Transparent proxy not working after upgrade to 2.2

Brandhor

@TieT:

for what it's worth:
I'm using squid on 2.2 in transparent mode and its working.
But I'm not caching anything.

Can you output the contents of the squid.conf

well it's not a squid issue but here it is http://pastebin.com/2htk2jg1

TieT

Here is mine

# Do not edit manually !
http_port 192.168.1.254:3128
http_port 127.0.0.1:3128 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/pbi/squid-i386/etc/squid/errors/English
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname fw1.home
cache_mgr tielens.t@gmail.com
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
logfile_rotate 7
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  192.168.1.0/255.255.255.0
uri_whitespace strip

cache_mem 10 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir diskd /var/squid/cache 500 16 256
minimum_object_size 0 KB
maximum_object_size 5 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95

# No redirector configured

squid.conf...skipping...
# Do not edit manually !
http_port 192.168.1.254:3128
http_port 127.0.0.1:3128 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/pbi/squid-i386/etc/squid/errors/English
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname fw1.home
cache_mgr TieT
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
logfile_rotate 7
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  192.168.1.0/255.255.255.0
uri_whitespace strip

cache_mem 10 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir diskd /var/squid/cache 500 16 256
minimum_object_size 0 KB
maximum_object_size 5 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95

# No redirector configured

# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE

marcelloc

Just to be sure, Are you selecting interfaces on squid general tab?

I'm asking because other users had this "issue".

Brandhor

@marcelloc:

Just to be sure, Are you selecting interfaces on squid general tab?

I'm asking because other users had this "issue".

yeah I had that issue as well after upgrading the other day but I fixed it soon after

Brandhor

I tried to load a config.xml that looks as much as possible like a fresh installation and also did a checksum of all files and compared them but I don't think there was anything wrong with them

the only clue I have is the CLOSED:SYN_SENT state but it's not much

TieT

That means, you have send a sync request but no one answers (connection is closed)

Did you set a virtual IP on the WAN or LAN ?

Brandhor

@TieT:

That means, you have send a sync request but no one answers (connection is closed)

Did you set a virtual IP on the WAN or LAN ?

no

Koenig

I have this issue as well.

Foud this in the log:
php-fpm[83033]: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k shutdown' returned exit code '1', the output was 'Shared object "libz.so.5" not found, required by "libmd5.so.1"'

marcelloc

@Koenig:

Foud this in the log:
php-fpm[83033]: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k shutdown' returned exit code '1', the output was 'Shared object "libz.so.5" not found, required by "libmd5.so.1"'

Is this setup a migration from 2.1 or any 2.2RC version?

Not getting it on amd64. :-\

doktornotor

@Koenig:

Foud this in the log:
php-fpm[83033]: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k shutdown' returned exit code '1', the output was 'Shared object "libz.so.5" not found, required by "libmd5.so.1"'

That thing gets removed. https://github.com/pfsense/pfsense/blob/master/etc/pfSense.obsoletedfiles

$ ls -l /usr/lib/libz.so*
lrwxr-xr-x  1 root  wheel  14 Jan 24 06:00 /usr/lib/libz.so -> /lib/libz.so.5

$ ls -l /lib/libz.so.5
ls: /lib/libz.so.5: No such file or directory

$ ls -l /lib/libz.so.6
-r--r--r--  1 root  wheel  79180 Jan 22 22:07 /lib/libz.so.6

This clearly is not done properly on FULL installs, as seen from the dangling dead symlinks.

Cf. that with nanobsd:

$ ls -l /usr/lib/libz.so*
lrwxr-xr-x  1 root  wheel  14 Jan 22 22:07 /usr/lib/libz.so -> /lib/libz.so.6

$ ls -l /lib/libz.so.6
-r--r--r--  1 root  wheel  79180 Jan 22 22:07 /lib/libz.so.6

@marcelloc:

Is this setup a migration from 2.1 or any 2.2RC version?
Not getting it on amd64. :-\

Apparently an upgrade process bug on full installs, rendering the updated library pretty much useless as it cannot be found. Just a few examples:

/usr/lib/libcrypto.so -> /lib/libcrypto.so.6
$ ls -l /lib/libcrypto.so.6
ls: /lib/libcrypto.so.6: No such file or directory

/usr/lib/libmd.so -> /lib/libmd.so.5
$ ls -l  /lib/libmd.so.5
ls: /lib/libmd.so.5: No such file or directory

$ ls -l /usr/lib/libusb.so*
lrwxr-xr-x  1 root  wheel     11 Jan 24 06:00 /usr/lib/libusb.so -> libusb.so.2
-r--r--r--  1 root  wheel  65068 Jan 22 22:07 /usr/lib/libusb.so.3

/usr/lib/libufs.so -> /lib/libufs.so.5
$ ls -l /lib/libufs.so.5
ls: /lib/libufs.so.5: No such file or directory

Badly, badly broken.  >:( => https://redmine.pfsense.org/issues/4328

TieT

I think this can be resolved by creating a link between those libs.
and restarting squid.

ln -s /lib/libz.so.5 /usr/lib/libz.so.6

(if the file is in /lib of course)
You can do a search to make sure

su
find / -name libz.so.*

I had the same problem with squid and snort a while back
let me know what happens  ;)

doktornotor

@TieT:

I think this can be resolved by creating a link between those libs.
and restarting squid.

ln /lib/libz.so.6 /lib/libz.so.5

Uh no, this is completely wrong "fix".

TieT

Uh no, this is completely wrong "fix".

So you're saying it won't work untill 2.2.1 is rolled out ?

doktornotor

You are fixing the wrong thing! That .5 vs .6 actually has a meaning - the new version of the library does not have a backward-compatible ABI! If you want to fix something, then fix the dead /usr/lib/*.so symlinks so that they point to proper file. Don't create "compatibility" symlinks pretending a deliberately removed outdated ABI library is still there.

marcelloc

Renato is going to rebuild squid pbi under  i386, this may fix most issues.

TieT

Yes you're right, but do you expect users to have a non functional box for god knows how long.

like i said, its a temp fix that works for me.
when squid is rebuild and functioning again, I will undertake the needed steps to make it point to the right libs.

On the other hand, disable squid and wait for an update is also a solution…
But where is the fun in that  :P

And yes, I know the .5 - .6 has a meaning, thank you for being so condescending.
also i made a typo, it should be```
ln -s /lib/libz.so.6 /usr/lib/libz.so

and i'm guessing squid points to /usr/lib/ to find the files ?

marcelloc

@TieT:

Yes you're right, but do you expect users to have a non functional box for god knows how long.

Is this question for me? ???

TieT

Is this question for me? ???

No  ;)
Its was an answer to doktornotor

john880

Hello,

for me after the 2.1.5 to 2.2 version, the captive portal not worked.

I added an new Rules in Firewall to accept 8002 port and it's works.

marcelloc

@john880:

for me after the 2.1.5 to 2.2 version, the captive portal not worked.

Captive portal itself(better start a new thread) or Squid integration with captive portal?