I am now creating new DansGuardian and Squid3 binaries.

aaronouthier

Hmm. Not sure what happened. I just did a fresh reinstall myself. Squid now segfaults upon launch with core dump. This is with the official versions of everything. Nothing was custom-compiled or copied from another box. Amd64 build. I don't know what to say.

Escorpiom

Exactly.
It did that on my box also, but it turned out to be the cache filesystem.
If you set it to "aufs", Squid will complain.
Leaving it at "ufs" (default) and it runs.

I have found a way to block ads with the help of a regex list added to Squid, and that works fine.
So for now, all is dandy. No updates though.

Cheers.

aaronouthier

Well, I am having some frustrating issues. I have gotten squid to compile just fine, but when I do amake install, it hangs with a series of```
lstat: file not found

Escorpiom

Hmm I'm not familiar with the process, wish I could help in some way.
Take your time.

Cheers.

Escorpiom

Today, a new Squid package was made available.
As I was feeling adventurous, decided to hit the pkg button and….
Installed just fine, all configs retained. No errors.

I haven't tried to update the beta snapshot yet, better wait until it gets final.

Cheers.

jbc

No luck on my end, but I am running the latest beta…

2.2-BETA (amd64)
built on Fri Nov 07 13:54:45 CST 2014
FreeBSD 10.1-RC4-p1

squid3-dev
3.3.11_1 pkg 2.2.8

Last 50 system log entries
Nov 8 11:42:45 php-fpm[50841]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "filter" rules.
Nov 8 11:42:44 php-fpm[50841]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "pfearly" rules.
Nov 8 11:42:44 php-fpm[50841]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "nat" rules.
Nov 8 11:42:43 check_reload_status: Reloading filter
Nov 8 11:42:33 kernel: pid 85517 (squid), uid 0: exited on signal 11 (core dumped)
Nov 8 11:42:33 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
Nov 8 11:42:32 php-fpm[92516]: /pkg_edit.php: Starting Squid
Nov 8 11:42:32 kernel: pid 81637 (squid), uid 0: exited on signal 11 (core dumped)
Nov 8 11:42:32 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -z -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
Nov 8 11:42:31 kernel: pid 77608 (squid), uid 0: exited on signal 11 (core dumped)
Nov 8 11:42:31 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k kill -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
Nov 8 11:42:26 kernel: pid 57759 (squid), uid 0: exited on signal 11 (core dumped)
Nov 8 11:42:26 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k shutdown -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
Nov 8 11:42:25 php-fpm[92516]: /pkg_edit.php: Creating squid cache subdirs in /var/squid/cache
Nov 8 11:42:25 php-fpm[25084]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "filter" rules.
Nov 8 11:42:25 php-fpm[25084]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "pfearly" rules.
Nov 8 11:42:25 php-fpm[25084]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "nat" rules.
Nov 8 11:42:24 php-fpm[25084]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "filter" rules.
Nov 8 11:42:24 php-fpm[25084]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "pfearly" rules.
Nov 8 11:42:24 php-fpm[25084]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "nat" rules.
Nov 8 11:42:24 php-fpm[92516]: /pkg_edit.php: [Squid] - Squid_resync function call pr: bp: rpc:no
Nov 8 11:42:24 check_reload_status: Reloading filter
Nov 8 11:42:24 check_reload_status: Syncing firewall
Nov 8 11:42:13 kernel: pid 39066 (squid), uid 0: exited on signal 11 (core dumped)
Nov 8 11:42:13 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
Nov 8 11:42:12 php-fpm[92516]: /pkg_edit.php: Starting Squid
Nov 8 11:42:12 kernel: pid 34816 (squid), uid 0: exited on signal 11 (core dumped)
Nov 8 11:42:12 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -z -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
Nov 8 11:42:12 kernel: pid 31211 (squid), uid 0: exited on signal 11 (core dumped)
Nov 8 11:42:12 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k kill -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
Nov 8 11:42:06 kernel: pid 27894 (squid), uid 0: exited on signal 11 (core dumped)
Nov 8 11:42:06 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k shutdown -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
Nov 8 11:42:06 php-fpm[92516]: /pkg_edit.php: Creating squid cache subdirs in /var/squid/cache
Nov 8 11:42:04 php-fpm[92516]: /pkg_edit.php: [Squid] - Squid_resync function call pr: bp: rpc:no
Nov 8 11:41:20 kernel: pid 93914 (squid), uid 0: exited on signal 11 (core dumped)
Nov 8 11:41:15 syslogd: kernel boot file is /boot/kernel/kernel

phil.davis

@Escorpiom:

Today, a new Squid package was made available.
As I was feeling adventurous, decided to hit the pkg button and….
Installed just fine, all configs retained. No errors.

I haven't tried to update the beta snapshot yet, better wait until it gets final.

Cheers.

That update for squid3 (3.1) and squid-dev (3.3) was just to add some extra checks to swapstate_check.php that were in squid (2) but had never been put into the newer squid versions. It does not effect any squid functionality, and has no change to the binaries. So it won't help any issues with running on 2.2-BETA,

aaronouthier

Fix for Squid. Needs to be run on each box. Survives a reboot. Survives an update to latest beta, as far as I can tell.

Open a command prompt:


cd /usr/pbi/squid-amd64

```- for x64

–- or ---

cd /usr/pbi/squid-i386


then:

cp -R local/etc local/lib local/libexec /usr/


I'm doing this from memory, so please do this on a test box, Virtual Machine, etc. and make a backup or snapshot first. I did this several days ago, and I copied only one folder at a time. I tried to condense the instructions to make it easier. Please let me know if I made a typo.

You then will need to reboot your pfSense box. I was unable to use the Web interface until I did so. YMMV.

cmb

That's not a good fix, that'll leave behind files in places where they shouldn't be. The root cause of that issue is being looked into. If you need an immediate work around on 2.2, I guess that's OK, but you're going to want to blow away the system and reinstall from scratch once the root issue is fixed if you do that. Or know exactly what you copied into /usr/ and manually remove only those files.

hmh

Hi!
I'am trying to install squid and DG on pfSense 2.2 Beta
DG isn't working

To run squid I do:


ln -s /lib/libmd.so.6 /usr/lib/libmd5.so.1
ln -s /usr/pbi/squid-amd64/local/etc/squid /usr/local/etc/squid
ln -s /usr/pbi/squid-amd64/local/libexec/squid /usr/local/libexec/squid

After that squid starting and working, but DG and squid-guard doesn't work!
Squid transparent proxy with HTTPS doesn't work!
Does filtering working on pfSense 2.2. Beta?

Escorpiom

Squidguard + Squid dev does work, with the workaround.
As 2.2 is still in beta, you will have to wait until issues have been resolved.

Cheers.

aaronouthier

@hmh:

Hi!
I'am trying to install squid and DG on pfSense 2.2 Beta
DG isn't working

To run squid I do:
ln -s /lib/libmd.so.6 /usr/lib/libmd5.so.1
ln -s /usr/pbi/squid-amd64/local/etc/squid /usr/local/etc/squid
ln -s /usr/pbi/squid-amd64/local/libexec/squid /usr/local/libexec/squid
After that squid starting and working, but DG and squid-guard doesn't work!
Squid transparent proxy with HTTPS doesn't work!
Does filtering working on pfSense 2.2. Beta?

If you are going to use DansGuardian, don't use transparent mode with Squid. If you want to use SSL Filtering, set Squid to use the same port for SSL as for regular traffic.

Squid defaults to port 3128 for regular traffic, and 3129 for SSL traffic. Change them so they both are 3128, for example. You then need to go into your computer's proxy settings, and enable the use of a proxy, and set the proxy server to be your router's IP address, and the port to the one on which DansGuardian is listening, usually port 8080.

I highly recommend changing the Web UI port to something other than 443 or 80.

Escorpiom

aaronouthier, why is it not recommended to use Squid transparent with DansGuardian enabled?
Any reason particular? I've got it set up like that at the moment.

Cheers.

aaronouthier

@Escorpiom:

aaronouthier, why is it not recommended to use Squid transparent with DansGuardian enabled?
Any reason particular? I've got it set up like that at the moment.

Cheers.

Because the flow for DansGuardian is supposed to go Browser -> DansGuardian -> Squid -> Internet. However, with Transparent mode enabled, it forces Browser -> Squid -> Internet.

Using transparent mode bypasses DansGuardian.

Using SquidGuard should work with Squid in transparent mode, but not DansGuardian. Still, I could be wrong.

To test this, download a blacklist for DansGuardian, and enable a category to block, such as "Warez". Then go to a site which should be blocked, like the pirate bay, etc. If Squid is in transparent mode, then the site won't be blocked. Disable Transparent mode, and setup a manual proxy from IE settings. Violla, Blocked!

Escorpiom

Thanks for explaining. I remember having seen other posts regarding the issue.
Squidguard is indeed working.

Cheers.