Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid does not work

    Scheduled Pinned Locked Moved pfSense Packages
    21 Posts 3 Posters 7.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KOMK
      KOM
      last edited by

      Very strange.  Does it do this for more than one browser, and everywhere you try?  Do you have the following settings in Services - Proxy Server - General:

      Interface: LAN
      Allow user on interface: Checked
      Transparent proxy: Checked
      Enable logging: Checked

      1 Reply Last reply Reply Quote 0
      • G
        guep
        last edited by

        Yes, i tried it with two different Notebooks and Browsers.
        My proxy konfig is right oft yours.

        Regards
        Günter

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          Anything of interest in /var/squid/logs/access.log?

          Since this is a new config for you to test, perhaps you might try the 2.2-series snapshots and see if it makes any difference.  I think I asked for your System log at some point.  Was there anything of interest in there?

          1 Reply Last reply Reply Quote 0
          • G
            guep
            last edited by

            today i started with a new installation of pfsense on my xbox, because the last one was extremely unstable. maybe it was a problem by the installation process or the package was faulty.
            now my configuration is finished, without installing squid-package. i will see how stable it works for a few days. after that, i try to install squid again.
            regards
            Günter

            1 Reply Last reply Reply Quote 0
            • G
              guep
              last edited by

              now my new pfsense works for a few day without any errors. its a default installation without any packages, but firewall rules are
              configured.
              2.1.5-RELEASE (i386) built on Mon Aug 25 07:44:26 EDT 2014 FreeBSD 8.3-RELEASE-p16
              today i install squid package again.
              i tried squid3-dev ( 3.3.10 pkg 2.2.8) because i also interesting on antivirus integration.
              i used standart config of squid with transparent mode enabled.
              squid and transparent proxy will bind on LAN interfaces (=default).

              but now, if i try to open a web site, they cannot opend.

              here is my system log:

              Dec 7 12:39:49 check_reload_status: Reloading filter
              Dec 7 12:39:43 check_reload_status: Syncing firewall
              Dec 7 12:38:36 check_reload_status: Syncing firewall
              Dec 7 12:37:59 check_reload_status: Syncing firewall
              Dec 7 12:37:36 check_reload_status: Reloading filter
              Dec 7 12:37:36 check_reload_status: Syncing firewall
              Dec 7 12:37:33 check_reload_status: Reloading filter
              Dec 7 12:37:33 check_reload_status: Syncing firewall
              Dec 7 12:36:10 check_reload_status: Reloading filter
              Dec 7 12:36:07 Squid_Alarm[24410]: Squid has resumed. Reconfiguring filter.
              Dec 7 12:36:06 check_reload_status: Reloading filter
              Dec 7 12:36:04 Squid_Alarm[22884]: Reconfiguring filter…
              Dec 7 12:36:01 squid[20226]: Squid Parent: (squid-1) process 20774 started
              Dec 7 12:36:01 squid[20226]: Squid Parent: will start 1 kids
              Dec 7 12:36:01 Squid_Alarm[18996]: Attempting restart…
              Dec 7 12:36:01 Squid_Alarm[18516]: Squid has exited. Reconfiguring filter.
              Dec 7 12:36:01 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
              Dec 7 12:36:00 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'Killed'
              Dec 7 12:35:55 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
              Dec 7 12:35:55 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
              Dec 7 12:34:46 check_reload_status: Reloading filter
              Dec 7 12:34:45 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
              Dec 7 12:34:44 php: /pkg_edit.php: Reloading Squid for configuration sync
              Dec 7 12:34:36 check_reload_status: Reloading filter
              Dec 7 12:34:36 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
              Dec 7 12:34:36 check_reload_status: Syncing firewall
              Dec 7 12:34:34 check_reload_status: Reloading filter
              Dec 7 12:34:34 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
              Dec 7 12:34:33 php: /pkg_edit.php: Reloading Squid for configuration sync
              Dec 7 12:34:28 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
              Dec 7 12:29:56 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
              Dec 7 12:29:56 php: /pkg_edit.php: Reloading Squid for configuration sync
              Dec 7 12:29:48 check_reload_status: Reloading filter
              Dec 7 12:29:48 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
              Dec 7 12:29:48 check_reload_status: Syncing firewall
              Dec 7 12:29:46 check_reload_status: Reloading filter
              Dec 7 12:29:46 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
              Dec 7 12:29:45 php: /pkg_edit.php: Reloading Squid for configuration sync
              Dec 7 12:29:40 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
              Dec 7 12:26:55 check_reload_status: Reloading filter
              Dec 7 12:26:54 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
              Dec 7 12:26:54 php: /pkg_edit.php: Reloading Squid for configuration sync
              Dec 7 12:26:48 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
              Dec 7 12:26:47 check_reload_status: Syncing firewall
              Dec 7 12:25:40 check_reload_status: Reloading filter
              Dec 7 12:25:39 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
              Dec 7 12:25:39 php: /pkg_edit.php: Reloading Squid for configuration sync
              Dec 7 12:25:33 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
              Dec 7 12:25:32 check_reload_status: Syncing firewall
              Dec 7 12:19:59 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'

              and my firewall log:

              block Dec 7 13:03:09 LAN 192.168.200.10:50783  127.0.0.1:3128 TCP:S

              i think web traffic is blocked by the FW. But you told me squid add a working rule by itself.
              so i tried to add a rule they allow traffic on 127.0.0.1:3128 but squid does not work right again.

              what's my mistake in the config ??

              regard
              Günter

              1 Reply Last reply Reply Quote 0
              • G
                guep
                last edited by

                now, i am back to squid3 version 3.1.20 pkg 2.1.2 because the squid3-dev does not work.

                but the squid3 also don't work in transparent mode.    >:( >:(

                if i configure my browser to use the proxy it works (web pages are shown, blacklist works)

                in transparent mode i can see the following massage in my browsers:

                ERROR
                The requested URL could not be retrieved

                The following error was encountered while trying to retrieve the URL: /

                Invalid URL

                Some aspect of the requested URL is incorrect.

                Some possible problems are:

                Missing or incorrect access protocol (should be "http://" or similar)

                Missing hostname

                Illegal double-escape in the URL-Path

                Illegal character in hostname; underscores are not allowed.

                Your cache administrator is admin@localhost.

                –----

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  Very strange.  Transparent mode is just pfSense redirecting all port 80 traffic to port 3128, Squid's port.  It should just work.  It keeps complaining about Invalid URL.  What is in your /var/squid/logs/access.log when you get these errors?

                  1 Reply Last reply Reply Quote 0
                  • G
                    guep
                    last edited by

                    these is my access.log after activating transparaent mode:

                    1418066349.321      2 192.168.200.10 NONE/400 3644 GET /pki/crl/products/MicWinHarComPCA_2010-11-01.crl - NONE/- text/html
                    1418066349.354      2 192.168.200.10 NONE/400 3646 GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl - NONE/- text/html
                    1418066349.376      2 192.168.200.10 NONE/400 3638 GET /pki/crl/products/MicTimStaPCA_2010-07-01.crl - NONE/- text/html
                    1418066349.398      2 192.168.200.10 NONE/400 3626 GET /pki/crl/products/microsoftrootcert.crl - NONE/- text/html
                    1418066349.418      2 192.168.200.10 NONE/400 3638 GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl - NONE/- text/html
                    1418066349.439      2 192.168.200.10 NONE/400 3638 GET /pki/crl/products/MicRooCerAut_2010-06-23.crl - NONE/- text/html
                    1418066349.460      2 192.168.200.10 NONE/400 3604 GET /pki/crl/products/WinPCA.crl - NONE/- text/html
                    1418066349.503      2 192.168.200.10 NONE/400 3702 GET /pki/CRL/products/Microsoft%20Windows%20Hardware%20Compatibility%20PCA(1).crl - NONE/- text/html
                    1418066349.524      2 192.168.200.10 NONE/400 3634 GET /pki/crl/products/MicrosoftTimeStampPCA.crl - NONE/- text/html
                    1418066349.545      2 192.168.200.10 NONE/400 3658 GET /pkiops/crl/Microsoft%20Update%20Signing%20CA%202.3.crl - NONE/- text/html
                    1418066349.567      2 192.168.200.10 NONE/400 3658 GET /pkiops/crl/Microsoft%20Update%20Signing%20CA%201.1.crl - NONE/- text/html
                    1418066349.588      2 192.168.200.10 NONE/400 3674 GET /pkiops/crl/Microsoft%20Update%20Secure%20Server%20CA%202.1.crl - NONE/- text/html
                    1418066349.630      2 192.168.200.10 NONE/400 3694 GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?5eda0960e840cbed - NONE/- text/html
                    1418066349.652      2 192.168.200.10 NONE/400 3706 GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fee089f2a5d1b1b6 - NONE/- text/html
                    1418066464.073      2 192.168.200.10 NONE/400 3550 GET / - NONE/- text/html
                    1418066464.139      6 192.168.200.10 NONE/400 4852 GET /activeview?id=osdim&avi=BMSpVg_eFVLfDLazi7ga2qoHADgD6iLLNygEAABABOAHIAQTgAgDgBAGgBgSoE4AB&ti=1&adk=781421690&p=670,241,760,969&tos=0,0,0,0,0&mtos=0,0,0,0,0&rs=3&ht=0&fp=correlator%3D4000277917613494%26iu%3D%252F1022330%252FSTNET_Leaderboard%26oid%3D3%26url%3Dhttp%253A%252F%252Fwww.speedtest.net%252F&afp=%26output%3Djson_html%26impl%3Dfif%26dt%3D1418065807648%26adx%3D241%26ady%3D670%26ifi%3D5%26flash%3D15.0.0&tmo=1916&tme=2328&tdl=1966&abd=3-0-42&r=u&bs=1349,657&bos=1382,744&ps=1349,1461&ss=1366,768&tt=666504&pt=2447&deb=1-5-5-39-52-6&tvt=25363&uc=42 - NONE/- text/html
                    1418066464.140      4 192.168.200.10 NONE/400 4954 GET /activeview?id=osdtos&avi=BX_ZAg_eFVLChE-ea7QbQ34GoDwCrsqaCiQEAABABOAHIAQLgAgDgBAGgBgKoE4AB&ti=1&adk=2403608829&p=450,986,700,1286&tos=0,24094,0,0,0&mtos=0,16994,16994,16994,16994&rs=3&ht=0&tfs=1679&tls=668950&fp=correlator%3D4000277917613494%26iu%3D%252F1022330%252FSTNET_Leaderboard%26oid%3D3%26url%3Dhttp%253A%252F%252Fwww.speedtest.net%252F&afp=%26output%3Djson_html%26impl%3Dfif%26dt%3D1418065807201%26adx%3D986%26ady%3D450%26ifi%3D4%26flash%3D15.0.0&tmo=1281&tme=1678&tdl=1337&abd=2-0-45&r=u&bs=1349,657&bos=1382,744&ps=1349,1461&ss=1366,768&tt=666504&pt=2447&deb=1-5-5-39-52-6&tvt=25363&uc=45 - NONE/- text/html
                    1418066464.238      2 192.168.200.10 NONE/400 3578 GET /Artwork/SN.png - NONE/- text/html
                    1418066464.259      2 192.168.200.10 NONE/400 3572 GET /favicon.ico - NONE/- text/html
                    1418066464.569      2 192.168.200.10 NONE/400 3572 GET /favicon.ico - NONE/- text/html
                    1418066522.232      2 192.168.200.10 NONE/400 3550 GET / - NONE/- text/html
                    1418066522.290      2 192.168.200.10 NONE/400 3578 GET /Artwork/SN.png - NONE/- text/html
                    1418066565.388      2 192.168.200.10 NONE/400 3550 GET / - NONE/- text/html
                    1418066565.444      2 192.168.200.10 NONE/400 3578 GET /Artwork/SN.png - NONE/- text/html
                    1418066565.457      2 192.168.200.10 NONE/400 3572 GET /favicon.ico - NONE/- text/html
                    1418066565.474      2 192.168.200.10 NONE/400 3572 GET /favicon.ico - NONE/- text/html

                    and the cache.log :

                    2014/12/08 20:18:56| Store logging disabled
                    2014/12/08 20:18:56| User-Agent logging is disabled.
                    2014/12/08 20:18:56| Referer logging is disabled.
                    2014/12/08 20:18:56| DNS Socket created at [::], FD 7
                    2014/12/08 20:18:56| DNS Socket created at 0.0.0.0, FD 9
                    2014/12/08 20:18:56| Adding domain localdomain from /etc/resolv.conf
                    2014/12/08 20:18:56| Adding nameserver 127.0.0.1 from /etc/resolv.conf
                    2014/12/08 20:18:56| Adding nameserver 195.3.96.67 from /etc/resolv.conf
                    2014/12/08 20:18:56| Adding nameserver 213.33.98.136 from /etc/resolv.conf
                    2014/12/08 20:18:56| Adding nameserver 195.3.96.67 from /etc/resolv.conf
                    2014/12/08 20:18:56| Adding nameserver 213.33.98.136 from /etc/resolv.conf
                    2014/12/08 20:18:56| helperOpenServers: Starting 0/0 'ssl_crtd' processes
                    2014/12/08 20:18:56| helperOpenServers: No 'ssl_crtd' processes needed.
                    2014/12/08 20:18:56| Accepting  HTTP connections at 192.168.200.1:3128, FD 11.
                    2014/12/08 20:18:56| Accepting ICP messages at [::]:7, FD 12.
                    2014/12/08 20:18:56| HTCP Disabled.
                    2014/12/08 20:18:56| Loaded Icons.
                    2014/12/08 20:18:56| Ready to serve requests.
                    2014/12/08 20:19:06| Reconfiguring Squid Cache (version 3.1.22)…
                    2014/12/08 20:19:06| FD 11 Closing HTTP connection
                    2014/12/08 20:19:06| FD 12 Closing ICP connection
                    2014/12/08 20:19:06| Processing Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
                    2014/12/08 20:19:06| Starting Authentication on port 127.0.0.1:3128
                    2014/12/08 20:19:06| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
                    2014/12/08 20:19:06| Disabling IPv6 on port 127.0.0.1:3128 (interception enabled)
                    2014/12/08 20:19:06| Initializing https proxy context
                    2014/12/08 20:19:07| Store logging disabled
                    2014/12/08 20:19:07| User-Agent logging is disabled.
                    2014/12/08 20:19:07| Referer logging is disabled.
                    2014/12/08 20:19:07| DNS Socket created at [::], FD 7
                    2014/12/08 20:19:07| DNS Socket created at 0.0.0.0, FD 9
                    2014/12/08 20:19:07| Adding domain localdomain from /etc/resolv.conf
                    2014/12/08 20:19:07| Adding nameserver 127.0.0.1 from /etc/resolv.conf
                    2014/12/08 20:19:07| Adding nameserver 195.3.96.67 from /etc/resolv.conf
                    2014/12/08 20:19:07| Adding nameserver 213.33.98.136 from /etc/resolv.conf
                    2014/12/08 20:19:07| Adding nameserver 195.3.96.67 from /etc/resolv.conf
                    2014/12/08 20:19:07| Adding nameserver 213.33.98.136 from /etc/resolv.conf
                    2014/12/08 20:19:07| helperOpenServers: Starting 0/0 'ssl_crtd' processes
                    2014/12/08 20:19:07| helperOpenServers: No 'ssl_crtd' processes needed.
                    2014/12/08 20:19:07| Accepting  HTTP connections at 192.168.200.1:3128, FD 11.
                    2014/12/08 20:19:07| Accepting  intercepted HTTP connections at 127.0.0.1:3128, FD 12.
                    2014/12/08 20:19:07| Accepting ICP messages at [::]:7, FD 14.
                    2014/12/08 20:19:07| HTCP Disabled.
                    2014/12/08 20:19:07| Loaded Icons.
                    2014/12/08 20:19:07| Ready to serve requests.

                    regards
                    Günter

                    1 Reply Last reply Reply Quote 0
                    • KOMK
                      KOM
                      last edited by

                      Everything looks good to me.  I have no idea why transparent mode for Squid doesn't work for you, sorry.

                      1 Reply Last reply Reply Quote 0
                      • G
                        guep
                        last edited by

                        bad luck for me  :'(

                        many thanks for your support.

                        maybe some other user had the same problems and can post here a solution.

                        regards
                        Günter

                        1 Reply Last reply Reply Quote 0
                        • KOMK
                          KOM
                          last edited by

                          One thing I will say is that I've had better luck with Squid 2 than Squid 3.  I would also try one of the 2.2 snapshots and see if it makes any different at all for you.

                          1 Reply Last reply Reply Quote 0
                          • T
                            Tikimotel
                            last edited by

                            Have you tried setting the logging option to either "Encode" or "Allow" ?

                            
strip: The whitespace characters are stripped out of the URL. This is the behavior recommended by RFC2396.
deny: The request is denied. The user receives an "Invalid Request" message.
allow: The request is allowed and the URI is not changed. The whitespace characters remain in the URI.
encode: The request is allowed and the whitespace characters are encoded according to RFC1738.
chop:The request is allowed and the URI is chopped at the first whitespace.

                            With "squid3-dev" you could try with "forwarded_for transparent" typed into "Custom ACLS (Before_Auth)" field (and with the "Disable X-Forward" not selected off course.)

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.