Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid, SquidGuard, Lightsquid status on 2.3

    Scheduled Pinned Locked Moved 2.3-RC Snapshot Feedback and Issues - ARCHIVED
    61 Posts 14 Posters 41.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brianc69
      last edited by

      Coming from a Windows background I don't understand the pbi comment and symlinks. Any chance this fix can be automated?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Not in the package. It fails before it gets to a point where the package can run any code.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • rbgargaR
          rbgarga Developer Netgate Administrator
          last edited by

          I've pushed a fix to make sure all symlinks pointing to /usr/pbi are removed when upgrade from 2.2 to 2.3. It'll be available on next snapshots

          Renato Botelho

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            And if you're already on 2.3, you can use the command from that commit to clean up manually:

            find / -type l -lname '/usr/pbi/*' -delete
            

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • M
              maverick_slo
              last edited by

              And I was just going to ask this :)

              1 Reply Last reply Reply Quote 0
              • W
                whitexp
                last edited by

                @jimp:

                I fixed some more issues in squid today and have a few notes for those who may be upgrading from 2.2.x or earlier to 2.3 and having problems:

                1. Make sure that the most current version of the squid package is loaded (>= 0.4.12)

                2. Clean up leftover PBI messes:

                find / -type l -print0 | xargs -0 ls -l | egrep '(squid|perl|pbi)'
                

                Remove any symlinks still pointing to PBI dirs, especially things like perl, lightsquid, perl5, etc.

                For example:

                lrwxr-xr-x  1 root   wheel  39 May  7  2015 /usr/bin/perl -> /usr/pbi/lightsquid-i386/local/bin/perl
                lrwxr-xr-x  1 root   wheel  45 May  7  2015 /usr/local/etc/lightsquid -> /usr/pbi/lightsquid-i386/local/etc/lightsquid
                lrwxr-xr-x  1 root   wheel  40 May  7  2015 /usr/local/lib/perl5 -> /usr/pbi/lightsquid-i386/local/lib/perl5
                lrwxr-xr-x  1 root   wheel  45 Nov  5 10:32 /usr/local/www/lightsquid -> /usr/pbi/lightsquid-i386/local/www/lightsquid
                

                3. Blow away the cache:

                mv /var/squid/cache /var/squid/cache.old
                squid -z
                rm -rf /var/squid/cache.old
                
                
                /pkg_edit.php: The command '/usr/local/sbin/squid -z -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'FATAL: getpwnam failed to find userid for effective user 'squid' Squid Cache (Version 3.5.12): Terminated abnormally. CPU Usage: 0.018 seconds = 0.018 user + 0.000 sys Maximum Resident Size: 50000 KB Page faults with physical i/o: 0'
                
                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  That's a new one. Uninstall the package and install it again. The pkg code adds that user on install, or it's supposed to anyhow

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • B
                    brianc69
                    last edited by

                    It mostly worked for me. I was able to install freeradius but squid returned an error. Did you catch it in my other post?

                    1 Reply Last reply Reply Quote 0
                    • W
                      whitexp
                      last edited by

                      @jimp:

                      That's a new one. Uninstall the package and install it again. The pkg code adds that user on install, or it's supposed to anyhow

                      work

                      1 Reply Last reply Reply Quote 0
                      • W
                        whitexp
                        last edited by

                        squidguard error warning on instalation

                        >>> Installing pfSense-pkg-squidGuard... 
                        Updating pfSense-core repository catalogue...
                        pfSense-core repository is up-to-date.
                        Updating pfSense repository catalogue...
                        pfSense repository is up-to-date.
                        All repositories are up-to-date.
                        The following 3 package(s) will be affected (of 0 checked):
                        
                        New packages to be INSTALLED:
                        	pfSense-pkg-squidGuard: 1.12 [pfSense]
                        	squidGuard: 1.4_15 [pfSense]
                        	db5: 5.3.28_3 [pfSense]
                        
                        The process will require 15 MiB more space.
                        1 MiB to be downloaded.
                        Fetching pfSense-pkg-squidGuard-1.12.txz: ..... done
                        Fetching squidGuard-1.4_15.txz: .... done
                        Fetching db5-5.3.28_3.txz: .......... done
                        Checking integrity... done (0 conflicting)
                        [1/3] Installing db5-5.3.28_3...
                        [1/3] Extracting db5-5.3.28_3: .......... done
                        [2/3] Installing squidGuard-1.4_15...
                        [2/3] Extracting squidGuard-1.4_15: ..... done
                        [3/3] Installing pfSense-pkg-squidGuard-1.12...
                        [3/3] Extracting pfSense-pkg-squidGuard-1.12: .......... done
                        Saving updated package information...
                        done.
                        Loading package configuration... done.
                        Configuring package components...
                        Loading package instructions...
                        
                        Warning: file_put_contents(/usr/local/etc/squidGuard/squidguard_conf.xml): failed to open stream: No such file or directory in /usr/local/pkg/squidguard.inc on line 1045
                        
                        Call Stack:
                            0.0004     228704   1\. {main}() /etc/rc.packages:0
                            0.1839   10561792   2\. install_package_xml() /etc/rc.packages:77
                            0.4223   11047992   3\. require_once('/usr/local/pkg/squidguard.inc') /etc/inc/pkg-utils.inc:702
                            0.4543   12883648   4\. convert_pfxml_to_sgxml() /usr/local/pkg/squidguard.inc:100
                            0.4574   12913928   5\. file_put_contents() /usr/local/pkg/squidguard.inc:1045
                        
                        Custom commands...
                        Executing custom_php_install_command()...done.
                        Executing custom_php_resync_config_command()...done.
                        Menu items... done.
                        Services... done.
                        Writing configuration... done.
                        Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.Message from squidGuard-1.4_15:
                        ===================================================================
                         In order to activate squidGuard you have to edit squid.conf
                         To the contain "url_rewrite_program /usr/local/bin/squidGuard"
                         and create a configuration file for squidGuard.
                        
                         Sample blacklists have been installed in /usr/local/share/examples/squidGuard.
                        
                         A sample configuration file has beeen installed in
                         /usr/local/etc/squid/squidGuard.conf.sample.
                        
                         You need to edit the configuration and compile the blacklist
                         you choose to use with:
                         squidGuard -d -C all
                        
                         Please bear in mind that this is just a sample configuration file
                         and for any real world usage you need to download or create your
                         own updated blacklists and create your own configuration file.
                        
                         Check documentation here:
                        
                         http://www.squidguard.org/Doc/
                        
                         To activate the changes do a /usr/local/sbin/squid -k reconfigure
                        ===================================================================
                        Message from pfSense-pkg-squidGuard-1.12:
                        Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.
                        >>> Cleaning up cache... done.
                        Success
                        
                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          @whitexp:

                          squidguard error warning on instalation

                          I'll push a fix for that, looks easy enough to correct.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • W
                            whitexp
                            last edited by

                            error on lightsquid

                            Jan 21 16:31:22	php-fpm	28398	/rc.start_packages: [lightsquid] Error: Could not load default '/usr/local/etc/lightsquid/lightsquid.cfg.dist' configuration file.
                            Jan 21 16:31:22	php-fpm	28398	/rc.start_packages: [lightsquid] Error: Could not create '/usr/local/etc/lightsquid/lightsquid.cfg' configuration file.
                            Jan 21 16:31:22	php-fpm	28398	/rc.start_packages: [lightsquid] Removing old cronjobs...
                            
                            1 Reply Last reply Reply Quote 0
                            • jimpJ
                              jimp Rebel Alliance Developer Netgate
                              last edited by

                              Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 0
                              • P
                                Pakken
                                last edited by

                                Fired up a test vm with a clean 2.3 install, squid appears to be working as long as I disable clamav and c-icap.
                                I seriously lack time lately, after a (really) quick check it doesn't seem to build the .sock file and it probably misses something else.
                                I think you guys are well-aware of it but I'll be happy to provide more info as soon as I can if needed.

                                Thank you once again for the awesome job you keep doing.
                                See ya!

                                1 Reply Last reply Reply Quote 0
                                • jimpJ
                                  jimp Rebel Alliance Developer Netgate
                                  last edited by

                                  We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.

                                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                  Need help fast? Netgate Global Support!

                                  Do not Chat/PM for help!

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    seanelias
                                    last edited by

                                    When ever i turn on Transparent HTTP Proxy  i couldn't browse any website , but there is no problem if i use explicit  proxy  .

                                    Any one have the same issue ???

                                    1 Reply Last reply Reply Quote 0
                                    • B
                                      brianc69
                                      last edited by

                                      I can't use transparent or adding it to my system direct. They both fail. Looks like a few of us having the problem but no cause or solution yet to my knowledge.

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        brianc69
                                        last edited by

                                        Clean install, restore configs, problem remains.

                                        1 Reply Last reply Reply Quote 0
                                        • V
                                          Valex
                                          last edited by

                                          @jimp:

                                          Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.

                                          @jimp:

                                          We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.

                                          What does this mean? It's fixed in 2.3 final right?

                                          1 Reply Last reply Reply Quote 0
                                          • R
                                            rubinho
                                            last edited by

                                            @seanelias:

                                            When ever i turn on Transparent HTTP Proxy  i couldn't browse any website , but there is no problem if i use explicit  proxy  .

                                            Any one have the same issue ???

                                            I can confirm that, the transparent proxy does not work

                                            [Pfsense 2.4] Supermicro A1SRI-2558F@Atom C2558 4Gb RAM
                                            [Pfsense 2.4] Jetway NF9D@Atom D2550 + AD3INLAN-G Expansioncard  (3x Intel 82541PI Gigabit Controller)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.