Squid, SquidGuard, Lightsquid status on 2.3

seanelias · Jan 23, 2016, 3:59 PM

When ever i turn on Transparent HTTP Proxy i couldn't browse any website , but there is no problem if i use explicit proxy .

Any one have the same issue ???

brianc69 · Jan 24, 2016, 6:39 AM

I can't use transparent or adding it to my system direct. They both fail. Looks like a few of us having the problem but no cause or solution yet to my knowledge.

brianc69 · Feb 3, 2016, 6:14 PM

Clean install, restore configs, problem remains.

Valex · Feb 4, 2016, 9:52 AM

@jimp:

Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.

@jimp:

We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.

What does this mean? It's fixed in 2.3 final right?

rubinho · Feb 4, 2016, 1:24 PM

@seanelias:

When ever i turn on Transparent HTTP Proxy i couldn't browse any website , but there is no problem if i use explicit proxy .

Any one have the same issue ???

I can confirm that, the transparent proxy does not work

jimp · Feb 4, 2016, 1:36 PM

@Valex:

@jimp:

Lightsquid is broken in many ways (see the earlier posts in the thread) – no hope of it working util we fix up nginx for CGI.

@jimp:

We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.

What does this mean? It's fixed in 2.3 final right?

The package version has no relation to 2.3 "final", it could be changed before or after release. Hopefully, before. It just means it isn't working or isn't tested now. The functions I stated we didn't work on may work fine, we just haven't tested them because they're not functions of squid we intend to "officially" support at this time.

Others are free to test and submit fixes as needed if they want, though.

UltramaticOrange · Feb 6, 2016, 3:57 AM

Reading threads from older versions of pfSense, it sounds like this is a known issue, but I wanted to report that I am also having issues with the transparent proxy and getting "ERR_EMPTY_RESPONSE" on Chrome. However, my observation has been that everything works fine when the DNS response is still hanging around from the last time I visited the page (read: squid was off). To me, this might suggest that Squid is either having a hard time talking to the dns server (isn't pointed a the local machine/general DNS settings), squid isn't giving dns enough time to respond (timeout setting too short), or there's some conflicting setting between squid and dns.

cmb · Feb 11, 2016, 10:15 AM

There's a workaround for the transparent proxy issue in https://redmine.pfsense.org/issues/5869

chgrp squid /dev/pf

Proper fix to come.

brianc69 · Feb 11, 2016, 1:49 PM

Work around confirmed working on my end! Squidguard also functioning now that squid is responding. Thank you!!!

Now I await the return of Lightsquid for reporting but for now the important part of content filtering has returned!

brianc69 · Feb 11, 2016, 1:48 PM

Also pleased to report that enabling antivirus is working too! I attempted to download the eicar.txt file and it was blocked with a virus warning as it should be!

Only thing left I notice is on the realtime log page.

Message
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory
Database updated (6435493 signatures) from db.us.clamav.net (IP: 194.8.197.22)

Everything else looks good to my knowledge.

brianc69 · Feb 11, 2016, 2:30 PM

Work around did not survive a reboot. Reapplied and things work again. Just an FYI.

jimp · Feb 11, 2016, 2:31 PM

That's expected, it's just a temp workaround.

jimp · Feb 11, 2016, 5:08 PM

New revision of the squid package is up now for testing. If you did the chgrp work around you need to change it back to 'proxy' or reboot before upgrading the package.

brianc69 · Feb 11, 2016, 5:54 PM

Rebooted, updated squid package. Seems to be ok. Content filtering and virus scanning are working.

rubinho · Feb 14, 2016, 6:09 PM

Thx for fixing this issue

Transparentproxy works fine now.

UltramaticOrange · Feb 25, 2016, 6:20 PM

I'm noticing that between the 12-24hr mark, DNS issues return. Timing has seemed relatively inconsistent and I haven't really narrowed down any possible causes just yet.

Here's what I've observed so far:
I restarted unbound, and the issue persisted.
I disabled squid and the issue went away.
I re-enabled squid and everything stayed good.

Next time, I'll check the squid logs and restart the service and report back.

jimp · Mar 1, 2016, 2:49 AM

Update on Lightsquid: The package now runs in its own web server instance using lighttpd, on its own port and with password protection. It was the smoothest way to get perl cgi support without dragging extra dependencies into base.

Note there are some subtle changes to navigation in the package.

brianc69 · Mar 1, 2016, 1:01 PM

There is a port issue when you click Lightsquid. I see myip:9000:7445

jimp · Mar 1, 2016, 1:14 PM

@brianc69:

There is a port issue when you click Lightsquid. I see myip:9000:7445

I'll look into that.

maverick_slo · Mar 1, 2016, 1:29 PM

Also nothing happens if I hit refresh buttons.
It seems like it is working but I have no data in the logs.

When I: /usr/local/www/lightsquid/lightparser.pl from console, data appears.
In logs I have: /pkg_edit.php: [lightsquid] Parsing today's entries in access.log using '/usr/bin/perl /usr/local/www/lightsquid/lightparser.pl today'

There has to be something wrong here…