How to Troubleshoot ICAP Protocol Errors?
-
I have an SG-3100 for home use with a pretty basic configuration (unfortunately, it's been long enough since I configured it that I don't remember all of the minutia). I have looked at the firewall configuration and can see that all traffic from the LAN ports goes through a single default allow rule with no restrictions. I can also see that the Squid Proxy Server service is enabled and transparent, presumably only for clamav.
I am intermittently getting errors like the one shown on this page. Upon closer inspection, I see that page isn't a pfsense manual page even though it looks similar. However, in cases where I get an error, it will recur consistently, and I can bypass it by using a different Internet connection. In addition to this, Apple devices are unable to connect to download iOS updates and some iOS apps say there is no Internet connectivity (on devices that can load web pages in Safari). This started shortly after everything shut down due to COVID-19, and I noticed a different light than usual flashing on the SG-3100, so I logged in to the web interface and saw an update was available (2.4.5-RELEASE). I installed the update and rebooted. The problem mostly went away for a number of weeks, so I had assumed that the update fixed it somehow. More recently, our Internet went down less than 5 days ago, and I rebooted the SG-3100 when that happened. Prior to that, we had not had the issue since the update was installed weeks ago, but today, it has come back full force (causing school-at-home issues). Based on the page above, the fact that I do have the squid proxy enabled, and the fact that I can access some pages from another Internet connection without getting that error where I get it consistently when going through the SG-3100, I believe pfsense is returning this error page. However, I can't seem to find any information on how I should troubleshoot it.
Additionally, since I ran some of the troubleshooting tests from the page above, I can provide this info (which may or may not be relevant):
First (from the first troubleshooting page of that site): There is no wsicapd process running (probably not relevant)
Second: The telnet test mentioned on the same page returns the expected result per that page (this may mean that whatever pfsense is using instead of wsicapd is working fine).
Third (from the second troubleshooting page of that site):
squidclient mgr:info | tail -n 20
returned this:
ERROR: Cannot connect to [::1]:3128
Fourth (I did this on my own based on the error above, but -anp doesn't work here, so I don't know the right switches):
sudo netstat -a | grep 3128
shows that something is listening on that port:
tcp4 0 0 localhost.3128 *.* LISTEN tcp4 0 0 9379.3128 *.* LISTEN
Finally (back to that second troubleshooting page):
sudo netstat -a | grep icap | grep TIME_WAIT
Returns no results.
I am probably going to reboot to see if it helps, but any advice on how I should address this would be appreciated.