Transparent proxy not working after upgrade to 2.2

TieT

looks like a fw issue …
try creating a LAN firewall rule that allows lan devices to connect to 127.0.0.1:3128

![2015-01-25 17_23_49-Action center.jpg_thumb](/public/imported_attachments/1/2015-01-25 17_23_49-Action center.jpg_thumb)
![2015-01-25 17_23_49-Action center.jpg](/public/imported_attachments/1/2015-01-25 17_23_49-Action center.jpg)

Brandhor

@TieT:

looks like a fw issue …
try creating a LAN firewall rule that allows lan devices to connect to 127.0.0.1:3128

still not working

Brandhor

I've tried to disable all non essential rules and interfaces and this is the content of /tmp/rules.debug http://pastebin.com/M8D21nC1
I've compared it to a fresh installation and it looks kinda the same

marcelloc

I've did once again a clean install, check steps I did to get it working without hacks.

https://forum.pfsense.org/index.php?topic=87424.msg480232#msg480232

Brandhor

@marcelloc:

I've did once again a clean install, check steps I did to get it working without hacks.

https://forum.pfsense.org/index.php?topic=87424.msg480232#msg480232

unfortunately a reinstall is not an option for me since it's 300km away

marcelloc

Can you try removing all packages and reapply 2.2 firmware update?

Brandhor

@marcelloc:

Can you try removing all packages and reapply 2.2 firmware update?

I'll try tonight, should I also remove the packages configuration from config.xml?

marcelloc

I don't think so. As you posted, it doesn't looks like a package issue.

Brandhor

I tried to reapply the update but it's still not working

TieT

for what it's worth:
I'm using squid on 2.2 in transparent mode and its working.
But I'm not caching anything.

Can you output the contents of the squid.conf

Brandhor

@TieT:

for what it's worth:
I'm using squid on 2.2 in transparent mode and its working.
But I'm not caching anything.

Can you output the contents of the squid.conf

well it's not a squid issue but here it is http://pastebin.com/2htk2jg1

TieT

Here is mine

# Do not edit manually !
http_port 192.168.1.254:3128
http_port 127.0.0.1:3128 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/pbi/squid-i386/etc/squid/errors/English
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname fw1.home
cache_mgr tielens.t@gmail.com
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
logfile_rotate 7
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  192.168.1.0/255.255.255.0
uri_whitespace strip

cache_mem 10 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir diskd /var/squid/cache 500 16 256
minimum_object_size 0 KB
maximum_object_size 5 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95

# No redirector configured

squid.conf...skipping...
# Do not edit manually !
http_port 192.168.1.254:3128
http_port 127.0.0.1:3128 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/pbi/squid-i386/etc/squid/errors/English
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname fw1.home
cache_mgr TieT
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
logfile_rotate 7
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  192.168.1.0/255.255.255.0
uri_whitespace strip

cache_mem 10 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir diskd /var/squid/cache 500 16 256
minimum_object_size 0 KB
maximum_object_size 5 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95

# No redirector configured

# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE

marcelloc

Just to be sure, Are you selecting interfaces on squid general tab?

I'm asking because other users had this "issue".

Brandhor

@marcelloc:

Just to be sure, Are you selecting interfaces on squid general tab?

I'm asking because other users had this "issue".

yeah I had that issue as well after upgrading the other day but I fixed it soon after

Brandhor

I tried to load a config.xml that looks as much as possible like a fresh installation and also did a checksum of all files and compared them but I don't think there was anything wrong with them

the only clue I have is the CLOSED:SYN_SENT state but it's not much

TieT

That means, you have send a sync request but no one answers (connection is closed)

Did you set a virtual IP on the WAN or LAN ?

Brandhor

@TieT:

That means, you have send a sync request but no one answers (connection is closed)

Did you set a virtual IP on the WAN or LAN ?

no

Koenig

I have this issue as well.

Foud this in the log:
php-fpm[83033]: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k shutdown' returned exit code '1', the output was 'Shared object "libz.so.5" not found, required by "libmd5.so.1"'

marcelloc

@Koenig:

Foud this in the log:
php-fpm[83033]: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k shutdown' returned exit code '1', the output was 'Shared object "libz.so.5" not found, required by "libmd5.so.1"'

Is this setup a migration from 2.1 or any 2.2RC version?

Not getting it on amd64. :-\

doktornotor

@Koenig:

Foud this in the log:
php-fpm[83033]: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k shutdown' returned exit code '1', the output was 'Shared object "libz.so.5" not found, required by "libmd5.so.1"'

That thing gets removed. https://github.com/pfsense/pfsense/blob/master/etc/pfSense.obsoletedfiles


$ ls -l /usr/lib/libz.so*
lrwxr-xr-x  1 root  wheel  14 Jan 24 06:00 /usr/lib/libz.so -> /lib/libz.so.5

$ ls -l /lib/libz.so.5
ls: /lib/libz.so.5: No such file or directory

$ ls -l /lib/libz.so.6
-r--r--r--  1 root  wheel  79180 Jan 22 22:07 /lib/libz.so.6

This clearly is not done properly on FULL installs, as seen from the dangling dead symlinks.

Cf. that with nanobsd:


$ ls -l /usr/lib/libz.so*
lrwxr-xr-x  1 root  wheel  14 Jan 22 22:07 /usr/lib/libz.so -> /lib/libz.so.6

$ ls -l /lib/libz.so.6
-r--r--r--  1 root  wheel  79180 Jan 22 22:07 /lib/libz.so.6

@marcelloc:

Is this setup a migration from 2.1 or any 2.2RC version?
Not getting it on amd64. :-\

Apparently an upgrade process bug on full installs, rendering the updated library pretty much useless as it cannot be found. Just a few examples:


/usr/lib/libcrypto.so -> /lib/libcrypto.so.6
$ ls -l /lib/libcrypto.so.6
ls: /lib/libcrypto.so.6: No such file or directory

/usr/lib/libmd.so -> /lib/libmd.so.5
$ ls -l  /lib/libmd.so.5
ls: /lib/libmd.so.5: No such file or directory

$ ls -l /usr/lib/libusb.so*
lrwxr-xr-x  1 root  wheel     11 Jan 24 06:00 /usr/lib/libusb.so -> libusb.so.2
-r--r--r--  1 root  wheel  65068 Jan 22 22:07 /usr/lib/libusb.so.3

/usr/lib/libufs.so -> /lib/libufs.so.5
$ ls -l /lib/libufs.so.5
ls: /lib/libufs.so.5: No such file or directory

Badly, badly broken. >:( => https://redmine.pfsense.org/issues/4328