Squidguard Target Rules List in the Common ACL tab only shows All (allow / deny)
-
I have pfsense installed on an alix.2D13 using a preinstalled instance of pfsense on a 4 GB flash drive. So far, I very much like this firewall and everything is configuring up nicely.
My entire purpose for setting up this firewall is to protect the home from pornography. Therefore I need squid and squidguard working.
My problem is that the Target Rules List in the Common ACL tab is empty (or shall I say has one entry for ALL - allow / deny).
I have followed other discussions in the forum followed their advice and have banged my head against it for several days.On my latest attempt to install the squid and squidguard packages, I did an SSH into the terminal, did a factory reset, and tried again.
On this last round, I have tried installing Squid 3, setting it up as a transparent proxy and testing the proxy by adding one item to the blacklist.acl and demostrating that the proxy works perfectly. Then, I install Squidguard for Squid 3. The blacklist options checklist is checked, and I have installed the shallalist.tar.gz and seen the message of the upload and updating the DB successfully. Squidguard is working with the exception of the Target Rules List in the Common ACL tab. The Target Rules List in the Common ACL tab still only shows All (allow / deny) as the only option. If I set it to deny, the internet is dead. If set to allow, everything is available - including what I don't want available.
I have uninstalled the two packages and installed version 2 of both Squid and Squidguard. Same result.
Any advice? Is there a workaround, such as hard coding values into a squidguard config file?
-
On ALIX, make sure you set your Squid hard disk cache size to 0 and the file system to null. I assume that under Services - Proxy filter - General Settings - Blacklist options, that you have Blacklist checked?
-
Thank you for the reply KOM. I have now changed the hard disk cache size to 0 and the file system to null. Blacklist is checked and has been checked all along. After resetting the first two values, I rebooted the firewall just to make certain, reuploaded the shallalist.tar.gz. Unfortunately, no change in the Target Rules List.
-
OK, just to check the really obvious, you are clicking the small green arrow icon beside the Target Rules List text to expand the list?
-
That is correct, I click the little green arrow and all that is available is "All" with the allow / deny option.
Here is what I am seeing in the logs if this is helpful.
Jan 23 13:31:18 php: rc.start_packages: Reloading Squid for configuration sync
Jan 23 13:31:18 php: rc.start_packages: Not calling package sync code for dependency squid of squid because some include files are missing.
Jan 23 13:31:19 php: rc.start_packages: Reloading Squid for configuration sync
Jan 23 13:31:21 php: rc.start_packages: Reloading Squid for configuration sync
Jan 23 13:31:22 php: rc.start_packages: Reloading Squid for configuration sync
Jan 23 13:31:24 php: rc.start_packages: Reloading Squid for configuration sync
Jan 23 13:31:26 php: rc.start_packages: Reloading Squid for configuration sync
Jan 23 13:31:30 squid[20327]: Squid Parent: child process 20746 exited with status 0
Jan 23 13:31:31 php: rc.start_packages: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was ''
Jan 23 13:31:33 squid[56785]: Squid Parent: child process 57026 started
Jan 23 13:31:36 php: rc.start_packages: Reloading Squid for configuration sync
Jan 23 13:31:36 php: rc.start_packages: Reloading Squid for configuration sync
Jan 23 13:31:38 check_reload_status: Syncing firewall
Jan 23 13:31:38 squid[57026]: The url_rewriter helpers are crashing too rapidly, need help!
Jan 23 13:31:38 squid[56785]: Squid Parent: child process 57026 exited due to signal 6
Jan 23 13:31:38 kernel: pid 57026 (squid), uid 62: exited on signal 6
Jan 23 13:31:38 php: rc.start_packages: The command '/usr/bin/killall 'squidGuard'' returned exit code '1', the output was 'killall: warning: kill -TERM 64958: No such process killall: warning: kill -TERM 64613: No such process'
Jan 23 13:31:39 check_reload_status: Syncing firewall
Jan 23 13:31:40 php: /pkg_edit.php: Reloading Squid for configuration sync
Jan 23 13:31:40 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure' returned exit code '1', the output was 'squid: ERROR: Could not send signal 1 to process 57026: (3) No such process'
Jan 23 13:31:42 squid[56785]: Squid Parent: child process 79693 started -
Additionally, now, the shallalist.tar.gz loads faster, but shortly after loading, it seems to overwhelm the system and everyone gets booted off the internet. Even the gui for the web console freezes up and kicks me off. A few moments later, I am prompted to log back in.
-
I have exact the same problem here:
Blacklist update tells all ok, but in the logs I see
Jan 22 18:59:07 php: squidGuard_blacklist_update.sh: The command 'umount -f /tmp/squidGuard' returned exit code '1', the output was 'umount: /tmp/squidGuard: not a file system root directory'
Jan 22 18:59:07 php: squidGuard_blacklist_update.sh: The command '/bin/cp -f -p /tmp/squidGuard/arcdb/blacklist.files /usr/pbi/squidguard-squid3-amd64/etc/squidGuard' returned exit code '1', the output was 'cp: /tmp/squidGuard/arcdb/blacklist.files: No such file or directory'
Jan 22 18:58:57 php: squidGuard_blacklist_update.sh: The command '/usr/bin/tar zxvf /tmp/squidguard_blacklist.tar -C /tmp/squidGuard/unpack' returned exit code '1', the output was 'tar: Failed to set default locale tar: Error opening archive: Unrecognized archive format'
Jan 22 18:58:57 php: squidGuard_blacklist_update.sh: The command 'chmod 1777 /tmp/squidGuard' returned exit code '1', the output was 'chmod: /tmp/squidGuard: No such file or directory'
Jan 22 18:58:57 php: squidGuard_blacklist_update.sh: The command '/sbin/mdmfs -s 300M md15 /tmp/squidGuard' returned exit code '1', the output was 'mdmfs: mount exited with error code 1'Forgot to mention that i work on a full install with 20GB disk.
-
The problem is the limited amount of space on the ALIX ramdisk. The Shallalist is quite large, whereas other lists are smaller. I think I remember JimP saying that the MESD list is smaller and may work, but SquidGuard & blacklists under ALIX is not officially supported.
Found it:
https://forum.pfsense.org/index.php?topic=80410.0
-
I am going to have to give up and accept that I have to get a more powerful system to do this. I tried reducing the size of the shallalist.tar.gz to only what I want. But for some reason, while it appears that the databases are being updated, they apparently are not as the blacklist.files file does not exist as it should per this log entry.
klist_update.sh: The command '/bin/cp -f -p /tmp/squidGuard/arcdb/blacklist.files /usr/pbi/squidguard-i386/etc/squidGuard' returned exit code '1', the output was 'cp: /u6/etc/squidGuard/blacklist.files: Read-only file system'
I also do not appear to be able to hack the config files to make it work. You guys did too good of a job at securing this thing down.
Thank you for your help. At least now I know.