Pfsense 2.2.6 Squid3 nao inicia - Urgente

tomaswaldow

Você fez primeiro a configuração da aba ACL, Local Cache?

valdo.vanzo

estou com problema hj pela manha meu squidguard do nada parou de inciar, se mando iniciar ele ele para o squid3 tambem.
Nos logs deu essa mensagem

pfSense php: squidGuard_blacklist_update.sh: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure' returned exit code '1', the output was 'squid: ERROR: No running copy'

tomaswaldow

@valdo.vanzo:

estou com problema hj pela manha meu squidguard do nada parou de inciar, se mando iniciar ele ele para o squid3 tambem.
Nos logs deu essa mensagem

pfSense php: squidGuard_blacklist_update.sh: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure' returned exit code '1', the output was 'squid: ERROR: No running copy'

Você tem pelo menos uma Target criada no squidGuard?

valdo.vanzo

tenho sim

brunorrjj

Entao, ativei alguns campos no Proxy Server: General Settings

Allow Users on Interface
Resolve DNS IPv4 First
Transparent HTTP Proxy
Transparent Proxy Interface(s): (LAN)

HTTPS/SSL Interception

SSL Proxy port (3329)

Remote Cert Checks ( Accept remote cert… )

Certificate Adapt (Sets the "Not Before...)

Log Pages Denied by SquidGuard

Suppress Squid Version

Apos salvar que parou tudo.

No campo ACL

Allowed Subnets ( 192.168.1.0/24)

tomaswaldow

@valdo.vanzo:

tenho sim

Desculpe, não tinha visto direito. Seu problema é com a blacklist.
Faz a atualização dela novamente…

tomaswaldow

@brunorrjj:

Entao, ativei alguns campos no Proxy Server: General Settings

Proxy transparente não tenho experiencia, não posso te ajudar.

valdo.vanzo

@brunorrjj:

Entao, ativei alguns campos no Proxy Server: General Settings

Allow Users on Interface
Resolve DNS IPv4 First
Transparent HTTP Proxy
Transparent Proxy Interface(s): (LAN)

HTTPS/SSL Interception

SSL Proxy port (3329)

Remote Cert Checks ( Accept remote cert… )

Certificate Adapt (Sets the "Not Before...)

Log Pages Denied by SquidGuard

Suppress Squid Version

Apos salvar que parou tudo.

No campo ACL

Allowed Subnets ( 192.168.1.0/24)

Apos habilitar isso que vc marcou meu squid guard voltou nao sei oque houve

brunorrjj

já fiz e também fiz uma medida paliativa do target Caterg.. e nada.

brunorrjj

Help, HELP

:( :( :( :( :( :(

marcelloc

Digita Squid -k parse na console/ssh para ver porque ele não sobe

brunorrjj

Acredito que nao apresentou erro.

Squid-k.png_thumb

tomaswaldow

Faltou "parse" após o -k;

andr3.ribeiro

@Tomas:

Faltou "parse" após o -k;

+1

o comando "SQUID" chama o binario do squid para execução. O parâmetro -k pede que seje enviado um SIGNAL junto com o binário.
o PARSE, por sua vez, pede que o binário do squid leia o arquivo de configuração e diga como ele está passando pelo software.

squid -k parse significa:

Oi, eu sou o parse, gostaria que o squid analizasse meu arquivo de configuração para eu poder validar se o que eu tenho nele vai funcionar normalmente, se algo nao estiver de acordo, preciso que o squid me avise o que esta incorreto. Obrigado!

O que foi retornado do seu comando é que vc chamou o binário do squid e o avisou que iria informar um sinal (-k) mas nao o fez e executou sem o "parse". Por padrão, quando um comando nao recebe a entrada do parâmetro devido, ele te devolve o HELP da ferramenta, e foi isso que ele fez, te devolveu a lista com os possíveis parametros (e suas explicações) que podem ser usados.

Rode novamente:

# squid -k parse

E poste a saída do comando, assim como fez da primeira vez. O próprio Squid vai nos dizer o que fazer!

Abraços!

brunorrjj

Gostaria de lembrar que estou com o Squid3 e o SquidGuard instalados e configuraros.

Já Atualizei o Blacklist ( http://www.shallalist.de/Downloads/shallalist.tar.gz )

Fiz também a Target categories Paliativa e nada

Segue:


[2.2.6-RELEASE][admin@fw.nacional.com.br]/root: squid -k parse
2016/01/29 14:39:10| Startup: Initializing Authentication Schemes ...
2016/01/29 14:39:10| Startup: Initialized Authentication Scheme 'basic'
2016/01/29 14:39:10| Startup: Initialized Authentication Scheme 'digest'
2016/01/29 14:39:10| Startup: Initialized Authentication Scheme 'negotiate'
2016/01/29 14:39:10| Startup: Initialized Authentication Scheme 'ntlm'
2016/01/29 14:39:10| Startup: Initialized Authentication.
2016/01/29 14:39:10| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2016/01/29 14:39:10| Processing: http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-amd64/local/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/01/29 14:39:10| Processing: http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-amd64/local/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/01/29 14:39:10| Starting Authentication on port 127.0.0.1:3128
2016/01/29 14:39:10| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2016/01/29 14:39:10| Processing: https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-amd64/local/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/01/29 14:39:10| Starting Authentication on port 127.0.0.1:3129
2016/01/29 14:39:10| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2016/01/29 14:39:10| Processing: icp_port 0
2016/01/29 14:39:10| Processing: dns_v4_first on
2016/01/29 14:39:10| Processing: pid_filename /var/run/squid/squid.pid
2016/01/29 14:39:10| Processing: cache_effective_user proxy
2016/01/29 14:39:10| Processing: cache_effective_group proxy
2016/01/29 14:39:10| Processing: error_default_language pt-br
2016/01/29 14:39:10| Processing: icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons
2016/01/29 14:39:10| Processing: visible_hostname Nacional
2016/01/29 14:39:10| Processing: cache_mgr comercial@infohelpte.com.br
2016/01/29 14:39:10| Processing: access_log /var/squid/logs/access.log
2016/01/29 14:39:10| Processing: cache_log /var/squid/logs/cache.log
2016/01/29 14:39:10| Processing: cache_store_log none
2016/01/29 14:39:10| Processing: netdb_filename /var/squid/logs/netdb.state
2016/01/29 14:39:10| Processing: pinger_enable on
2016/01/29 14:39:10| Processing: pinger_program /usr/pbi/squid-amd64/local/libexec/squid/pinger
2016/01/29 14:39:10| Processing: sslcrtd_program /usr/pbi/squid-amd64/local/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048
2016/01/29 14:39:10| Processing: sslcrtd_children 5
2016/01/29 14:39:10| Processing: sslproxy_capath /usr/pbi/squid-amd64/local/share/certs/
2016/01/29 14:39:10| Processing: sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/01/29 14:39:10| Processing: sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
2016/01/29 14:39:10| Processing: sslproxy_cert_error allow all
2016/01/29 14:39:10| Processing: sslproxy_cert_adapt setValidBefore all
2016/01/29 14:39:10| Processing: logfile_rotate 0
2016/01/29 14:39:10| Processing: debug_options rotate=0
2016/01/29 14:39:10| Processing: shutdown_lifetime 3 seconds
2016/01/29 14:39:10| Processing: acl localnet src  192.168.1.0/24
2016/01/29 14:39:10| Processing: forwarded_for on
2016/01/29 14:39:10| Processing: httpd_suppress_version_string on
2016/01/29 14:39:10| Processing: uri_whitespace strip
2016/01/29 14:39:10| Processing: acl dynamic urlpath_regex cgi-bin \?
2016/01/29 14:39:10| Processing: cache deny dynamic
2016/01/29 14:39:10| Processing: cache_mem 1024 MB
2016/01/29 14:39:10| Processing: maximum_object_size_in_memory 512 KB
2016/01/29 14:39:10| Processing: memory_replacement_policy heap GDSF
2016/01/29 14:39:10| Processing: cache_replacement_policy heap LFUDA
2016/01/29 14:39:10| Processing: minimum_object_size 0 KB
2016/01/29 14:39:10| Processing: maximum_object_size 4 MB
2016/01/29 14:39:10| Processing: cache_dir ufs /var/squid/cache 100 256 256
2016/01/29 14:39:10| Processing: offline_mode off
2016/01/29 14:39:10| Processing: cache_swap_low 90
2016/01/29 14:39:10| Processing: cache_swap_high 95
2016/01/29 14:39:10| Processing: cache allow all
2016/01/29 14:39:10| Processing: refresh_pattern ^ftp:    1440  20%  10080
2016/01/29 14:39:10| Processing: refresh_pattern ^gopher:  1440  0%  1440
2016/01/29 14:39:10| Processing: refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
2016/01/29 14:39:10| Processing: refresh_pattern .    0  20%  4320
2016/01/29 14:39:10| Processing: acl allsrc src all
2016/01/29 14:39:10| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3129 1025-65535
2016/01/29 14:39:10| Processing: acl sslports port 443 563
2016/01/29 14:39:10| Processing: acl purge method PURGE
2016/01/29 14:39:10| Processing: acl connect method CONNECT
2016/01/29 14:39:10| Processing: acl HTTP proto HTTP
2016/01/29 14:39:10| Processing: acl HTTPS proto HTTPS
2016/01/29 14:39:10| Processing: acl allowed_subnets src 192.168.1.0/24
2016/01/29 14:39:10| Processing: acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
2016/01/29 14:39:10| Processing: acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
2016/01/29 14:39:10| Processing: http_access allow manager localhost
2016/01/29 14:39:10| Processing: http_access deny manager
2016/01/29 14:39:10| Processing: http_access allow purge localhost
2016/01/29 14:39:10| Processing: http_access deny purge
2016/01/29 14:39:10| Processing: http_access deny !safeports
2016/01/29 14:39:10| Processing: http_access deny CONNECT !sslports
2016/01/29 14:39:10| Processing: request_body_max_size 0 KB
2016/01/29 14:39:10| Processing: delay_pools 1
2016/01/29 14:39:10| Processing: delay_class 1 2
2016/01/29 14:39:10| Processing: delay_parameters 1 -1/-1 -1/-1
2016/01/29 14:39:10| Processing: delay_initial_bucket_level 100
2016/01/29 14:39:10| Processing: delay_access 1 allow allsrc
2016/01/29 14:39:10| Processing: always_direct allow whitelist
2016/01/29 14:39:10| Processing: ssl_bump none whitelist
2016/01/29 14:39:10| Processing: url_rewrite_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf
2016/01/29 14:39:10| Processing: url_rewrite_bypass off
2016/01/29 14:39:10| Processing: url_rewrite_children 16 startup=8 idle=4 concurrency=0
2016/01/29 14:39:10| Processing: http_access allow whitelist
2016/01/29 14:39:10| Processing: http_access deny blacklist
2016/01/29 14:39:10| Processing: always_direct allow all
2016/01/29 14:39:10| Processing: ssl_bump server-first all
2016/01/29 14:39:10| Processing: http_access allow allowed_subnets
2016/01/29 14:39:10| Processing: http_access allow localnet
2016/01/29 14:39:10| Processing: http_access deny allsrc
2016/01/29 14:39:10| Initializing https proxy context
2016/01/29 14:39:10| Initializing http_port 192.168.1.1:3128 SSL context
2016/01/29 14:39:10| Using certificate in /usr/pbi/squid-amd64/local/etc/squid/serverkey.pem
FATAL: No valid signing SSL certificate configured for http_port 192.168.1.1:3128
Squid Cache (Version 3.4.10): Terminated abnormally.
CPU Usage: 0.028 seconds = 0.028 user + 0.000 sys
Maximum Resident Size: 50864 KB
Page faults with physical i/o: 0

brunorrjj

Gostaria de lembrar que estou com o Squid3 e o SquidGuard instalados e configuraros.

Já Atualizei o Blacklist ( http://www.shallalist.de/Downloads/shallalist.tar.gz )

Fiz também a Target categories Paliativa e nada

Segue:


[2.2.6-RELEASE][admin@fw.nacional.com.br]/root: squid -k parse
2016/01/29 14:39:10| Startup: Initializing Authentication Schemes ...
2016/01/29 14:39:10| Startup: Initialized Authentication Scheme 'basic'
2016/01/29 14:39:10| Startup: Initialized Authentication Scheme 'digest'
2016/01/29 14:39:10| Startup: Initialized Authentication Scheme 'negotiate'
2016/01/29 14:39:10| Startup: Initialized Authentication Scheme 'ntlm'
2016/01/29 14:39:10| Startup: Initialized Authentication.
2016/01/29 14:39:10| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2016/01/29 14:39:10| Processing: http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-amd64/local/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/01/29 14:39:10| Processing: http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-amd64/local/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/01/29 14:39:10| Starting Authentication on port 127.0.0.1:3128
2016/01/29 14:39:10| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2016/01/29 14:39:10| Processing: https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-amd64/local/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/01/29 14:39:10| Starting Authentication on port 127.0.0.1:3129
2016/01/29 14:39:10| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2016/01/29 14:39:10| Processing: icp_port 0
2016/01/29 14:39:10| Processing: dns_v4_first on
2016/01/29 14:39:10| Processing: pid_filename /var/run/squid/squid.pid
2016/01/29 14:39:10| Processing: cache_effective_user proxy
2016/01/29 14:39:10| Processing: cache_effective_group proxy
2016/01/29 14:39:10| Processing: error_default_language pt-br
2016/01/29 14:39:10| Processing: icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons
2016/01/29 14:39:10| Processing: visible_hostname Nacional
2016/01/29 14:39:10| Processing: cache_mgr comercial@infohelpte.com.br
2016/01/29 14:39:10| Processing: access_log /var/squid/logs/access.log
2016/01/29 14:39:10| Processing: cache_log /var/squid/logs/cache.log
2016/01/29 14:39:10| Processing: cache_store_log none
2016/01/29 14:39:10| Processing: netdb_filename /var/squid/logs/netdb.state
2016/01/29 14:39:10| Processing: pinger_enable on
2016/01/29 14:39:10| Processing: pinger_program /usr/pbi/squid-amd64/local/libexec/squid/pinger
2016/01/29 14:39:10| Processing: sslcrtd_program /usr/pbi/squid-amd64/local/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048
2016/01/29 14:39:10| Processing: sslcrtd_children 5
2016/01/29 14:39:10| Processing: sslproxy_capath /usr/pbi/squid-amd64/local/share/certs/
2016/01/29 14:39:10| Processing: sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/01/29 14:39:10| Processing: sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
2016/01/29 14:39:10| Processing: sslproxy_cert_error allow all
2016/01/29 14:39:10| Processing: sslproxy_cert_adapt setValidBefore all
2016/01/29 14:39:10| Processing: logfile_rotate 0
2016/01/29 14:39:10| Processing: debug_options rotate=0
2016/01/29 14:39:10| Processing: shutdown_lifetime 3 seconds
2016/01/29 14:39:10| Processing: acl localnet src  192.168.1.0/24
2016/01/29 14:39:10| Processing: forwarded_for on
2016/01/29 14:39:10| Processing: httpd_suppress_version_string on
2016/01/29 14:39:10| Processing: uri_whitespace strip
2016/01/29 14:39:10| Processing: acl dynamic urlpath_regex cgi-bin \?
2016/01/29 14:39:10| Processing: cache deny dynamic
2016/01/29 14:39:10| Processing: cache_mem 1024 MB
2016/01/29 14:39:10| Processing: maximum_object_size_in_memory 512 KB
2016/01/29 14:39:10| Processing: memory_replacement_policy heap GDSF
2016/01/29 14:39:10| Processing: cache_replacement_policy heap LFUDA
2016/01/29 14:39:10| Processing: minimum_object_size 0 KB
2016/01/29 14:39:10| Processing: maximum_object_size 4 MB
2016/01/29 14:39:10| Processing: cache_dir ufs /var/squid/cache 100 256 256
2016/01/29 14:39:10| Processing: offline_mode off
2016/01/29 14:39:10| Processing: cache_swap_low 90
2016/01/29 14:39:10| Processing: cache_swap_high 95
2016/01/29 14:39:10| Processing: cache allow all
2016/01/29 14:39:10| Processing: refresh_pattern ^ftp:    1440  20%  10080
2016/01/29 14:39:10| Processing: refresh_pattern ^gopher:  1440  0%  1440
2016/01/29 14:39:10| Processing: refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
2016/01/29 14:39:10| Processing: refresh_pattern .    0  20%  4320
2016/01/29 14:39:10| Processing: acl allsrc src all
2016/01/29 14:39:10| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3129 1025-65535
2016/01/29 14:39:10| Processing: acl sslports port 443 563
2016/01/29 14:39:10| Processing: acl purge method PURGE
2016/01/29 14:39:10| Processing: acl connect method CONNECT
2016/01/29 14:39:10| Processing: acl HTTP proto HTTP
2016/01/29 14:39:10| Processing: acl HTTPS proto HTTPS
2016/01/29 14:39:10| Processing: acl allowed_subnets src 192.168.1.0/24
2016/01/29 14:39:10| Processing: acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
2016/01/29 14:39:10| Processing: acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
2016/01/29 14:39:10| Processing: http_access allow manager localhost
2016/01/29 14:39:10| Processing: http_access deny manager
2016/01/29 14:39:10| Processing: http_access allow purge localhost
2016/01/29 14:39:10| Processing: http_access deny purge
2016/01/29 14:39:10| Processing: http_access deny !safeports
2016/01/29 14:39:10| Processing: http_access deny CONNECT !sslports
2016/01/29 14:39:10| Processing: request_body_max_size 0 KB
2016/01/29 14:39:10| Processing: delay_pools 1
2016/01/29 14:39:10| Processing: delay_class 1 2
2016/01/29 14:39:10| Processing: delay_parameters 1 -1/-1 -1/-1
2016/01/29 14:39:10| Processing: delay_initial_bucket_level 100
2016/01/29 14:39:10| Processing: delay_access 1 allow allsrc
2016/01/29 14:39:10| Processing: always_direct allow whitelist
2016/01/29 14:39:10| Processing: ssl_bump none whitelist
2016/01/29 14:39:10| Processing: url_rewrite_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf
2016/01/29 14:39:10| Processing: url_rewrite_bypass off
2016/01/29 14:39:10| Processing: url_rewrite_children 16 startup=8 idle=4 concurrency=0
2016/01/29 14:39:10| Processing: http_access allow whitelist
2016/01/29 14:39:10| Processing: http_access deny blacklist
2016/01/29 14:39:10| Processing: always_direct allow all
2016/01/29 14:39:10| Processing: ssl_bump server-first all
2016/01/29 14:39:10| Processing: http_access allow allowed_subnets
2016/01/29 14:39:10| Processing: http_access allow localnet
2016/01/29 14:39:10| Processing: http_access deny allsrc
2016/01/29 14:39:10| Initializing https proxy context
2016/01/29 14:39:10| Initializing http_port 192.168.1.1:3128 SSL context
2016/01/29 14:39:10| Using certificate in /usr/pbi/squid-amd64/local/etc/squid/serverkey.pem
FATAL: No valid signing SSL certificate configured for http_port 192.168.1.1:3128
Squid Cache (Version 3.4.10): Terminated abnormally.
CPU Usage: 0.028 seconds = 0.028 user + 0.000 sys
Maximum Resident Size: 50864 KB
Page faults with physical i/o: 0

andr3.ribeiro

FATAL: No valid signing SSL certificate configured for http_port 192.168.1.1:3128

A opção Interceptação SSL na página de configuração do squid está habilitada?

brunorrjj

Sim.

Segue os print da tela

1.png_thumb

2.png_thumb

3.png_thumb

4.png_thumb

5.png_thumb

andr3.ribeiro

só a carater de teste. Desabilite o ENABLE SSL FILTERING na guia SSL Main-in-the-middle filtering

rode o squid -k parse novamente

Pode ser algum problema no certificado

brunorrjj

Desabilitei e o squid deu o start porem o squidguard nao e também nao esta bloqueando nada.

[2.2.6-RELEASE][admin@fw.nacional.com.br]/root: squid -k parse


2016/01/29 15:04:06| Startup: Initializing Authentication Schemes ...
2016/01/29 15:04:06| Startup: Initialized Authentication Scheme 'basic'
2016/01/29 15:04:06| Startup: Initialized Authentication Scheme 'digest'
2016/01/29 15:04:06| Startup: Initialized Authentication Scheme 'negotiate'
2016/01/29 15:04:06| Startup: Initialized Authentication Scheme 'ntlm'
2016/01/29 15:04:06| Startup: Initialized Authentication.
2016/01/29 15:04:06| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2016/01/29 15:04:06| Processing: http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-amd64/local/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/01/29 15:04:06| Processing: http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-amd64/local/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/01/29 15:04:06| Starting Authentication on port 127.0.0.1:3128
2016/01/29 15:04:06| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2016/01/29 15:04:06| Processing: https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-amd64/local/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/01/29 15:04:06| Starting Authentication on port 127.0.0.1:3129
2016/01/29 15:04:06| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2016/01/29 15:04:06| Processing: icp_port 0
2016/01/29 15:04:06| Processing: dns_v4_first on
2016/01/29 15:04:06| Processing: pid_filename /var/run/squid/squid.pid
2016/01/29 15:04:06| Processing: cache_effective_user proxy
2016/01/29 15:04:06| Processing: cache_effective_group proxy
2016/01/29 15:04:06| Processing: error_default_language pt-br
2016/01/29 15:04:06| Processing: icon_directory /usr/pbi/squid-amd64/local/etc/squid/icons
2016/01/29 15:04:06| Processing: visible_hostname Nacional
2016/01/29 15:04:06| Processing: cache_mgr comercial@infohelpte.com.br
2016/01/29 15:04:06| Processing: access_log /var/squid/logs/access.log
2016/01/29 15:04:06| Processing: cache_log /var/squid/logs/cache.log
2016/01/29 15:04:06| Processing: cache_store_log none
2016/01/29 15:04:06| Processing: netdb_filename /var/squid/logs/netdb.state
2016/01/29 15:04:06| Processing: pinger_enable on
2016/01/29 15:04:06| Processing: pinger_program /usr/pbi/squid-amd64/local/libexec/squid/pinger
2016/01/29 15:04:06| Processing: sslcrtd_program /usr/pbi/squid-amd64/local/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048
2016/01/29 15:04:06| Processing: sslcrtd_children 5
2016/01/29 15:04:06| Processing: sslproxy_capath /usr/pbi/squid-amd64/local/share/certs/
2016/01/29 15:04:06| Processing: sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/01/29 15:04:06| Processing: sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
2016/01/29 15:04:06| Processing: sslproxy_cert_error allow all
2016/01/29 15:04:06| Processing: sslproxy_cert_adapt setValidBefore all
2016/01/29 15:04:06| Processing: logfile_rotate 0
2016/01/29 15:04:06| Processing: debug_options rotate=0
2016/01/29 15:04:06| Processing: shutdown_lifetime 3 seconds
2016/01/29 15:04:06| Processing: acl localnet src  192.168.1.0/24
2016/01/29 15:04:06| Processing: forwarded_for on
2016/01/29 15:04:06| Processing: httpd_suppress_version_string on
2016/01/29 15:04:06| Processing: uri_whitespace strip
2016/01/29 15:04:06| Processing: acl dynamic urlpath_regex cgi-bin \?
2016/01/29 15:04:06| Processing: cache deny dynamic
2016/01/29 15:04:06| Processing: cache_mem 1024 MB
2016/01/29 15:04:06| Processing: maximum_object_size_in_memory 512 KB
2016/01/29 15:04:06| Processing: memory_replacement_policy heap GDSF
2016/01/29 15:04:06| Processing: cache_replacement_policy heap LFUDA
2016/01/29 15:04:06| Processing: minimum_object_size 0 KB
2016/01/29 15:04:06| Processing: maximum_object_size 4 MB
2016/01/29 15:04:06| Processing: cache_dir ufs /var/squid/cache 100 256 256
2016/01/29 15:04:06| Processing: offline_mode off
2016/01/29 15:04:06| Processing: cache_swap_low 90
2016/01/29 15:04:06| Processing: cache_swap_high 95
2016/01/29 15:04:06| Processing: cache allow all
2016/01/29 15:04:06| Processing: refresh_pattern ^ftp:    1440  20%  10080
2016/01/29 15:04:06| Processing: refresh_pattern ^gopher:  1440  0%  1440
2016/01/29 15:04:06| Processing: refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
2016/01/29 15:04:06| Processing: refresh_pattern .    0  20%  4320
2016/01/29 15:04:06| Processing: acl allsrc src all
2016/01/29 15:04:06| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3129 1025-65535
2016/01/29 15:04:06| Processing: acl sslports port 443 563
2016/01/29 15:04:06| Processing: acl purge method PURGE
2016/01/29 15:04:06| Processing: acl connect method CONNECT
2016/01/29 15:04:06| Processing: acl HTTP proto HTTP
2016/01/29 15:04:06| Processing: acl HTTPS proto HTTPS
2016/01/29 15:04:06| Processing: acl allowed_subnets src 192.168.1.0/24
2016/01/29 15:04:06| Processing: acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
2016/01/29 15:04:06| Processing: acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
2016/01/29 15:04:06| Processing: http_access allow manager localhost
2016/01/29 15:04:06| Processing: http_access deny manager
2016/01/29 15:04:06| Processing: http_access allow purge localhost
2016/01/29 15:04:06| Processing: http_access deny purge
2016/01/29 15:04:06| Processing: http_access deny !safeports
2016/01/29 15:04:06| Processing: http_access deny CONNECT !sslports
2016/01/29 15:04:06| Processing: request_body_max_size 0 KB
2016/01/29 15:04:06| Processing: delay_pools 1
2016/01/29 15:04:06| Processing: delay_class 1 2
2016/01/29 15:04:06| Processing: delay_parameters 1 -1/-1 -1/-1
2016/01/29 15:04:06| Processing: delay_initial_bucket_level 100
2016/01/29 15:04:06| Processing: delay_access 1 allow allsrc
2016/01/29 15:04:06| Processing: always_direct allow whitelist
2016/01/29 15:04:06| Processing: ssl_bump none whitelist
2016/01/29 15:04:06| Processing: url_rewrite_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf
2016/01/29 15:04:06| Processing: url_rewrite_bypass off
2016/01/29 15:04:06| Processing: url_rewrite_children 16 startup=8 idle=4 concurrency=0
2016/01/29 15:04:06| Processing: http_access allow whitelist
2016/01/29 15:04:06| Processing: http_access deny blacklist
2016/01/29 15:04:06| Processing: always_direct allow all
2016/01/29 15:04:06| Processing: ssl_bump server-first all
2016/01/29 15:04:06| Processing: http_access allow allowed_subnets
2016/01/29 15:04:06| Processing: http_access allow localnet
2016/01/29 15:04:06| Processing: http_access deny allsrc
2016/01/29 15:04:06| Initializing https proxy context
2016/01/29 15:04:06| Initializing http_port 192.168.1.1:3128 SSL context
2016/01/29 15:04:06| Using certificate in /usr/pbi/squid-amd64/local/etc/squid/serverkey.pem
2016/01/29 15:04:06| Initializing http_port 127.0.0.1:3128 SSL context
2016/01/29 15:04:06| Using certificate in /usr/pbi/squid-amd64/local/etc/squid/serverkey.pem
2016/01/29 15:04:06| Initializing https_port 127.0.0.1:3129 SSL context
2016/01/29 15:04:06| Using certificate in /usr/pbi/squid-amd64/local/etc/squid/serverkey.pem
[2.2.6-RELEASE][admin@fw.nacional.com.br]/root: squid -k parse