.log


/pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'

Não estou conseguindo resolver isso.

Isto só comunica que o serviço do Squid estava desativado quando você aplicou alguma alteração. Verifique linhas próximas a essa para erros apontando para o SQUID.

A Former User

@LFCavalcanti:

Isto só comunica que o serviço do Squid estava desativado quando você aplicou alguma alteração. Verifique linhas próximas a essa para erros apontando para o SQUID.

grep -i squid /var/log/system.log


Sep 24 14:57:50 medivh php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 24 14:57:50 medivh php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 24 15:09:45 medivh php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 24 15:09:46 medivh php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 24 15:09:46 medivh php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 24 15:09:46 medivh php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 24 15:09:47 medivh php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 24 15:09:47 medivh php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 24 15:12:23 medivh php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 24 15:12:24 medivh php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 24 15:12:24 medivh php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 24 15:12:24 medivh php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 24 15:12:25 medivh php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 24 15:12:25 medivh php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 24 15:13:14 medivh squid[15859]: Squid Parent: will start 1 kids
Sep 24 15:13:14 medivh squid[15859]: Squid Parent: (squid-1) process 16319 started
Sep 24 15:13:37 medivh php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
Sep 24 15:13:42 medivh php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
Sep 24 15:13:45 medivh squid[21886]: Squid Parent: will start 1 kids
Sep 24 15:13:45 medivh squid[21886]: Squid Parent: (squid-1) process 22459 started
Sep 24 15:15:46 medivh php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
Sep 24 15:16:26 medivh php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
Sep 24 15:16:28 medivh squid[73944]: Squid Parent: will start 1 kids
Sep 24 15:16:28 medivh squid[73944]: Squid Parent: (squid-1) process 74581 started

não estou conseguindo identificar o porque de o prompt de autenticação não estar sendo apresentado no browser.

LFCavalcanti

Só uma pergunta: Os Browsers que você testou estão com o Proxy configurado?

marcelloc

squid -k parse

tail -f /var/squid/logs/*log

A Former User

@marcelloc:

squid -k parse


[2.1-RELEASE][root@medivh.ntu0]/root(6): squid -k parse
2013/09/24 16:58:35| Startup: Initializing Authentication Schemes ...
2013/09/24 16:58:35| Startup: Initialized Authentication Scheme 'basic'
2013/09/24 16:58:35| Startup: Initialized Authentication Scheme 'digest'
2013/09/24 16:58:35| Startup: Initialized Authentication Scheme 'negotiate'
2013/09/24 16:58:35| Startup: Initialized Authentication Scheme 'ntlm'
2013/09/24 16:58:35| Startup: Initialized Authentication.
2013/09/24 16:58:35| Processing Configuration File: /usr/pbi/squid-amd64/etc/squid/squid.conf (depth 0)
2013/09/24 16:58:35| Processing: http_port 192.168.0.50:3128
2013/09/24 16:58:35| Processing: icp_port 7
2013/09/24 16:58:35| Processing: dns_v4_first on
2013/09/24 16:58:35| Processing: pid_filename /var/run/squid.pid
2013/09/24 16:58:35| Processing: cache_effective_user proxy
2013/09/24 16:58:35| Processing: cache_effective_group proxy
2013/09/24 16:58:35| Processing: error_default_language pt-br
2013/09/24 16:58:35| Processing: icon_directory /usr/pbi/squid-amd64/etc/squid/icons
2013/09/24 16:58:35| Processing: visible_hostname proxyntu
2013/09/24 16:58:35| Processing: cache_mgr ni@ntu.org.br
2013/09/24 16:58:35| Processing: access_log /var/squid/logs/access.log
2013/09/24 16:58:35| Processing: cache_log /var/squid/logs/cache.log
2013/09/24 16:58:35| Processing: cache_store_log none
2013/09/24 16:58:35| Processing: logfile_rotate 0
2013/09/24 16:58:35| Processing: shutdown_lifetime 3 seconds
2013/09/24 16:58:35| Processing: acl localnet src  192.168.0.0/24
2013/09/24 16:58:35| Processing: httpd_suppress_version_string on
2013/09/24 16:58:35| Processing: uri_whitespace strip
2013/09/24 16:58:35| Processing: acl dynamic urlpath_regex cgi-bin \?
2013/09/24 16:58:35| Processing: cache deny dynamic
2013/09/24 16:58:35| Processing: cache_mem 128 MB
2013/09/24 16:58:35| Processing: maximum_object_size_in_memory 32 KB
2013/09/24 16:58:35| Processing: memory_replacement_policy heap GDSF
2013/09/24 16:58:35| Processing: cache_replacement_policy heap LFUDA
2013/09/24 16:58:35| Processing: cache_dir ufs /var/squid/cache 2048 16 256
2013/09/24 16:58:35| Processing: minimum_object_size 0 KB
2013/09/24 16:58:35| Processing: maximum_object_size 4000 KB
2013/09/24 16:58:35| Processing: offline_mode off
2013/09/24 16:58:35| Processing: cache_swap_low 90
2013/09/24 16:58:35| Processing: cache_swap_high 95
2013/09/24 16:58:35| Processing: cache allow all
2013/09/24 16:58:35| Processing: acl allsrc src all
2013/09/24 16:58:35| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3127 1025-65535
2013/09/24 16:58:35| Processing: acl sslports port 443 563
2013/09/24 16:58:35| Processing: acl purge method PURGE
2013/09/24 16:58:35| Processing: acl connect method CONNECT
2013/09/24 16:58:35| Processing: acl HTTP proto HTTP
2013/09/24 16:58:35| Processing: acl HTTPS proto HTTPS
2013/09/24 16:58:35| Processing: http_access allow manager localhost
2013/09/24 16:58:35| Processing: http_access deny manager
2013/09/24 16:58:35| Processing: http_access allow purge localhost
2013/09/24 16:58:35| Processing: http_access deny purge
2013/09/24 16:58:35| Processing: http_access deny !safeports
2013/09/24 16:58:35| Processing: http_access deny CONNECT !sslports
2013/09/24 16:58:35| Processing: request_body_max_size 0 KB
2013/09/24 16:58:35| Processing: delay_pools 1
2013/09/24 16:58:35| Processing: delay_class 1 2
2013/09/24 16:58:35| Processing: delay_parameters 1 -1/-1 -1/-1
2013/09/24 16:58:35| Processing: delay_initial_bucket_level 100
2013/09/24 16:58:35| Processing: delay_access 1 allow allsrc
2013/09/24 16:58:35| Processing: auth_param basic program /usr/pbi/squid-amd64/libexec/squid/basic_ldap_auth -v 3 -b dc=ntu0,dc=local -D cn=Administrator,cn=Users,dc=ntu0,dc=local -w XXXXXXXXXXX -f "sAMAccountName=%s" -u uid -P 192.168.0.3:389
2013/09/24 16:58:35| Processing: auth_param basic children 5
2013/09/24 16:58:35| Processing: auth_param basic realm Please enter your credentials to access the proxy
2013/09/24 16:58:35| Processing: auth_param basic credentialsttl 60 minutes
2013/09/24 16:58:35| Processing: acl password proxy_auth REQUIRED
2013/09/24 16:58:35| Processing: http_access allow password localnet
2013/09/24 16:58:35| Processing: http_access deny allsrc
2013/09/24 16:58:35| Initializing https proxy context

@marcelloc:

tail -f /var/squid/logs/*log


[2.1-RELEASE][root@medivh.ntu0]/root(7): tail -f /var/squid/logs/*log

==> /var/squid/logs/access.log <==

==> /var/squid/logs/cache.log <==
2013/09/24 15:16:28 kid1| Max Mem  size: 131072 KB
2013/09/24 15:16:28 kid1| Max Swap size: 2097152 KB
2013/09/24 15:16:28 kid1| Rebuilding storage in /var/squid/cache (no log)
2013/09/24 15:16:28 kid1| Using Least Load store dir selection
2013/09/24 15:16:28 kid1| Current Directory is /usr/local/www
2013/09/24 15:16:28 kid1| Loaded Icons.
2013/09/24 15:16:28 kid1| HTCP Disabled.
2013/09/24 15:16:28 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2013/09/24 15:16:28 kid1| sendto FD 25: (1) Operation not permitted
2013/09/24 15:16:28 kid1| ipcCreate: CHILD: hello write test failed

@LFCavalcanti:

Só uma pergunta: Os Browsers que você testou estão com o Proxy configurado?

Sim.

A Former User


[2.1-RELEASE][root@medivh.ntu0]/root(1): squid -v
Squid Cache: Version 3.3.8
configure options:  '--with-default-user=squid' '--bindir=/usr/pbi/squid-amd64/sbin' '--sbindir=/usr/pbi/squid-amd64/sbin' '--datadir=/usr/pbi/squid-amd64/etc/squid' '--libexecdir=/usr/pbi/squid-amd64/libexec/squid' '--localstatedir=/var' '--sysconfdir=/usr/pbi/squid-amd64/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache/squid' '--enable-auth' '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation' '--enable-auth-basic=DB MSNT MSNT-multi-domain NCSA PAM POP3 RADIUS  fake getpwnam LDAP SASL NIS' '--enable-auth-digest=file' '--enable-external-acl-helpers=file_userip time_quota unix_group LDAP_group kerberos_ldap_group' '--enable-auth-negotiate=kerberos wrapper' '--enable-auth-ntlm=fake smb_lm' '--enable-storeio=diskd rock ufs aufs' '--enable-disk-io=AIO Blocking DiskDaemon IpcIo Mmapped DiskThreads' '--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-delay-pools' '--enable-ssl' '--with-openssl=/usr' '--enable-ssl-crtd' '--enable-icmp' '--enable-htcp' '--disable-forw-via-db' '--enable-cache-digests' '--enable-wccp' '--enable-wccpv2' '--enable-eui' '--disable-ipfw-transparent' '--enable-pf-transparent' '--disable-ipf-transparent' '--enable-follow-x-forwarded-for' '--disable-ecap' '--enable-icap-client' '--disable-esi' '--enable-kqueue' '--with-large-files' '--prefix=/usr/pbi/squid-amd64' '--mandir=/usr/pbi/squid-amd64/man' '--infodir=/usr/pbi/squid-amd64/info/' '--build=amd64-portbld-freebsd8.3' 'build_alias=amd64-portbld-freebsd8.3' 'CC=cc' 'CFLAGS=-O2 -pipe -I/usr/pbi/squid-amd64/include -I/usr/pbi/squid-amd64/include -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'LDFLAGS= -L/usr/pbi/squid-amd64/lib -L/usr/pbi/squid-amd64/lib -pthread -Wl,-rpath=/usr/lib:/usr/pbi/squid-amd64/lib -L/usr/lib' 'CPPFLAGS=-I/usr/pbi/squid-amd64/include' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -I/usr/pbi/squid-amd64/include -I/usr/pbi/squid-amd64/include -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'CPP=cpp' --enable-ltdl-convenience


[2.1-RELEASE][root@medivh.ntu0]/root(2): ls -l /var/squid/
total 8
drwxr-xr-x   2 proxy  proxy  512 Sep 24 14:54 acl
drwxr-xr-x  18 proxy  proxy  512 Sep 25 00:00 cache
drwxr-xr-x   3 proxy  proxy  512 Sep 24 14:54 lib
drwxr-xr-x   2 proxy  proxy  512 Sep 24 15:16 logs

Pergunto: O usuário do squid não deveria ser "proxy"? Se eu não me engano é proxy na versão 2 disponível no repositório!

A Former User

só pra constar aqui.
fiz essa vm com o pfsense e instalei o pacote squid (2). configurei e funcionou ok! está funcionando!
nem configurei multiwan nela, estou fazendo passo por passo.
tirei um snapshot dessa vm e a partir dele fiz uma nova vm, onde desinstalei o squid(2) e instalei o squid3. As configurações do squid(2) fora reconhecidas pelo squid3, ou seja, em teoria era pra funcionar também, contudo não está funcionando nem com reza "braba" e água benta! não está aparecendo o prompt de autenticação no navegador (que está configurado!).

@UnDr3aD:

Pergunto: O usuário do squid não deveria ser "proxy"? Se eu não me engano é proxy na versão 2 disponível no repositório!

verifiquei na outra vm e é isso mesmo, o squid(2) usa o usuário proxy, mas o squid3 usa o usuário squid! poderia ser algo relacionado a isso?

marcelloc

Subi um squid3 sem problemas aqui.
Já seguiu as orientações do outro post?

A Former User

@marcelloc:

Subi um squid3 sem problemas aqui.
Já seguiu as orientações do outro post?

sim. tenho feito várias pesquisas e segui aquele seu post do squid3.

vou fazer o seguinte:
~~mais uma vez,~~ vou criar uma vm (com o .ova do pfSense 2.0.3 do repositório) e instalar do zero com o squid3 e testar.

A Former User

pois é…..
fiz o seguinte:

instalei o pfSense 2.0.3 (appliance)
instalei os patches lá do post do squid3 (das outras vezes tinha instalado depois do squid3)
instalei o squid3-dev
configurei o squid para autenticar no AD e, ...
funcionou!!!!!
Eeeentretando...
atualizei o pfSense para a versão atual (2.1) (das outras vezes tinha atualizado primeiro de tudo) e, ...
o prompt para autenticação do proxy no navegador volta a NÃO aparecer.
(interessante que acessa a internet ok, até mesmo faz o log de acessos do squid, mas não abre janela de autenticação!)

Logo, infere-se que há algum coisa ~~magia negra, omg!~~ entre o squid3 e a versão do pfSense 2.1 que não estão se dando bem!
Ideias????

marcelloc

Estou falando deste tópico:
@marcelloc:

http://forum.pfsense.org/index.php/topic,62263.msg366962.html#msg366962

onde diz:
Veja se o squid está escutando na porta que você configurou. Se não estiver, habilite o ipv6, mate todos os processos do squid e em seguida salve as configurações para iniciar o daemon novamente.

A Former User

@marcelloc:

Estou falando deste tópico:
@marcelloc:

http://forum.pfsense.org/index.php/topic,62263.msg366962.html#msg366962

onde diz:
Veja se o squid está escutando na porta que você configurou. Se não estiver, habilite o ipv6, mate todos os processos do squid e em seguida salve as configurações para iniciar o daemon novamente.

veja:


[2.1-RELEASE][root@mercurio.ntu0]/root(3): tcpdump port 3128

…


15:16:31.077410 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20613: Flags [P.], ack 844, win 513, length 524
15:16:31.077551 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20613: Flags [P.], ack 844, win 513, length 524
15:16:31.077845 IP ntu-0124.ntu0.local.20613 > mercurio.ntu0.3128: Flags [.], ack 16400, win 16425, length 0
15:16:31.079652 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20613: Flags [P.], ack 844, win 513, length 524
15:16:31.079787 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20613: Flags [P.], ack 844, win 513, length 524
15:16:31.080041 IP ntu-0124.ntu0.local.20613 > mercurio.ntu0.3128: Flags [.], ack 17448, win 16163, length 0
15:16:31.082037 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20613: Flags [P.], ack 844, win 513, length 524
15:16:31.082218 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20613: Flags [P.], ack 844, win 513, length 90
15:16:31.082535 IP ntu-0124.ntu0.local.20613 > mercurio.ntu0.3128: Flags [.], ack 18062, win 16425, length 0
15:16:31.096214 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.096383 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.096531 IP ntu-0124.ntu0.local.20606 > mercurio.ntu0.3128: Flags [.], ack 71553, win 16425, length 0
15:16:31.098522 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.098667 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.098894 IP ntu-0124.ntu0.local.20606 > mercurio.ntu0.3128: Flags [.], ack 72601, win 16163, length 0
15:16:31.100853 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.100986 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.101234 IP ntu-0124.ntu0.local.20606 > mercurio.ntu0.3128: Flags [.], ack 73649, win 16425, length 0
15:16:31.103190 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.103324 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.103574 IP ntu-0124.ntu0.local.20606 > mercurio.ntu0.3128: Flags [.], ack 74697, win 16163, length 0
15:16:31.105527 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.105666 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.106023 IP ntu-0124.ntu0.local.20606 > mercurio.ntu0.3128: Flags [.], ack 75745, win 16425, length 0
15:16:31.107981 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.108107 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.108406 IP ntu-0124.ntu0.local.20606 > mercurio.ntu0.3128: Flags [.], ack 76793, win 16163, length 0
15:16:31.110194 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 524
15:16:31.110335 IP mercurio.ntu0.3128 > ntu-0124.ntu0.local.20606: Flags [P.], ack 1285, win 513, length 154
15:16:31.110807 IP ntu-0124.ntu0.local.20606 > mercurio.ntu0.3128: Flags [.], ack 77995, win 16425, length 0
^C
344 packets captured
560 packets received by filter
0 packets dropped by kernel

nas outras VM's eu tinha esquecido de ativar o IPv6, contudo nessa VM foi uma das primeiras coisas que eu fiz (e esqueci de colocar na resposta de cima)

pelo resultado acima acho que está ouvindo a porta sim. ainda assim devo matar os processos e salvar as configurações? (você disse pra fazer isso somente no caso de a porta não estar sendo ouvida.)

marcelloc

Se tem trafego na porta, então sim, os squid está rodando.

O que não bate com um dos primeiros logs que você mandou

returned exit code '1', the output was 'squid: ERROR: No running copy'

Se nesta última vm o squid está no ar sem morrer(veja o cache.log) o proximo passo é verificar as acls do squid.

A Former User

@marcelloc:

Se tem trafego na porta, então sim, os squid está rodando.

O que não bate com um dos primeiros logs que você mandou
returned exit code '1', the output was 'squid: ERROR: No running copy'
Se nesta última vm o squid está no ar sem morrer(veja o cache.log) o proximo passo é verificar as acls do squid.

pois é… aí que está...

mesmo nessa nova VM, o resultado co comando grep -i squid /var/log/system.log é:


Sep 25 15:18:04 pfSense php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:18:04 pfSense php: /pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 15:19:01 pfSense php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:19:02 pfSense php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:19:02 pfSense php: /pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 15:19:02 pfSense php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:19:03 pfSense php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:19:04 pfSense php: /pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 12:22:37 mercurio php: : [Squid] - Squid_resync function call pr: bp:1 rpc:no
Sep 25 12:22:39 mercurio php: : Starting Squid
Sep 25 12:22:39 mercurio squid[52687]: Squid Parent: will start 1 kids
Sep 25 12:22:39 mercurio squid[52687]: Squid Parent: (squid-1) process 53140 started
Sep 25 12:22:40 mercurio php: : [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:22:40 mercurio php: : [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:22:40 mercurio php: : [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:22:40 mercurio php: : [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:22:40 mercurio php: : [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:22:40 mercurio php: : [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:22:40 mercurio php: : [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:22:40 mercurio php: : [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:22:40 mercurio php: : [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:22:40 mercurio php: : Not calling package sync code for dependency squidreverse of squid3-dev because some include files are missing.
Sep 25 12:22:40 mercurio php: : [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:22:40 mercurio php: : [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:22:40 mercurio php: : [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:26:24 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 12:26:25 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 12:26:25 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 12:26:26 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 12:28:23 mercurio php: /pkg_edit.php: Creating squid cache subdirs in /var/squid/cache
Sep 25 12:28:28 mercurio squid[52687]: Squid Parent: (squid-1) process 53140 exited with status 0
Sep 25 12:28:28 mercurio php: /pkg_edit.php: The command '/usr/local/sbin/squid -k kill -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 12:28:28 mercurio squid[24643]: Squid Parent: will start 1 kids
Sep 25 12:28:28 mercurio squid[24643]: Squid Parent: (squid-1) process 25094 started
Sep 25 12:28:28 mercurio squid[24643]: Squid Parent: (squid-1) process 25094 exited with status 0
Sep 25 12:28:28 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr: bp: rpc:no
Sep 25 12:28:29 mercurio php: /pkg_edit.php: Creating squid cache subdirs in /var/squid/cache
Sep 25 12:28:34 mercurio php: /pkg_edit.php: The command '/usr/local/sbin/squid -k kill -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 12:28:34 mercurio squid[28482]: Squid Parent: will start 1 kids
Sep 25 12:28:34 mercurio squid[28482]: Squid Parent: (squid-1) process 28915 started
Sep 25 12:28:38 mercurio squid[28482]: Squid Parent: (squid-1) process 28915 exited with status 0
Sep 25 12:28:38 mercurio php: /pkg_edit.php: Starting Squid
Sep 25 12:28:38 mercurio squid[29299]: Squid Parent: will start 1 kids
Sep 25 12:28:38 mercurio squid[29299]: Squid Parent: (squid-1) process 29601 started
Sep 25 12:38:27 mercurio php: rc.bootup: List of packages to reinstall: squid3-dev
Sep 25 12:38:27 mercurio php: rc.bootup: Uninstalling package squid3-dev
Sep 25 12:38:41 mercurio php: rc.bootup: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
Sep 25 12:38:41 mercurio php: rc.bootup: PBI dir for squid-3.3.8-amd64 was not found - cannot cleanup PBI files
Sep 25 12:38:42 mercurio php: rc.bootup: Finished uninstalling package squid3-dev
Sep 25 12:38:42 mercurio php: rc.bootup: Reinstalling package squid3-dev
Sep 25 12:38:43 mercurio php: rc.bootup: Beginning package installation for squid3-dev .
Sep 25 12:41:14 mercurio php: rc.bootup: Starting Squid
Sep 25 12:41:14 mercurio squid[69152]: Squid Parent: will start 1 kids
Sep 25 12:41:14 mercurio squid[69152]: Squid Parent: (squid-1) process 69410 started
Sep 25 12:41:14 mercurio php: rc.bootup: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:15 mercurio php: rc.bootup: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:15 mercurio php: rc.bootup: Finished installing package squid3-dev
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:16 mercurio php: rc.start_packages: Not calling package sync code for dependency squidreverse of squid3-dev because some include files are missing.
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:16 mercurio php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
Sep 25 12:41:23 mercurio squid[90544]: Squid Parent: will start 1 kids
Sep 25 12:41:23 mercurio squid[90544]: Squid Parent: (squid-1) process 90664 started
Sep 25 15:44:41 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:44:42 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:44:42 mercurio php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 15:45:25 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:45:25 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:45:25 mercurio php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 15:45:53 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:45:54 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:45:54 mercurio php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 15:46:38 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:46:39 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:46:39 mercurio php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 15:47:45 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:47:46 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:47:46 mercurio php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 15:47:46 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:47:47 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:47:47 mercurio php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 15:48:21 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:48:22 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:48:22 mercurio php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 15:48:22 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:48:23 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:48:23 mercurio squid: Bungled /usr/pbi/squid-amd64/etc/squid/squid.conf line 94: http_access allow password localnet
Sep 25 15:48:23 mercurio php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was '2013/09/25 15:48:23| aclParseAclList: ACL name 'localnet' not found. FATAL: Bungled /usr/pbi/squid-amd64/etc/squid/squid.conf line 94: http_access allow password localnet Squid Cache (Version 3.3.8): Terminated abnormally. CPU Usage: 0.034 seconds = 0.034 user + 0.000 sys Maximum Resident Size: 39424 KB Page faults with physical i/o: 0'
Sep 25 15:48:44 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:48:45 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:48:45 mercurio php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 15:48:51 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:48:51 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:48:51 mercurio php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Sep 25 15:48:52 mercurio php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Sep 25 15:48:52 mercurio php: /pkg_edit.php: Reloading Squid for configuration sync
Sep 25 15:48:53 mercurio php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'

O tcpdump port 3128 continua dando o mesmo resultado acima (ou seja, passando trafego)

*tail -f /var/log/squid/log retorna:


==> /var/log/squid/access.log <==
1380134995.023   3110 192.168.0.108 TCP_MISS/304 377 GET http://pudim.com.br/ - HIER_DIRECT/200.219.245.95 -
1380134995.424    232 192.168.0.108 TCP_MISS/200 546 GET http://www.google-analytics.com/__utm.gif? - HIER_DIRECT/74.125.234.102 image/gif
1380135000.745    518 192.168.0.108 TCP_MISS/301 485 GET http://facebook.com/ - HIER_DIRECT/173.252.110.27 text/html
1380135001.233    483 192.168.0.108 TCP_MISS/301 542 GET http://www.facebook.com/ - HIER_DIRECT/31.13.73.33 text/html
1380135002.252    712 192.168.0.108 TCP_MISS/200 2327 POST http://ocsp.verisign.com/ - HIER_DIRECT/199.7.71.72 application/ocsp-response
1380135007.675   5066 192.168.0.108 TCP_MISS/200 24230 CONNECT fbstatic-a.akamaihd.net:443 - HIER_DIRECT/205.185.204.42 -
1380135007.678   8254 192.168.0.108 TCP_MISS/200 3772 CONNECT api.duckduckgo.com:443 - HIER_DIRECT/107.21.1.80 -
1380135007.680   6438 192.168.0.108 TCP_MISS/200 19163 CONNECT www.facebook.com:443 - HIER_DIRECT/31.13.73.33 -
1380135007.681  62532 192.168.0.108 TCP_MISS/200 4331 CONNECT www.google.com:443 - HIER_DIRECT/74.125.234.147 -
1380135007.682   7558 192.168.0.108 TCP_MISS/200 4649 CONNECT i.duckduckgo.com:443 - HIER_DIRECT/184.72.115.86 -

==> /var/log/squid/cache.log <==
2013/09/25 12:41:24 kid1| storeLateRelease: released 0 objects
2013/09/25 13:37:15 kid1| Logfile: opening log stdio:/var/log/squid/netdb.state
2013/09/25 13:37:15 kid1| Logfile: closing log stdio:/var/log/squid/netdb.state
2013/09/25 13:37:15 kid1| NETDB state saved; 8 entries, 0 msec
2013/09/25 14:31:23 kid1| Logfile: opening log stdio:/var/log/squid/netdb.state
2013/09/25 14:31:23 kid1| Logfile: closing log stdio:/var/log/squid/netdb.state
2013/09/25 14:31:23 kid1| NETDB state saved; 8 entries, 0 msec
2013/09/25 15:26:44 kid1| Logfile: opening log stdio:/var/log/squid/netdb.state
2013/09/25 15:26:44 kid1| Logfile: closing log stdio:/var/log/squid/netdb.state
2013/09/25 15:26:44 kid1| NETDB state saved; 9 entries, 0 msec

e só pra completar as informações estou mandando também squid -k parse:


2013/09/25 15:54:59| Startup: Initializing Authentication Schemes ...
2013/09/25 15:54:59| Startup: Initialized Authentication Scheme 'basic'
2013/09/25 15:54:59| Startup: Initialized Authentication Scheme 'digest'
2013/09/25 15:54:59| Startup: Initialized Authentication Scheme 'negotiate'
2013/09/25 15:54:59| Startup: Initialized Authentication Scheme 'ntlm'
2013/09/25 15:54:59| Startup: Initialized Authentication.
2013/09/25 15:54:59| Processing Configuration File: /usr/pbi/squid-amd64/etc/squid/squid.conf (depth 0)
2013/09/25 15:54:59| Processing: http_port 192.168.0.52:3128
2013/09/25 15:54:59| Processing: icp_port 7
2013/09/25 15:54:59| Processing: dns_v4_first on
2013/09/25 15:54:59| Processing: pid_filename /var/run/squid.pid
2013/09/25 15:54:59| Processing: cache_effective_user proxy
2013/09/25 15:54:59| Processing: cache_effective_group proxy
2013/09/25 15:54:59| Processing: error_default_language en
2013/09/25 15:54:59| Processing: icon_directory /usr/pbi/squid-amd64/etc/squid/icons
2013/09/25 15:54:59| Processing: visible_hostname localhost
2013/09/25 15:54:59| Processing: cache_mgr admin@localhost
2013/09/25 15:54:59| Processing: access_log /var/squid/logs/access.log
2013/09/25 15:54:59| Processing: cache_log /var/squid/logs/cache.log
2013/09/25 15:54:59| Processing: cache_store_log none
2013/09/25 15:54:59| Processing: logfile_rotate 0
2013/09/25 15:54:59| Processing: shutdown_lifetime 3 seconds
2013/09/25 15:54:59| Processing: httpd_suppress_version_string on
2013/09/25 15:54:59| Processing: uri_whitespace strip
2013/09/25 15:54:59| Processing: acl dynamic urlpath_regex cgi-bin \?
2013/09/25 15:54:59| Processing: cache deny dynamic
2013/09/25 15:54:59| Processing: cache_mem 8 MB
2013/09/25 15:54:59| Processing: maximum_object_size_in_memory 32 KB
2013/09/25 15:54:59| Processing: memory_replacement_policy heap GDSF
2013/09/25 15:54:59| Processing: cache_replacement_policy heap LFUDA
2013/09/25 15:54:59| Processing: cache_dir ufs /var/squid/cache 2048 16 256
2013/09/25 15:54:59| Processing: minimum_object_size 0 KB
2013/09/25 15:54:59| Processing: maximum_object_size 400 KB
2013/09/25 15:54:59| Processing: offline_mode off
2013/09/25 15:54:59| Processing: cache_swap_low 90
2013/09/25 15:54:59| Processing: cache_swap_high 95
2013/09/25 15:54:59| Processing: cache allow all
2013/09/25 15:54:59| Processing: acl allsrc src all
2013/09/25 15:54:59| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3127 1025-65535
2013/09/25 15:54:59| Processing: acl sslports port 443 563
2013/09/25 15:54:59| Processing: acl purge method PURGE
2013/09/25 15:54:59| Processing: acl connect method CONNECT
2013/09/25 15:54:59| Processing: acl HTTP proto HTTP
2013/09/25 15:54:59| Processing: acl HTTPS proto HTTPS
2013/09/25 15:54:59| Processing: acl allowed_subnets src 192.168.0.0/24
2013/09/25 15:54:59| Processing: acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
2013/09/25 15:54:59| Processing: http_access allow manager localhost
2013/09/25 15:54:59| Processing: http_access deny manager
2013/09/25 15:54:59| Processing: http_access allow purge localhost
2013/09/25 15:54:59| Processing: http_access deny purge
2013/09/25 15:54:59| Processing: http_access deny !safeports
2013/09/25 15:54:59| Processing: http_access deny CONNECT !sslports
2013/09/25 15:54:59| Processing: request_body_max_size 0 KB
2013/09/25 15:54:59| Processing: delay_pools 1
2013/09/25 15:54:59| Processing: delay_class 1 2
2013/09/25 15:54:59| Processing: delay_parameters 1 -1/-1 -1/-1
2013/09/25 15:54:59| Processing: delay_initial_bucket_level 100
2013/09/25 15:54:59| Processing: delay_access 1 allow allsrc
2013/09/25 15:54:59| Processing: http_access deny blacklist
2013/09/25 15:54:59| Processing: auth_param basic program /usr/pbi/squid-amd64/libexec/squid/basic_ldap_auth -v 3 -b dc=ntu0,dc=local -D cn=Administrator,cn=Users,dc=ntu0,dc=local -w XXXXXXXXXXXXX -f "sAMAccountName=%s" -u uid -P 192.168.0.3:389
2013/09/25 15:54:59| Processing: auth_param basic children 5
2013/09/25 15:54:59| Processing: auth_param basic realm Please enter your credentials to access the proxy
2013/09/25 15:54:59| Processing: auth_param basic credentialsttl 60 minutes
2013/09/25 15:54:59| Processing: acl password proxy_auth REQUIRED
2013/09/25 15:54:59| Processing: http_access allow password allowed_subnets
2013/09/25 15:54:59| Processing: http_access deny allsrc
2013/09/25 15:54:59| Initializing https proxy context

mil tretas mano!

marcelloc

E o cache.log?

A Former User

@marcelloc:

E o cache.log?

já tem o cache.log acima!

@UnDr3aD:

*tail -f /var/log/squid/log retorna:


==> /var/log/squid/cache.log <==
2013/09/25 12:41:24 kid1| storeLateRelease: released 0 objects
2013/09/25 13:37:15 kid1| Logfile: opening log stdio:/var/log/squid/netdb.state
2013/09/25 13:37:15 kid1| Logfile: closing log stdio:/var/log/squid/netdb.state
2013/09/25 13:37:15 kid1| NETDB state saved; 8 entries, 0 msec
2013/09/25 14:31:23 kid1| Logfile: opening log stdio:/var/log/squid/netdb.state
2013/09/25 14:31:23 kid1| Logfile: closing log stdio:/var/log/squid/netdb.state
2013/09/25 14:31:23 kid1| NETDB state saved; 8 entries, 0 msec
2013/09/25 15:26:44 kid1| Logfile: opening log stdio:/var/log/squid/netdb.state
2013/09/25 15:26:44 kid1| Logfile: closing log stdio:/var/log/squid/netdb.state
2013/09/25 15:26:44 kid1| NETDB state saved; 9 entries, 0 msec

ou tem outro log de cache em outro lugar???

A Former User

continuando…!

as acl do squid parecem não estar funcionando também! não estou conseguindo bloquear nada!

Augusto

Olá…Eu uso MultWan e Squid autenticado "transparente" por NTLM.....e aqui esta funcionando...

Você criou a regra de floating?
Lá em Custom você colocou o tcp_outgoing_address?

Não sei se pode ser isso...masss....

A Former User

@edge540:

Olá…Eu uso MultWan e Squid autenticado "transparente" por NTLM.....e aqui esta funcionando...

Você criou a regra de floating?
Lá em Custom você colocou o tcp_outgoing_address?

Não sei se pode ser isso...masss....

sempre configuro isso, conforme os tutoriais. Entretanto, como mencionei em respostas anteriores, estou fazendo passo por passo. Não configurei as duas interfaces para uma multiWAN. estou usando somente uma WAN e uma LAN até que esse problema do squid seja superado.