Squid, SquidGuard, Lightsquid status on 2.3
-
I fixed some more issues in squid today and have a few notes for those who may be upgrading from 2.2.x or earlier to 2.3 and having problems:
1. Make sure that the most current version of the squid package is loaded (>= 0.4.12)
2. Clean up leftover PBI messes:
find / -type l -print0 | xargs -0 ls -l | egrep '(squid|perl|pbi)'
Remove any symlinks still pointing to PBI dirs, especially things like perl, lightsquid, perl5, etc.
For example:
lrwxr-xr-x 1 root wheel 39 May 7 2015 /usr/bin/perl -> /usr/pbi/lightsquid-i386/local/bin/perl lrwxr-xr-x 1 root wheel 45 May 7 2015 /usr/local/etc/lightsquid -> /usr/pbi/lightsquid-i386/local/etc/lightsquid lrwxr-xr-x 1 root wheel 40 May 7 2015 /usr/local/lib/perl5 -> /usr/pbi/lightsquid-i386/local/lib/perl5 lrwxr-xr-x 1 root wheel 45 Nov 5 10:32 /usr/local/www/lightsquid -> /usr/pbi/lightsquid-i386/local/www/lightsquid
3. Blow away the cache:
mv /var/squid/cache /var/squid/cache.old squid -z rm -rf /var/squid/cache.old
/pkg_edit.php: The command '/usr/local/sbin/squid -z -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'FATAL: getpwnam failed to find userid for effective user 'squid' Squid Cache (Version 3.5.12): Terminated abnormally. CPU Usage: 0.018 seconds = 0.018 user + 0.000 sys Maximum Resident Size: 50000 KB Page faults with physical i/o: 0'
-
That's a new one. Uninstall the package and install it again. The pkg code adds that user on install, or it's supposed to anyhow
-
It mostly worked for me. I was able to install freeradius but squid returned an error. Did you catch it in my other post?
-
That's a new one. Uninstall the package and install it again. The pkg code adds that user on install, or it's supposed to anyhow
work
-
squidguard
errorwarning on instalation>>> Installing pfSense-pkg-squidGuard... Updating pfSense-core repository catalogue... pfSense-core repository is up-to-date. Updating pfSense repository catalogue... pfSense repository is up-to-date. All repositories are up-to-date. The following 3 package(s) will be affected (of 0 checked): New packages to be INSTALLED: pfSense-pkg-squidGuard: 1.12 [pfSense] squidGuard: 1.4_15 [pfSense] db5: 5.3.28_3 [pfSense] The process will require 15 MiB more space. 1 MiB to be downloaded. Fetching pfSense-pkg-squidGuard-1.12.txz: ..... done Fetching squidGuard-1.4_15.txz: .... done Fetching db5-5.3.28_3.txz: .......... done Checking integrity... done (0 conflicting) [1/3] Installing db5-5.3.28_3... [1/3] Extracting db5-5.3.28_3: .......... done [2/3] Installing squidGuard-1.4_15... [2/3] Extracting squidGuard-1.4_15: ..... done [3/3] Installing pfSense-pkg-squidGuard-1.12... [3/3] Extracting pfSense-pkg-squidGuard-1.12: .......... done Saving updated package information... done. Loading package configuration... done. Configuring package components... Loading package instructions... Warning: file_put_contents(/usr/local/etc/squidGuard/squidguard_conf.xml): failed to open stream: No such file or directory in /usr/local/pkg/squidguard.inc on line 1045 Call Stack: 0.0004 228704 1\. {main}() /etc/rc.packages:0 0.1839 10561792 2\. install_package_xml() /etc/rc.packages:77 0.4223 11047992 3\. require_once('/usr/local/pkg/squidguard.inc') /etc/inc/pkg-utils.inc:702 0.4543 12883648 4\. convert_pfxml_to_sgxml() /usr/local/pkg/squidguard.inc:100 0.4574 12913928 5\. file_put_contents() /usr/local/pkg/squidguard.inc:1045 Custom commands... Executing custom_php_install_command()...done. Executing custom_php_resync_config_command()...done. Menu items... done. Services... done. Writing configuration... done. Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.Message from squidGuard-1.4_15: =================================================================== In order to activate squidGuard you have to edit squid.conf To the contain "url_rewrite_program /usr/local/bin/squidGuard" and create a configuration file for squidGuard. Sample blacklists have been installed in /usr/local/share/examples/squidGuard. A sample configuration file has beeen installed in /usr/local/etc/squid/squidGuard.conf.sample. You need to edit the configuration and compile the blacklist you choose to use with: squidGuard -d -C all Please bear in mind that this is just a sample configuration file and for any real world usage you need to download or create your own updated blacklists and create your own configuration file. Check documentation here: http://www.squidguard.org/Doc/ To activate the changes do a /usr/local/sbin/squid -k reconfigure =================================================================== Message from pfSense-pkg-squidGuard-1.12: Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details. >>> Cleaning up cache... done. Success
-
squidguard
errorwarning on instalationI'll push a fix for that, looks easy enough to correct.
-
error on lightsquid
Jan 21 16:31:22 php-fpm 28398 /rc.start_packages: [lightsquid] Error: Could not load default '/usr/local/etc/lightsquid/lightsquid.cfg.dist' configuration file. Jan 21 16:31:22 php-fpm 28398 /rc.start_packages: [lightsquid] Error: Could not create '/usr/local/etc/lightsquid/lightsquid.cfg' configuration file. Jan 21 16:31:22 php-fpm 28398 /rc.start_packages: [lightsquid] Removing old cronjobs...
-
Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.
-
Fired up a test vm with a clean 2.3 install, squid appears to be working as long as I disable clamav and c-icap.
I seriously lack time lately, after a (really) quick check it doesn't seem to build the .sock file and it probably misses something else.
I think you guys are well-aware of it but I'll be happy to provide more info as soon as I can if needed.Thank you once again for the awesome job you keep doing.
See ya! -
We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.
-
When ever i turn on Transparent HTTP Proxy i couldn't browse any website , but there is no problem if i use explicit proxy .
Any one have the same issue ???
-
I can't use transparent or adding it to my system direct. They both fail. Looks like a few of us having the problem but no cause or solution yet to my knowledge.
-
Clean install, restore configs, problem remains.
-
Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.
We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.
What does this mean? It's fixed in 2.3 final right?
-
When ever i turn on Transparent HTTP Proxy i couldn't browse any website , but there is no problem if i use explicit proxy .
Any one have the same issue ???
I can confirm that, the transparent proxy does not work
-
Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.
We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.
What does this mean? It's fixed in 2.3 final right?
The package version has no relation to 2.3 "final", it could be changed before or after release. Hopefully, before. It just means it isn't working or isn't tested now. The functions I stated we didn't work on may work fine, we just haven't tested them because they're not functions of squid we intend to "officially" support at this time.
Others are free to test and submit fixes as needed if they want, though.
-
Reading threads from older versions of pfSense, it sounds like this is a known issue, but I wanted to report that I am also having issues with the transparent proxy and getting "ERR_EMPTY_RESPONSE" on Chrome. However, my observation has been that everything works fine when the DNS response is still hanging around from the last time I visited the page (read: squid was off). To me, this might suggest that Squid is either having a hard time talking to the dns server (isn't pointed a the local machine/general DNS settings), squid isn't giving dns enough time to respond (timeout setting too short), or there's some conflicting setting between squid and dns.
-
There's a workaround for the transparent proxy issue in https://redmine.pfsense.org/issues/5869
chgrp squid /dev/pf
Proper fix to come.
-
Work around confirmed working on my end! Squidguard also functioning now that squid is responding. Thank you!!!
Now I await the return of Lightsquid for reporting but for now the important part of content filtering has returned!
-
Also pleased to report that enabling antivirus is working too! I attempted to download the eicar.txt file and it was blocked with a virus warning as it should be!
Only thing left I notice is on the realtime log page.
Message WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory Database updated (6435493 signatures) from db.us.clamav.net (IP: 194.8.197.22)
Everything else looks good to my knowledge.
-
Work around did not survive a reboot. Reapplied and things work again. Just an FYI.
-
That's expected, it's just a temp workaround.
-
New revision of the squid package is up now for testing. If you did the chgrp work around you need to change it back to 'proxy' or reboot before upgrading the package.
-
Rebooted, updated squid package. Seems to be ok. Content filtering and virus scanning are working.
-
Thx for fixing this issue
Transparentproxy works fine now.
-
I'm noticing that between the 12-24hr mark, DNS issues return. Timing has seemed relatively inconsistent and I haven't really narrowed down any possible causes just yet.
Here's what I've observed so far:
I restarted unbound, and the issue persisted.
I disabled squid and the issue went away.
I re-enabled squid and everything stayed good.Next time, I'll check the squid logs and restart the service and report back.
-
Update on Lightsquid: The package now runs in its own web server instance using lighttpd, on its own port and with password protection. It was the smoothest way to get perl cgi support without dragging extra dependencies into base.
Note there are some subtle changes to navigation in the package.
-
There is a port issue when you click Lightsquid. I see myip:9000:7445
-
There is a port issue when you click Lightsquid. I see myip:9000:7445
I'll look into that.
-
Also nothing happens if I hit refresh buttons.
It seems like it is working but I have no data in the logs.When I: /usr/local/www/lightsquid/lightparser.pl from console, data appears.
In logs I have: /pkg_edit.php: [lightsquid] Parsing today's entries in access.log using '/usr/bin/perl /usr/local/www/lightsquid/lightparser.pl today'There has to be something wrong here…
-
Oh and one more thing..
If I manually do: /usr/bin/perl /usr/local/www/lightsquid/lightparser.pl today
This is in the crontab.Output is /usr/bin/perl: Command not found.
-
I fixed the perl path (should be /usr/local/bin/perl) and fixed the parsing of the link with the port.
-
I split the unrelated hit % posts off into their own thread and cleaned up the references here.
-
One more thing:
a) After reboot Lightsquid Web Server won
t come up b) Starting it from status_services.php won
t start it
c) Saving settings in pkg_edit.php?xml=lightsquid.xml will start it.:)
-
a) After reboot Lightsquid Web Server won
t come up b) Starting it from status_services.php won
t start it
c) Saving settings in pkg_edit.php?xml=lightsquid.xml will start it.I can't reproduce this, it starts every time for me. Any errors in the system log, or in /var/log/lighttpd_lightsquid.log ?
-
lightsquid :
disable ssl , now click "open lightsquid" .. url go to "https" ….
-
lightsquid :
disable ssl , now click "open lightsquid" .. url go to "https" ….
I pushed a fix for that just now.
-
a) After reboot Lightsquid Web Server won
t come up b) Starting it from status_services.php won
t start it
c) Saving settings in pkg_edit.php?xml=lightsquid.xml will start it.I can't reproduce this, it starts every time for me. Any errors in the system log, or in /var/log/lighttpd_lightsquid.log ?
That`s odd.
I cleared browsers cache and now it starts correctly. -
I'm noticing that between the 12-24hr mark, DNS issues return. Timing has seemed relatively inconsistent and I haven't really narrowed down any possible causes just yet.
Here's what I've observed so far:
I restarted unbound, and the issue persisted.
I disabled squid and the issue went away.
I re-enabled squid and everything stayed good.Next time, I'll check the squid logs and restart the service and report back.
Turns out that my issues are symptomatic of packet loss with my ISP and nothing to do with pfsense.
-
i upgraded one full install box from 2.2.6 to 2.3 and after solving all the other issues with the help of jimp im left with one issue with squid. I cleared all its cache, recreated the directories and also reinstalled squid as well as got rid of the older pbi mess but when i goto the general squid config page and hit save it never comes back and then i get 504 Gateway Time-out, on the other pages atleast after a while the page comes back on hitting save.
any idea what could be causing this?