Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid Problem?

    Scheduled Pinned Locked Moved pfSense Packages
    8 Posts 3 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      orc4hire
      last edited by

      I set up a pfSense firewall last week for a client (to replace their firewall appliance that had just died) and have generally found it to be full of chocolately goodness.  I am running into one really weird problem, though.

      Any attempts to go to www.bing.com or www.yahoo.com were being turned into Google searches.  That is, you try to go to Yahoo and end up on a Google search results page with the results for www.yahoo.com.  I jiggled the handle a bit, and Bing seems to be working now, but Yahoo still doesn't work.  For a while it was giving the Squid error screen (contact your cache administrator, etc), but now it just times out and fails.

      I've tried first turning off, and then uninstalling Squid, but it still doesn't work.  Going to mail.yahoo.com or search.yahoo.com works fine, but www.yahoo.com just fails.  If I hook up a second gateway to the network and go out through that, bypassing pfSense, it works fine.

      The only packages I've had installed are Squid, Lightsquid, Snort (currently stopped), and Bandwidthd.

      Any ideas?

      OK, I just tried re-installing Squid, and now I get this when I go to www.yahoo.com:


      ERROR
      The requested URL could not be retrieved
      While trying to retrieve the URL: http://m.www.yahoo.com/
      The following error was encountered:
          * Connection to Failed
      The system returned:
          (1) Operation not permitted
      The remote host or network may be down. Please try the request again.
      Your cache administrator is administrator@tssssss.com.
      Generated Thu, 28 Jan 2010 18:05:26 GMT by Firewall (squid)


      I have the Squid 'custom option' 'ignore_expect_100 on' set, to get around a problem with the USPS Shipping Assistant.  Taking that out still gives the same error.

      1 Reply Last reply Reply Quote 0
      • G
        Gob
        last edited by

        Could it be Mal/Ware on the machine?

        If I fix one more thing than I break in a day, it's a good day!

        1 Reply Last reply Reply Quote 0
        • O
          orc4hire
          last edited by

          Good thought, but it seems to be every computer, even a Mac, and it works fine if I go out through a different gateway.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Did you also install squidguard? It has some "safe search" stuff that might monkey with such things but if you disabled squid, and it still happened, that's just odd.

            What DNS servers are you using? If it's OpenDNS, perhaps they are returning Google IPs for yahoo/bing/etc, but even that is unlikely.

            First things first, I'd start with a PC that works and a PC that doesn't, ping www.google.com from both, then ping www.yahoo.com from both, and compare the IP addresses returned. Traceroute may also be helpful

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • O
              orc4hire
              last edited by

              Nope, no squidguard.  Using internal (Windows Active Directory) domain servers.  DNS returns the appropriate addresses.

              With Squid off, the page just fails to load.  Right now, after unstalling and reinstalling Squid, I get the '(1) Operation not permitted' error.  It seems to only be www.yahoo.com that's affected.

              Weird, huh?

              If I can't come up with anything else by tonight, I'm going to try restarting the firewall box and see if that does anything amusing.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                With squid stopped, your traffic is still redirected, but with no process listening on the proxy port, it hits a dead end (thus doesn't work)

                What happens with squid enabled, and the IP of a workstation put into the box which bypasses the proxy on the main squid page?

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • G
                  Gob
                  last edited by

                  i vaguely recollect a problem with yahoo and adobe sites at one of our offices. turned out to be a problem with the mtu setting on the wan.

                  If I fix one more thing than I break in a day, it's a good day!

                  1 Reply Last reply Reply Quote 0
                  • O
                    orc4hire
                    last edited by

                    @jimp:

                    With squid stopped, your traffic is still redirected, but with no process listening on the proxy port, it hits a dead end (thus doesn't work)

                    What happens with squid enabled, and the IP of a workstation put into the box which bypasses the proxy on the main squid page?

                    Ah, good question!

                    I get a straight browser 'unable to connect' without the '(1) Operation not permitted.'

                    But after sitting for 10 minutes, it works!  And, weirdest of all, not just for that one machine, but the whole LAN now.

                    No, I don't have any idea either.  Very strange.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.