Squid 3.4.9 no traffic in transparent mode.
-
What I meant was with forward_for you used to have "on" or "off".
Now with 3.3 and 3.4 you have multiple settings. (since 3.1)forward_for "on" # (default, send client IP info in forward for header) forward_for "off" # (tickbox, Disable X-forward option, always respond with "unknown", some forum sites don't like this option!) forward_for "transparant" # (do not touch anything, more private?) forward_for "delete" # (remove the header info entirely) forward_for "truncate" # (single, last, client IP info in the forward for header) -
The recent 3.4.10_2 pkg 0.2.5 just installed problem still seems there. I thought worked but maybe I didn't pay attention to what pages where ssl or not. I did turn on the icap just a second ago maybe that had something to do with it.
[2.2-RC][admin@pfSense.localdomain]/root: squid -k parse
2015/01/16 09:19:43| Startup: Initializing Authentication Schemes …
2015/01/16 09:19:43| Startup: Initialized Authentication Scheme 'basic'
2015/01/16 09:19:43| Startup: Initialized Authentication Scheme 'digest'
2015/01/16 09:19:43| Startup: Initialized Authentication Scheme 'negotiate'
2015/01/16 09:19:43| Startup: Initialized Authentication Scheme 'ntlm'
2015/01/16 09:19:43| Startup: Initialized Authentication.
2015/01/16 09:19:43| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2015/01/16 09:19:43| Processing: http_port 192.168.1.1:3128
2015/01/16 09:19:43| Processing: http_port 127.0.0.1:3128 intercept
2015/01/16 09:19:43| Starting Authentication on port 127.0.0.1:3128
2015/01/16 09:19:43| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2015/01/16 09:19:43| Processing: icp_port 0
2015/01/16 09:19:43| Processing: dns_v4_first off
2015/01/16 09:19:43| Processing: pid_filename /var/run/squid/squid.pid
2015/01/16 09:19:43| Processing: cache_effective_user proxy
2015/01/16 09:19:43| Processing: cache_effective_group proxy
2015/01/16 09:19:43| Processing: error_default_language en
2015/01/16 09:19:43| Processing: icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons
2015/01/16 09:19:43| Processing: visible_hostname Wholesale-florida.com
2015/01/16 09:19:43| Processing: cache_mgr sales@wholesale-florida.com
2015/01/16 09:19:43| Processing: access_log /var/squid/logs/access.log
2015/01/16 09:19:43| Processing: cache_log /var/squid/logs/cache.log
2015/01/16 09:19:43| Processing: cache_store_log none
2015/01/16 09:19:43| Processing: netdb_filename /var/squid/logs/netdb.state
2015/01/16 09:19:43| Processing: pinger_enable on
2015/01/16 09:19:43| Processing: pinger_program /usr/pbi/squid-amd64/local/libexec/squid/pinger
2015/01/16 09:19:43| Processing: logfile_rotate 0
2015/01/16 09:19:43| Processing: debug_options rotate=0
2015/01/16 09:19:43| Processing: shutdown_lifetime 3 seconds
2015/01/16 09:19:43| Processing: acl localnet src 192.168.0.0/16
2015/01/16 09:19:43| Processing: uri_whitespace strip
2015/01/16 09:19:43| Processing: acl dynamic urlpath_regex cgi-bin ?
2015/01/16 09:19:43| Processing: cache deny dynamic
2015/01/16 09:19:43| Processing: cache_mem 8 MB
2015/01/16 09:19:43| Processing: maximum_object_size_in_memory 32 KB
2015/01/16 09:19:43| Processing: memory_replacement_policy heap GDSF
2015/01/16 09:19:43| Processing: cache_replacement_policy heap LFUDA
2015/01/16 09:19:43| Processing: cache_dir ufs /var/squid/cache 100 16 256
2015/01/16 09:19:43| Processing: minimum_object_size 0 KB
2015/01/16 09:19:43| Processing: maximum_object_size 4 KB
2015/01/16 09:19:43| Processing: offline_mode off
2015/01/16 09:19:43| Processing: cache_swap_low 90
2015/01/16 09:19:43| Processing: cache_swap_high 95
2015/01/16 09:19:43| Processing: cache allow all
2015/01/16 09:19:43| Processing: acl allsrc src all
2015/01/16 09:19:43| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3127 1025-65535
2015/01/16 09:19:43| Processing: acl sslports port 443 563
2015/01/16 09:19:43| Processing: acl purge method PURGE
2015/01/16 09:19:43| Processing: acl connect method CONNECT
2015/01/16 09:19:43| Processing: acl HTTP proto HTTP
2015/01/16 09:19:43| Processing: acl HTTPS proto HTTPS
2015/01/16 09:19:43| Processing: http_access allow manager localhost
2015/01/16 09:19:43| Processing: http_access deny manager
2015/01/16 09:19:43| Processing: http_access allow purge localhost
2015/01/16 09:19:43| Processing: http_access deny purge
2015/01/16 09:19:43| Processing: http_access deny !safeports
2015/01/16 09:19:43| Processing: http_access deny CONNECT !sslports
2015/01/16 09:19:43| Processing: request_body_max_size 0 KB
2015/01/16 09:19:43| Processing: delay_pools 1
2015/01/16 09:19:43| Processing: delay_class 1 2
2015/01/16 09:19:43| Processing: delay_parameters 1 -1/-1 -1/-1
2015/01/16 09:19:43| Processing: delay_initial_bucket_level 100
2015/01/16 09:19:43| Processing: delay_access 1 allow allsrc
2015/01/16 09:19:43| Processing: http_access allow localnet
2015/01/16 09:19:43| Processing: http_access deny allsrc
2015/01/16 09:19:43| Initializing https proxy context -
forward_for "on" # (default, send client IP info in forward for header) forward_for "off" # (tickbox, Disable X-forward option, always respond with "unknown", some forum sites don't like this option!) forward_for "transparant" # (do not touch anything, more private?) forward_for "delete" # (remove the header info entirely) forward_for "truncate" # (single, last, client IP info in the forward for header)@marcelloc i'm going to try and added this to the GUI… I think its something I can handle :-)
Edit: https://github.com/pfsense/pfsense-packages/pull/789
-
3.4.10_2 pkg 0.2.5
Seems to work properly now just the antivirus I wish would work -
3.4.10_2 pkg 0.2.5
Seems to work properly now just the antivirus I wish would workIt does. Follow the steps in the error message. I posted a screen shot of what needs to be added in another thread.
https://forum.pfsense.org/index.php?topic=86890.msg477058#msg477058
-
While poking around looking for an issue not related to squid I saw something that looked out of place on the squid sockets. If you goto Diagnostics: Sockets there seems to be one squid setting that is outside the table. I don't notice any problems but cosmetic.
proxy squid 46690 14 udp4 6 *:60225 :seems like there is something extra there…...??
-
Well I got 503 error from UI and reinstalled pfsense now I get
Warning: dir(/usr/local/etc/squid/errors/): failed to open dir: No such file or directory in /etc/inc/pfsense-utils.inc on line 467 Fatal error: Call to a member function read() on a non-object in /etc/inc/pfsense-utils.inc on line 468
Found out that only the General Tab does that error.. I pulled up log and other tabs no problem in Squid 3.4.9
Guess I try another reinstall .. more problems with 2.2 then any other version I ever beta tested
-
Well I got 503 error from UI and reinstalled pfsense now I get
I've got this when tried to install squid again without removing previous manual symlinks fixes.
The message tells that errors dir does not exists or points to a invalid dir.
-
Well I reinstalled again and fixed that issue. And worked on LCDproc, put a request on github with fixes.
https://forum.pfsense.org/index.php?topic=83747.75#lastPost
Seems fingers crossed I got most working that I tried so far.. just I-cap won't start is all for me now.
So squid 3.4.10_2 pkg 0.2.5 works on my 1/16/15 64bit 2.2 version with clean install. I would guess this means that the problems that show maybe something to do with a bad install or other factors.
-
I would guess this means that the problems that show maybe something to do with a bad install or other factors.
Squid still doesn't work for me, and I'm thinking the same thing as you. Previous hacks trying to get things to work are giving me problems now. I think it's time for a fresh install.
-
Do you have loopback checked? If not, check it. In v2 Squid checking loopback never worked for me.. but it seems to do the trick in the latest v3.
-
Loopback is configured automatically on squid.conf when using transparent proxy.
-
My 5 cents: My "Invalid URL" issue was resolved by disabling the proxy from listening on the loopback adapter. The transparent proxy as marcelloc said is enabled by default which is fine.
Was not working.
http_port 192.168.x.1:3128
http_port 10.x.x.2:3128
http_port 127.0.0.1:3128
http_port 127.0.0.1:3128 interceptNow Working.
http_port 192.168.x.1:3128
http_port 10.x.x.2:3128
http_port 127.0.0.1:3128 interceptI also want to mention one side note if you're new to pfsense/squid and troubleshooting issues. If you are using any extra packages Dansguardian/Squidguard/HAVP etc… you might consider removing these until you ensure you have squid working just by itself. I've seen some packages when installed, even though they're disabled still add forwarding rules to squid in the integrations box - so basically it's forwarding to a proxy not running. This may give the illusion it's not working for those who are unfamiliar with what should normally be configured.
I'm always learning something new myself! :)
-
Thanks for the note :)
-
I got my copy fixed of these issues and a friends now..
https://forum.pfsense.org/index.php?topic=85965.msg544817#msg544817
