Squid3 can't find libmd5.so.0
-
Installed from GUI today and can confirm it works for me as well (transparent proxy included). No need for the 'ln-fix' for the libs and etc dirs, the pid-file issue is however a there but it can be solved with the workaround from Cino (though I didn´t do the chmod:ing since it didn´t seemed to be needed).
-
Installed from GUI today and can confirm it works for me as well (transparent proxy included). No need for the 'ln-fix' for the libs and etc dirs, the pid-file issue is however a there but it can be solved with the workaround from Cino (though I didn´t do the chmod:ing since it didn´t seemed to be needed).
it wouldn't create the pid for me… i'll knock it down to 755 and try it again
-
Nothing particular that could point me in the right direction so far.
To be fairly honest, I didn't test it like it should be so can't say much so far.From what I've seen it will always try to forward pfsense webgui on the external FQDN, regardless of what you've set on the backend servers/redirets/mappings etc.
Again, I doubt it's a matter of settings since the same net, same webservers and so on are working right now on 2.1.5.
Will try to provide you some more informations as soon as I can.
Cheers ;)Quoting myself, anyone tried Squid's reverse proxy within the new 0.2.2 package yet?
I did a basic setup and I'm able to get 'Unable to forward this request at this time.' error… The way I have my test VM setup, it wont be able to send to any external servers... What I did notice is that it couldn't bind to port 80. I was able to change the port to 9080 and it was able to bind with it. So I think its working but something is preventing it from binding with port 80. My normal practice for reverse proxy is setup a WAN NAT Port 80 redirect it to loopback:9080. Have a reverse proxy listen to loopback:9080... Maybe something like that will work for you?
Noticed this in the squid.log
2015/01/11 18:51:15 kid1| commBind: Cannot bind socket FD 35 to 192.168.0.70:80: (13) Permission denied
2015/01/11 18:51:15 kid1| commBind: Cannot bind socket FD 36 to 192.168.120.128:80: (13) Permission denied -
Fiddled around with Squid again, and it seemed the PID issue Cino described also affected my configuration; the pid was not present.
It was necessary to drop permissions to 755 to make Cino's fix work.Now the pid file is being created, but it's only a step further because another issue popped up:
2015/01/12 01:09:47 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.0... 2015/01/12 01:09:48| pinger: Initialising ICMP pinger ... 2015/01/12 01:09:48| icmp_sock: (1) Operation not permitted 2015/01/12 01:09:48| pinger: Unable to start ICMP pinger. 2015/01/12 01:09:48| icmp_sock: (1) Operation not permitted 2015/01/12 01:09:48| pinger: Unable to start ICMPv6 pinger. 2015/01/12 01:09:48| FATAL: pinger: Unable to open any ICMP sockets.Did the chmod 755 on the pinger, but it yielded no positive result.
Squid appears to be running, but still not transparent.
I must admit that the multiple issues with this package really got me going in circles.Cheers.
-
Nothing particular that could point me in the right direction so far.
To be fairly honest, I didn't test it like it should be so can't say much so far.From what I've seen it will always try to forward pfsense webgui on the external FQDN, regardless of what you've set on the backend servers/redirets/mappings etc.
Again, I doubt it's a matter of settings since the same net, same webservers and so on are working right now on 2.1.5.
Will try to provide you some more informations as soon as I can.
Cheers ;)Quoting myself, anyone tried Squid's reverse proxy within the new 0.2.2 package yet?
I did a basic setup and I'm able to get 'Unable to forward this request at this time.' error… The way I have my test VM setup, it wont be able to send to any external servers... What I did notice is that it couldn't bind to port 80. I was able to change the port to 9080 and it was able to bind with it. So I think its working but something is preventing it from binding with port 80. My normal practice for reverse proxy is setup a WAN NAT Port 80 redirect it to loopback:9080. Have a reverse proxy listen to loopback:9080... Maybe something like that will work for you?
Noticed this in the squid.log
2015/01/11 18:51:15 kid1| commBind: Cannot bind socket FD 35 to 192.168.0.70:80: (13) Permission denied
2015/01/11 18:51:15 kid1| commBind: Cannot bind socket FD 36 to 192.168.120.128:80: (13) Permission deniedThank you for those infos. :)
I've usually never set up a NAT rule to make reverse proxy work properly.
All I had to do was pulling out a wan rule with destination wan address on port 80/443, and everything was ready to go.
That's pretty strange. Will see what I can get out of it.
Cheers! -
it wouldn't create the pid for me… i'll knock it down to 755 and try it again
It was necessary to drop permissions to 755 to make Cino's fix work.
Hm.. do we have different umask? Strange that you would have to change the permissions otherwise..
Mine is 0022 anyway. -
Hi guys.
The /var/run/squid issue pointed by cino will be fixed on next package update
The Cannot bind socket FD 30 to 192.168.1.1:443: (13) Permission denied on reverse proxy maybe related to this
https://www.freebsd.org/doc/handbook/mac-policies.htmlFor now, listen squid on high ports and nat it too 80,443 until I find a way to workaround it.To fix it without mac-policies, edit net.inet.ip.portrange.first system tunable(system advanced menu) option from 1024 to 0.
After config option change, stop and start squid.
-
Thanks Marcelloc!!!
Do you think the below error could also be related to the permissions of the user?
2015/01/12 01:09:47 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.0... 2015/01/12 01:09:48| pinger: Initialising ICMP pinger ... 2015/01/12 01:09:48| icmp_sock: (1) Operation not permitted 2015/01/12 01:09:48| pinger: Unable to start ICMP pinger. 2015/01/12 01:09:48| icmp_sock: (1) Operation not permitted 2015/01/12 01:09:48| pinger: Unable to start ICMPv6 pinger. 2015/01/12 01:09:48| FATAL: pinger: Unable to open any ICMP sockets. -
Do you think the below error could also be related to the permissions of the user?
I'll try to test it too.
BTW, you can disable icmp pinger on squid config options.
-
Marcelloc, do you have any tips how we can troubleshoot the transparent proxy issue?
Cheers.
-
Marcelloc, do you have any tips how we can troubleshoot the transparent proxy issue?
Transparent proxy is working on my tests…
-
Marcelloc, do you have any tips how we can troubleshoot the transparent proxy issue?
Transparent proxy is working on my tests…
This is strange - I've updated to the latest 2.2RC as of 1/13/15 and I still have to create the /var/run/squid directory, change perms and chmod it in order to get squid3 to work. I've also noticed that once this starts running for a little while my load average climbs very high. I have an 8-core atom (c2758) and it scales to over 13x load average. When running top it shows either the squid or proxy user running 12 instances of .pbirun with WCPU evenly divided between the process (~8-9% each totally just shy of 100%). The proxy is working - the only other CPU intensive process is snort (and that is barley using any CPU according to top).
Anyone else see this?
-
This is strange - I've updated to the latest 2.2RC as of 1/13/15 and I still have to create the /var/run/squid directory, change perms and chmod it in order to get squid3 to work.
The new PBIs for squid haven't been build yet.
from https://files.pfsense.org/packages/10/All/
squid-3.4.10_2-amd64.pbi 09-Jan-2015 20:25 19231214 squid-3.4.10_2-amd64.pbi.sha256 09-Jan-2015 20:25 65 squid-3.4.10_2-i386.pbi 09-Jan-2015 20:45 18317590 squid-3.4.10_2-i386.pbi.sha256 09-Jan-2015 20:45 65 -
wait pkg version bump (maybe 0.2.3)…
-
0.2.3 package version is out! :)
https://github.com/pfsense/pfsense-packages/pull/786
-
0.2.3 package version is out! :)
https://github.com/pfsense/pfsense-packages/pull/786
Awesome!! You da the man!
I'm installing on a fresh amd64 install and will let you know if I run into any problems.
