Squid3 can't find libmd5.so.0
-
As far as I know squid2 is maintain by the pfsense team while squid3 is by a community forum member.
Squid2 has been removed from freebsd ports. So I think it will not be in pfsense 2.2.
The way I'm testing squid3.4 on pfsense 2.2 until pbi builds are ok is using pkg add (very similar the way pfsense 2.0 works)
At least with pkg, all squid functions(including captive portal integration) are working.
-
Thanks Marcelloc!
Would it be possible for you to provide the steps your doing to install it correctly?
I'm assuming you install squid3.4 via pfSense Packages.. Once its installed, you then run pkg_add from the cmdline
I dont have access to my 2.2 test box at the moment but I looked at http://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages/All/ and only see squid-2.7.9_4.tbz, squid32-3.2.13.tbz, squid33-3.3.11.tbz.. I'm probably looking at the wrong repository since the file dates for those packages at almost a year ago and https://www.freebsd.org/cgi/ports.cgi?query=squid&stype=all shows squid-3.4.10_2 and squid33-3.3.13_2 only; no Squid2.
Have you ran into any issues with perl5-5.18.4_11 being installed? This would probably temporary fix the issues with lightsquid not being able to call perl
-
This is a workaround to get squid 3.4 working o pfsense 2.2(amd64) until pbi build are ok for this package.
This is not supported by core team! Use at your own risk!
First install squid package from pfsense gui
Next, we need to install pkg on pfsense 2.2, this can be done via console withpkg install axel
when it asks to proceed(proceed with this action?), you can cancel it if you do not need axel on your system
kill and uninstall any running squid daemon
killall squid pbi delete squid-3.4.10_2-amd64 rm -rf /usr/pbi/squid-amd64
if you have applied any patch or symlink while trying to run pbi squid version
rm -f /usr/lib/libmd5.so.0 rm -f /usr/lib/libecap.so.2 rm -rf /usr/local/etc/squid rm -rf /usr/local/libexec/squid
create a folder to download squid3.4 package
mkdir /root/squid34 cd /root/squid34 fetch http://e-sac.siteseguro.ws/packages/10/All/squid34_pfsense22.tar tar -xvf squid34_pfsense22.tar pkg add squid-3.4.10_2.txz pkg add squidclamav-6.10_2.txz pkg add clamav-0.98.5_1.txz
Save config on gui again and test squid.
-
I'm getting "Signature for pkg not available" after the pkg command
-
I'm getting "Signature for pkg not available" after the pkg command
Finish the pkg install axel cmd
-
Will the same procedure work on 2.1.5?
-
Will the same procedure work on 2.1.5?
It wont work on 2.1.5. The files that marcelloc complied are for freebsd10 amd64. 2.1.5 was built on 8.3.. Squid3-dev works on 2.1.5
-
Transparent proxy still does not work :(
-
Will the same procedure work on 2.1.5?
On 2.1.5, install squid3-dev package. I uses squid 3.3.10
-
Transparent proxy still does not work :(
Maybe related to some 2.2 RC issues, not squid itself.
Check if you don't have this error on your system logs
php: rc.filter_configure: PHP ERROR: Type: 2, File: /etc/inc/util.inc, Line: 184, Message: fsockopen(): unable to connect to unix:///var/run/check_reload_status:-1 (No such file or directory)
tracking this issue I've found this:
ldd /usr/local/sbin/check_reload_status /usr/local/sbin/check_reload_status: libsbuf.so.6 => /lib/libsbuf.so.6 (0x80084c000) libevent-2.0.so.5 => not found (0) libc.so.7 => /lib/libc.so.7 (0x800a4f000)
trying a manual fix:
ln -s /usr/local/lib/libevent-2.0.so.5 /lib/libevent-2.0.so.5
and check_reload_status seems to be ok again
ldd /usr/local/sbin/check_reload_status /usr/local/sbin/check_reload_status: libsbuf.so.6 => /lib/libsbuf.so.6 (0x80084c000) libevent-2.0.so.5 => /lib/libevent-2.0.so.5 (0x800a4f000) libc.so.7 => /lib/libc.so.7 (0x800c91000) libthr.so.3 => /lib/libthr.so.3 (0x801023000)
and also transparent proxy
grep 3128 /tmp/rules.debug rdr on em1 proto tcp from any to !(em1) port 80 -> 127.0.0.1 port 3128 pass in quick on em1 proto tcp from any to !(em1) port {80,443,3128,3127} flags S/SA keep state
I've opened a redmine for it, so core team can check this issue
-
I can confirm that error. It was also accompanied by sshd being unable to start. Reverting changes didn't help, but reinstalling the snapshot fixed sshd. I will try the fix you described sometime tomorrow. Thank you!
Transparent proxy still does not work :(
Maybe related to some 2.2 RC issues, not squid itself.
Check if you don't have this error on your system logs
php: rc.filter_configure: PHP ERROR: Type: 2, File: /etc/inc/util.inc, Line: 184, Message: fsockopen(): unable to connect to unix:///var/run/check_reload_status:-1 (No such file or directory)
tracking this issue I've found this:
ldd /usr/local/sbin/check_reload_status /usr/local/sbin/check_reload_status: libsbuf.so.6 => /lib/libsbuf.so.6 (0x80084c000) libevent-2.0.so.5 => not found (0) libc.so.7 => /lib/libc.so.7 (0x800a4f000)
trying a manual fix:
ln -s /usr/local/lib/libevent-2.0.so.5 /lib/libevent-2.0.so.5
and check_reload_status seems to be ok again
ldd /usr/local/sbin/check_reload_status /usr/local/sbin/check_reload_status: libsbuf.so.6 => /lib/libsbuf.so.6 (0x80084c000) libevent-2.0.so.5 => /lib/libevent-2.0.so.5 (0x800a4f000) libc.so.7 => /lib/libc.so.7 (0x800c91000) libthr.so.3 => /lib/libthr.so.3 (0x801023000)
and also transparent proxy
grep 3128 /tmp/rules.debug rdr on em1 proto tcp from any to !(em1) port 80 -> 127.0.0.1 port 3128 pass in quick on em1 proto tcp from any to !(em1) port {80,443,3128,3127} flags S/SA keep state
I've opened a redmine for it, so core team can check this issue
-
marcelloc
I ran into a small problem after following your steps
"(squid-1): Cannot open '/var/squid/logs/access.log' for writing. The parent directory must be writeable by the user 'proxy', which is the cache_effective_user set in squid.conf."
I was able to 'monkey' around with winscp to change permissions, not sure what I did but got past that. What would be the correct way of 'doing it right'transparent proxy still not working, under the real time tab this is what I see
09.01.2015 09:27:24 192.168.1.2 TCP_MISS/403 http://yahoo.com/favicon.ico - 127.0.0.1 09.01.2015 09:27:24 127.0.0.1 TCP_DENIED/403 http://yahoo.com/favicon.ico - - 09.01.2015 09:27:24 192.168.1.2 TCP_MISS/403 http://www.squid-cache.org/Artwork/SN.png - 127.0.0.1 09.01.2015 09:27:24 127.0.0.1 TCP_DENIED/403 http://www.squid-cache.org/Artwork/SN.png - -
grep 3128 /tmp/rules.debug rdr on em1 proto tcp from any to !(em1) port 80 -> 127.0.0.1 port 3128 pass in quick on em1 proto tcp from any to !(em1) port {80,3128} flags S/SA keep state
This seems to be fixed with the latest build 2.2-RC (amd64) built on Fri Jan 09 01:08:06 CST 2015
ldd /usr/local/sbin/check_reload_status /usr/local/sbin/check_reload_status: libsbuf.so.6 => /lib/libsbuf.so.6 (0x80084c000) libevent-2.0.so.5 => /usr/local/lib/libevent-2.0.so.5 (0x800a4f000) libc.so.7 => /lib/libc.so.7 (0x800c91000) libthr.so.3 => /lib/libthr.so.3 (0x801023000)
thanks for the steps, I'm learning a lot
-
transparent proxy still not working, under the real time tab this is what I see
09.01.2015 09:27:24 192.168.1.2 TCP_MISS/403 http://yahoo.com/favicon.ico - 127.0.0.1 09.01.2015 09:27:24 127.0.0.1 TCP_DENIED/403 http://yahoo.com/favicon.ico - - 09.01.2015 09:27:24 192.168.1.2 TCP_MISS/403 http://www.squid-cache.org/Artwork/SN.png - 127.0.0.1 09.01.2015 09:27:24 127.0.0.1 TCP_DENIED/403 http://www.squid-cache.org/Artwork/SN.png - -
fetch squid34_pfsense22.tar again. I've changed a compile option to include only pf transparent proxy.
remove squid package and reinstall it
pkg delete squid-3.4.10_2 pkg add squid-3.4.10_2.txz
-
marcelloc, it appears to be working now, websites are loading and the log looks back to normal - thanks!!
-
Talking about transparent proxy, latest 0.2.2 package works on Pfsense 2.2RC.
I still can't get squid 3 reverse to work, which is basically the main reason why I'm using squid3.
Same settings on 2.1.5 work like a charm.Thank you for all the efforts you are putting in fixing this.
/chapeau!
-
I haven't tried reverse proxy yet which is another feature I use from squid but I start-up another instance of squid using a conf i've created. For me, it keeps the logs separate since I use proxy for logging with lightsquid.
Anything in your system or squid logs that could pin point the issue?
-
Nothing particular that could point me in the right direction so far.
To be fairly honest, I didn't test it like it should be so can't say much so far.From what I've seen it will always try to forward pfsense webgui on the external FQDN, regardless of what you've set on the backend servers/redirets/mappings etc.
Again, I doubt it's a matter of settings since the same net, same webservers and so on are working right now on 2.1.5.
Will try to provide you some more informations as soon as I can.
Cheers ;) -
just a wild guess, compare your advanced settings under system. I think you have to disable the web GUI redirect
-
marcelloc, it appears to be working now, websites are loading and the log looks back to normal - thanks!!
I'm not having as much luck unfortunately. I've updated to the latest pfsense 2.2 release, removed squid3 package, recursively deleted /var/squid and re-installed squid3 and it is not working properly. With transparent proxy enabled it is passing http traffic (vs. error pages before) but the access.log is empty (not created actually) and the cache.log has a single entry in it from the installation:
2015/01/10 12:24:58 kid1| Creating missing swap directories
am I missing something here? I'm not running squidGuard or havp in conjunction with this, just attempting squid3 in transparent mode.
-
Check the folder permissions for /var/squid/logs. Make sure it's set to proxy:proxy. I ran into this earlier on my test box. After correcting the permissions, the access.log was created and started to log entries. I don't use transparent mode, but I don't think its related.