2.3.1 - No outbound HTTP after upgrade



  • Just upgraded 2.2.6 to 2.3.1.

    Everything else works, except I cannot get to HTTP from the LAN (to outside).

    I can:
    –Ping internally
    --Ping extenally
    --Resolve DNS
    --VPN works
    --Load HTTPS websites (ie this site)
    --Incoming/outgoing email works (Gmail and local email server)

    I've checked:
    --No LAN GW
    --Outbound NAT is automatic
    --Rebooted
    --#1 LAN rule is ANY ANY ANY (source, destination, port)

    Packages installed:
    Cron
    pfBlockerNG
    Service_Watchdog
    Snort
    Squid

    What am I missing?



  • My guess is snort or squid, probably squid. I'm only replying because others have not yet. When they do, they can help more, but I can at least give a direction.



  • Upload the config file you saved as a backup just before updating the main OS and go from there.



  • I think I have the same issue, I only have lightsquid, squid, squidguard installed, after upgraded from 2.1 to 2.3, after starting squid, all traffic will be diverted to https, those website do not have https are not accesible, I have to stop the squid for now.  :'(



  • So I uploaded my backup config and everything righted itself until today.

    I updated snort to _13 and updated to 2.3.1_1 and we're back down.

    Restored my 2.2.6 config and rebooted.  Everything is smooth until the packages finish loading and it's back to no HTTP outbound (HTTPS, ICMP, etc work fine).

    With 2.3.1 and 2.3.1_1, squid is 'stopped' on reboot

    Brian



  • Just checked and Squid was stopped again.

    Reinstalled Squid and things appear OK for a couple minutes.

    HTTP back down.  I check and Squid is stopped.  Clearly a Squid issue.

    Uninstalled Squid, Reinstalled, service is up and down.

    Did a cd /var/squid and chown -R squid cache/ and service is back up (without me hitting start).



  • I have a similar issue… and also had squid running before upgrade.  Going through my logs I found the pfSense is re-translating many Ipv4 outgoing requests as Ipv6, and not Ipv4.  Additionally, any "allow all" rule is not being obeyed, I must singularly allow each device and port to access each web IP and port.  Only those websites that can respond or fix Ipv6 requests seem to be working.



  • @spittlbm:

    Just checked and Squid was stopped again.

    Reinstalled Squid and things appear OK for a couple minutes.

    HTTP back down.  I check and Squid is stopped.  Clearly a Squid issue.

    Uninstalled Squid, Reinstalled, service is up and down.

    Did a cd /var/squid and chown -R squid cache/ and service is back up (without me hitting start).

    Did your HTTP access improve after changing permissions on Squid?  or is it still up and down.



  • I think chown on cache solved my issue!

    @spittlbm:

    Just checked and Squid was stopped again.

    Reinstalled Squid and things appear OK for a couple minutes.

    HTTP back down.  I check and Squid is stopped.  Clearly a Squid issue.

    Uninstalled Squid, Reinstalled, service is up and down.

    Did a cd /var/squid and chown -R squid cache/ and service is back up (without me hitting start).



  • Squid has given me problems on 2 of my upgrades since v2.1. I usually stop the service, if not stopped already, console/ssh on and delete the whole squid cache directory. Then reinstall squid. Usually fixes the issue while retaining my settings.



  • I reverted back last night to 2.2.6, but will try changing permissions, deleting squid cache and reinstalling squid in the next few weeks.



  • Update: We've been good all day today.  So for me, deleting squid, reinstalling, chown worked.