Squid, SquidGuard, Lightsquid status on 2.3

jimp

Hmm, interesting. Granted I didn't try it extensively, it did filter for me. I got the error redirect page and all.

You might start a fresh thread for that. I was only focusing on the GUI issues. Someone else may have better insight on the backend part of the code.

jimp

@C0RR0SIVE:

SquidGuard isn't filtering, have the targets set like I normally would, have applied, have saved, have done everything, even custom blacklists are not working.

I have netflix on a blacklist, and traffic passes right through, nothing showing anywhere that SquidGuard isn't working, aside from it… not working...  Services shows it as running.

I think I found the problem here. Update the squidGuard package to version 1.12 when it comes out here in a few minutes and then try it again.

C0RR0SIVE

I can confirm that SquidGuard v1.12 on the current version of 2.3 is working in terms of the target lists and blocking/whitelisting.

Only other thing I can personally see is just a slightly annoying issue while using the pfsense dark theme setting, when looking at the target rules, you get white text on an almost white bar for every other category.  Though, it seems the black one isn't the default :)

Thanks for all the hard work jimp!

jimp

I fixed some more issues in squid today and have a few notes for those who may be upgrading from 2.2.x or earlier to 2.3 and having problems:

1. Make sure that the most current version of the squid package is loaded (>= 0.4.12)

2. Clean up leftover PBI messes:

find / -type l -print0 | xargs -0 ls -l | egrep '(squid|perl|pbi)'

Remove any symlinks still pointing to PBI dirs, especially things like perl, lightsquid, perl5, etc.

For example:

lrwxr-xr-x  1 root   wheel  39 May  7  2015 /usr/bin/perl -> /usr/pbi/lightsquid-i386/local/bin/perl
lrwxr-xr-x  1 root   wheel  45 May  7  2015 /usr/local/etc/lightsquid -> /usr/pbi/lightsquid-i386/local/etc/lightsquid
lrwxr-xr-x  1 root   wheel  40 May  7  2015 /usr/local/lib/perl5 -> /usr/pbi/lightsquid-i386/local/lib/perl5
lrwxr-xr-x  1 root   wheel  45 Nov  5 10:32 /usr/local/www/lightsquid -> /usr/pbi/lightsquid-i386/local/www/lightsquid

3. Blow away the cache:

mv /var/squid/cache /var/squid/cache.old
squid -z
rm -rf /var/squid/cache.old

brianc69

Coming from a Windows background I don't understand the pbi comment and symlinks. Any chance this fix can be automated?

jimp

Not in the package. It fails before it gets to a point where the package can run any code.

rbgarga

I've pushed a fix to make sure all symlinks pointing to /usr/pbi are removed when upgrade from 2.2 to 2.3. It'll be available on next snapshots

jimp

And if you're already on 2.3, you can use the command from that commit to clean up manually:

find / -type l -lname '/usr/pbi/*' -delete

maverick_slo

And I was just going to ask this :)

whitexp

@jimp:

I fixed some more issues in squid today and have a few notes for those who may be upgrading from 2.2.x or earlier to 2.3 and having problems:

1. Make sure that the most current version of the squid package is loaded (>= 0.4.12)

2. Clean up leftover PBI messes:

find / -type l -print0 | xargs -0 ls -l | egrep '(squid|perl|pbi)'

Remove any symlinks still pointing to PBI dirs, especially things like perl, lightsquid, perl5, etc.

For example:

lrwxr-xr-x  1 root   wheel  39 May  7  2015 /usr/bin/perl -> /usr/pbi/lightsquid-i386/local/bin/perl
lrwxr-xr-x  1 root   wheel  45 May  7  2015 /usr/local/etc/lightsquid -> /usr/pbi/lightsquid-i386/local/etc/lightsquid
lrwxr-xr-x  1 root   wheel  40 May  7  2015 /usr/local/lib/perl5 -> /usr/pbi/lightsquid-i386/local/lib/perl5
lrwxr-xr-x  1 root   wheel  45 Nov  5 10:32 /usr/local/www/lightsquid -> /usr/pbi/lightsquid-i386/local/www/lightsquid

3. Blow away the cache:

mv /var/squid/cache /var/squid/cache.old
squid -z
rm -rf /var/squid/cache.old

/pkg_edit.php: The command '/usr/local/sbin/squid -z -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'FATAL: getpwnam failed to find userid for effective user 'squid' Squid Cache (Version 3.5.12): Terminated abnormally. CPU Usage: 0.018 seconds = 0.018 user + 0.000 sys Maximum Resident Size: 50000 KB Page faults with physical i/o: 0'

jimp

That's a new one. Uninstall the package and install it again. The pkg code adds that user on install, or it's supposed to anyhow

brianc69

It mostly worked for me. I was able to install freeradius but squid returned an error. Did you catch it in my other post?

whitexp

@jimp:

That's a new one. Uninstall the package and install it again. The pkg code adds that user on install, or it's supposed to anyhow

work

whitexp

squidguard error warning on instalation

>>> Installing pfSense-pkg-squidGuard... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	pfSense-pkg-squidGuard: 1.12 [pfSense]
	squidGuard: 1.4_15 [pfSense]
	db5: 5.3.28_3 [pfSense]

The process will require 15 MiB more space.
1 MiB to be downloaded.
Fetching pfSense-pkg-squidGuard-1.12.txz: ..... done
Fetching squidGuard-1.4_15.txz: .... done
Fetching db5-5.3.28_3.txz: .......... done
Checking integrity... done (0 conflicting)
[1/3] Installing db5-5.3.28_3...
[1/3] Extracting db5-5.3.28_3: .......... done
[2/3] Installing squidGuard-1.4_15...
[2/3] Extracting squidGuard-1.4_15: ..... done
[3/3] Installing pfSense-pkg-squidGuard-1.12...
[3/3] Extracting pfSense-pkg-squidGuard-1.12: .......... done
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...

Warning: file_put_contents(/usr/local/etc/squidGuard/squidguard_conf.xml): failed to open stream: No such file or directory in /usr/local/pkg/squidguard.inc on line 1045

Call Stack:
    0.0004     228704   1\. {main}() /etc/rc.packages:0
    0.1839   10561792   2\. install_package_xml() /etc/rc.packages:77
    0.4223   11047992   3\. require_once('/usr/local/pkg/squidguard.inc') /etc/inc/pkg-utils.inc:702
    0.4543   12883648   4\. convert_pfxml_to_sgxml() /usr/local/pkg/squidguard.inc:100
    0.4574   12913928   5\. file_put_contents() /usr/local/pkg/squidguard.inc:1045

Custom commands...
Executing custom_php_install_command()...done.
Executing custom_php_resync_config_command()...done.
Menu items... done.
Services... done.
Writing configuration... done.
Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.Message from squidGuard-1.4_15:
===================================================================
 In order to activate squidGuard you have to edit squid.conf
 To the contain "url_rewrite_program /usr/local/bin/squidGuard"
 and create a configuration file for squidGuard.

 Sample blacklists have been installed in /usr/local/share/examples/squidGuard.

 A sample configuration file has beeen installed in
 /usr/local/etc/squid/squidGuard.conf.sample.

 You need to edit the configuration and compile the blacklist
 you choose to use with:
 squidGuard -d -C all

 Please bear in mind that this is just a sample configuration file
 and for any real world usage you need to download or create your
 own updated blacklists and create your own configuration file.

 Check documentation here:

 http://www.squidguard.org/Doc/

 To activate the changes do a /usr/local/sbin/squid -k reconfigure
===================================================================
Message from pfSense-pkg-squidGuard-1.12:
Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.
>>> Cleaning up cache... done.
Success

jimp

@whitexp:

squidguard error warning on instalation

I'll push a fix for that, looks easy enough to correct.

whitexp

error on lightsquid

Jan 21 16:31:22	php-fpm	28398	/rc.start_packages: [lightsquid] Error: Could not load default '/usr/local/etc/lightsquid/lightsquid.cfg.dist' configuration file.
Jan 21 16:31:22	php-fpm	28398	/rc.start_packages: [lightsquid] Error: Could not create '/usr/local/etc/lightsquid/lightsquid.cfg' configuration file.
Jan 21 16:31:22	php-fpm	28398	/rc.start_packages: [lightsquid] Removing old cronjobs...

jimp

Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.

Pakken

Fired up a test vm with a clean 2.3 install, squid appears to be working as long as I disable clamav and c-icap.
I seriously lack time lately, after a (really) quick check it doesn't seem to build the .sock file and it probably misses something else.
I think you guys are well-aware of it but I'll be happy to provide more info as soon as I can if needed.

Thank you once again for the awesome job you keep doing.
See ya!

jimp

We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.

seanelias

When ever i turn on Transparent HTTP Proxy  i couldn't browse any website , but there is no problem if i use explicit  proxy  .

Any one have the same issue ???