Squid3 can't find libmd5.so.0
-
just a wild guess, compare your advanced settings under system. I think you have to disable the web GUI redirect
-
marcelloc, it appears to be working now, websites are loading and the log looks back to normal - thanks!!
I'm not having as much luck unfortunately. I've updated to the latest pfsense 2.2 release, removed squid3 package, recursively deleted /var/squid and re-installed squid3 and it is not working properly. With transparent proxy enabled it is passing http traffic (vs. error pages before) but the access.log is empty (not created actually) and the cache.log has a single entry in it from the installation:
2015/01/10 12:24:58 kid1| Creating missing swap directoriesam I missing something here? I'm not running squidGuard or havp in conjunction with this, just attempting squid3 in transparent mode.
-
Check the folder permissions for /var/squid/logs. Make sure it's set to proxy:proxy. I ran into this earlier on my test box. After correcting the permissions, the access.log was created and started to log entries. I don't use transparent mode, but I don't think its related.
-
trouserless, install squid package from pfsense gui - 3.4.10_2 pkg 0.2.2 its been updated tp working. Once I configured the settings I had to stop and restart the service to get it going
-
just a wild guess, compare your advanced settings under system. I think you have to disable the web GUI redirect
That's the first thing I've checked.
The reverse proxy part seems to be broken, at least for me, at the moment. -
Check the folder permissions for /var/squid/logs. Make sure it's set to proxy:proxy. I ran into this earlier on my test box. After correcting the permissions, the access.log was created and started to log entries. I don't use transparent mode, but I don't think its related.
tried that and it is proxy:proxy
$ ls -la /var/squid/logs total 24 drwxr-xr-x 2 proxy proxy 512 Jan 10 12:43 . drwxr-xr-x 6 root wheel 512 Jan 10 12:24 .. -rw-r----- 1 proxy proxy 0 Jan 10 12:43 access.log -rw-r----- 1 proxy proxy 518 Jan 10 13:34 cache.logI checked the cache.log because it had grown and found:
$ cat /var/squid/logs/cache.log 2015/01/10 12:24:58 kid1| Creating missing swap directories 2015/01/10 12:43:37 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.0... 2015/01/10 12:43:38 kid1| /var/run/squid.pid: (1) Operation not permitted 2015/01/10 12:43:38 kid1| WARNING: Could not write pid file 2015/01/10 13:33:55 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.0... 2015/01/10 13:33:56 kid1| /var/run/squid.pid: (1) Operation not permitted 2015/01/10 13:33:56 kid1| WARNING: Could not write pid fileI checked the /var/run directory is owned by root:wheel which looks proper.
One other bit of strangeness is that I no longer have access via ssh (I'm using the command prompt feature for the above troubleshooting). I goto the services page and sshd is showed as stopped. I try and start it and it does not. It worked before and it is enabled via the GUI toggle. I checked system logs and nothing about sshd. Is anyone else seeing this issue with sshd? Thanks for the help/ideas Cino (and others)
-
Are you using the official pbi from http://files.pfsense.org/packages/10/All/ now (i.e via pfsense GUI) or are you still using the manual method?
I noticed that there just have been an update to the pbi and curious to see if works the "official way" now.
squid-3.4.10_2-amd64.pbi, 09-Jan-2015 20:25
Would try it myself but I not at home this weekend… -
I think I figured out the issue with squid.pid… Well at least a workaround for now. This is for the pbi install of 3.4.10_2 pkg 0.2.2 only
I installed a fresh copy of 2.2 amd64... And I noticed this in my log when I would save the squid config
Jan 10 20:52:24 check_reload_status: Reloading filter Jan 10 20:52:24 php-fpm[53753]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/local/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy' Jan 10 20:52:24 php-fpm[53753]: /pkg_edit.php: Reloading Squid for configuration sync Jan 10 20:52:20 php-fpm[53753]: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no Jan 10 20:52:20 check_reload_status: Reloading filter Jan 10 20:52:20 check_reload_status: Syncing firewall Jan 10 20:52:20 php-fpm[53753]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/local/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy' Jan 10 20:52:20 php-fpm[53753]: /pkg_edit.php: Reloading Squid for configuration sync Jan 10 20:52:16 php-fpm[53753]: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no Jan 10 20:51:33 squid[58129]: Squid Parent: (squid-1) process 58656 started Jan 10 20:51:33 squid[58129]: Squid Parent: will start 1 kids Jan 10 20:51:33 php-fpm[51398]: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy' Jan 10 20:51:17 syslogd: kernel boot file is /boot/kernel/kernelI checked to see if its running and it is. Paths are a little off but its running
proxy 11491 24.0 1.3 112428 26212 - S 8:50PM 0:00.18 (squid-1) -f /usr/pbi/squid-amd64/local/etc/squid/squid.conf (squid) root 10590 21.0 0.7 71468 13908 - Ss 8:50PM 0:00.00 /usr/local/sbin/squid -f /usr/pbi/squid-amd64/local/etc/squid/squid.conf root 19788 0.0 0.1 18884 2384 0 S+ 8:50PM 0:00.00 grep squidI then did a search for squid.pid "find /-name squid.pid" It came up empty.. This is bad, because the reconfigure/rotate commands wont be able to hook into the process that is running.
I then ran squid -v and noticed its compiled with option '–with-pidfile=/var/run/squid/squid.pid' but the config file is using /var/run/squid.pid. Is this the reason?
Probably not, thinking it has to be a permission issue, where squid can't create its own pid since its run as user proxyHere is my workaround until it can be fix in the pbi/package itself
run the following from cmdline
mkdir /var/run/squid chown proxy:wheel /var/run/squid chmod 777 /var/run/squid #not ideal but it works for nowEdit file /usr/local/pkg/squid.inc
On line 943 you will find $pidfile = "{$g['varrun_path']}/squid.pid"; change it to:
$pidfile = "{$g['varrun_path']}/squid/squid.pid";Now killall squid or stop the squid service.. Click on Save within the Squid GUI and you should have a /var/run/squid/squid.pid
Click Save again and the timestamp should change for the pid file.
Hope this help!
edit:
bug report
https://redmine.pfsense.org/issues/4196 -
Here is my workaround until it can be fix in the pbi/package itself
run the following from cmdline
mkdir /var/run/squid chown proxy:wheel /var/run/squid chmod 777 /var/run/squid #not ideal but it works for nowEdit file /usr/local/pkg/squid.inc
On line 943 you will find $pidfile = "{$g['varrun_path']}/squid.pid"; change it to:
$pidfile = "{$g['varrun_path']}/squid/squid.pid";Now killall squid or stop the squid service.. Click on Save within the Squid GUI and you should have a /var/run/squid/squid.pid
Click Save again and the timestamp should change for the pid file.
Hope this help!
edit:
bug report
https://redmine.pfsense.org/issues/4196I followed this and it now works with the most recent 2.2RC. Thanks so much Cino - funny how the missing PID file would cause such strange behavior.
Additionally the sshd service now works with this mornings 2.2RC update. It is now echoing ssh debug messages to the console which it was not doing before:
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1I'll look around to see what that is.
Thanks again Cino
-
Nothing particular that could point me in the right direction so far.
To be fairly honest, I didn't test it like it should be so can't say much so far.From what I've seen it will always try to forward pfsense webgui on the external FQDN, regardless of what you've set on the backend servers/redirets/mappings etc.
Again, I doubt it's a matter of settings since the same net, same webservers and so on are working right now on 2.1.5.
Will try to provide you some more informations as soon as I can.
Cheers ;)Quoting myself, anyone tried Squid's reverse proxy within the new 0.2.2 package yet?
-
Have you tried the squid.pid workaround yet? Could be related since squid can't reconfigure itself. Don't have time right now but I'll try a simple redirect setup and see if it works.
-
Installed from GUI today and can confirm it works for me as well (transparent proxy included). No need for the 'ln-fix' for the libs and etc dirs, the pid-file issue is however a there but it can be solved with the workaround from Cino (though I didn´t do the chmod:ing since it didn´t seemed to be needed).
-
Installed from GUI today and can confirm it works for me as well (transparent proxy included). No need for the 'ln-fix' for the libs and etc dirs, the pid-file issue is however a there but it can be solved with the workaround from Cino (though I didn´t do the chmod:ing since it didn´t seemed to be needed).
it wouldn't create the pid for me… i'll knock it down to 755 and try it again
-
Nothing particular that could point me in the right direction so far.
To be fairly honest, I didn't test it like it should be so can't say much so far.From what I've seen it will always try to forward pfsense webgui on the external FQDN, regardless of what you've set on the backend servers/redirets/mappings etc.
Again, I doubt it's a matter of settings since the same net, same webservers and so on are working right now on 2.1.5.
Will try to provide you some more informations as soon as I can.
Cheers ;)Quoting myself, anyone tried Squid's reverse proxy within the new 0.2.2 package yet?
I did a basic setup and I'm able to get 'Unable to forward this request at this time.' error… The way I have my test VM setup, it wont be able to send to any external servers... What I did notice is that it couldn't bind to port 80. I was able to change the port to 9080 and it was able to bind with it. So I think its working but something is preventing it from binding with port 80. My normal practice for reverse proxy is setup a WAN NAT Port 80 redirect it to loopback:9080. Have a reverse proxy listen to loopback:9080... Maybe something like that will work for you?
Noticed this in the squid.log
2015/01/11 18:51:15 kid1| commBind: Cannot bind socket FD 35 to 192.168.0.70:80: (13) Permission denied
2015/01/11 18:51:15 kid1| commBind: Cannot bind socket FD 36 to 192.168.120.128:80: (13) Permission denied -
Fiddled around with Squid again, and it seemed the PID issue Cino described also affected my configuration; the pid was not present.
It was necessary to drop permissions to 755 to make Cino's fix work.Now the pid file is being created, but it's only a step further because another issue popped up:
2015/01/12 01:09:47 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.0... 2015/01/12 01:09:48| pinger: Initialising ICMP pinger ... 2015/01/12 01:09:48| icmp_sock: (1) Operation not permitted 2015/01/12 01:09:48| pinger: Unable to start ICMP pinger. 2015/01/12 01:09:48| icmp_sock: (1) Operation not permitted 2015/01/12 01:09:48| pinger: Unable to start ICMPv6 pinger. 2015/01/12 01:09:48| FATAL: pinger: Unable to open any ICMP sockets.Did the chmod 755 on the pinger, but it yielded no positive result.
Squid appears to be running, but still not transparent.
I must admit that the multiple issues with this package really got me going in circles.Cheers.
-
Nothing particular that could point me in the right direction so far.
To be fairly honest, I didn't test it like it should be so can't say much so far.From what I've seen it will always try to forward pfsense webgui on the external FQDN, regardless of what you've set on the backend servers/redirets/mappings etc.
Again, I doubt it's a matter of settings since the same net, same webservers and so on are working right now on 2.1.5.
Will try to provide you some more informations as soon as I can.
Cheers ;)Quoting myself, anyone tried Squid's reverse proxy within the new 0.2.2 package yet?
I did a basic setup and I'm able to get 'Unable to forward this request at this time.' error… The way I have my test VM setup, it wont be able to send to any external servers... What I did notice is that it couldn't bind to port 80. I was able to change the port to 9080 and it was able to bind with it. So I think its working but something is preventing it from binding with port 80. My normal practice for reverse proxy is setup a WAN NAT Port 80 redirect it to loopback:9080. Have a reverse proxy listen to loopback:9080... Maybe something like that will work for you?
Noticed this in the squid.log
2015/01/11 18:51:15 kid1| commBind: Cannot bind socket FD 35 to 192.168.0.70:80: (13) Permission denied
2015/01/11 18:51:15 kid1| commBind: Cannot bind socket FD 36 to 192.168.120.128:80: (13) Permission deniedThank you for those infos. :)
I've usually never set up a NAT rule to make reverse proxy work properly.
All I had to do was pulling out a wan rule with destination wan address on port 80/443, and everything was ready to go.
That's pretty strange. Will see what I can get out of it.
Cheers! -
it wouldn't create the pid for me… i'll knock it down to 755 and try it again
It was necessary to drop permissions to 755 to make Cino's fix work.
Hm.. do we have different umask? Strange that you would have to change the permissions otherwise..
Mine is 0022 anyway. -
Hi guys.
The /var/run/squid issue pointed by cino will be fixed on next package update
The Cannot bind socket FD 30 to 192.168.1.1:443: (13) Permission denied on reverse proxy maybe related to this
https://www.freebsd.org/doc/handbook/mac-policies.htmlFor now, listen squid on high ports and nat it too 80,443 until I find a way to workaround it.To fix it without mac-policies, edit net.inet.ip.portrange.first system tunable(system advanced menu) option from 1024 to 0.
After config option change, stop and start squid.
-
Thanks Marcelloc!!!
Do you think the below error could also be related to the permissions of the user?
2015/01/12 01:09:47 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.0... 2015/01/12 01:09:48| pinger: Initialising ICMP pinger ... 2015/01/12 01:09:48| icmp_sock: (1) Operation not permitted 2015/01/12 01:09:48| pinger: Unable to start ICMP pinger. 2015/01/12 01:09:48| icmp_sock: (1) Operation not permitted 2015/01/12 01:09:48| pinger: Unable to start ICMPv6 pinger. 2015/01/12 01:09:48| FATAL: pinger: Unable to open any ICMP sockets. -
Do you think the below error could also be related to the permissions of the user?
I'll try to test it too.
BTW, you can disable icmp pinger on squid config options.
