Squid errors

EmanuelG · Nov 4, 2005, 8:27 AM

Hi, I installed the squid package on my 0.90a version, but in order to it works properly, i did some changes based on some advices I got:

There is some configuration missed on /dev/pf

I was receiving the error:

"parseHttpRequest: PF open failed: (13) Permission denied"

In the cache.log

So according to some posts I found the permissions for the /dev/pf should be changed to:

chgrp squid /dev/pf
chmod g+rw /dev/pf

I'm not an expert on FreeBSD or Squid, but this certainly remove the errors on cache.log and enhanced the performance of cache.

Besides after installing the squid package I have to replace the second line in the /usr/local/etc/rc.d/squid.sh with :
#: /usr/local/etc/rc.d/squid.sh

I hope this may help someone else.

Myntric · Nov 5, 2005, 5:30 AM

Emanuel,

I appreciate the suggestions. I have made the changes in the package code to modify permissions on /dev/pf after reviewing several articles stating that this is appears to be a good way to give Squid permission to write to it.

Does anyone see any negative implications of doing such before the code is committed? I'm still working on some other issues before committing, so let me know. Thanks!

Mike

EmanuelG · Nov 5, 2005, 11:18 PM

Thanks Myntric!!

Cyrandir · Nov 9, 2005, 12:05 AM

Has this been comitted yet? I've manually done these changes, and they have really helped out my squid installation! Nice help Emanuel!

sullrich · Nov 9, 2005, 1:00 AM

@Cyrandir:

Has this been comitted yet? I've manually done these changes, and they have really helped out my squid installation! Nice help Emanuel!

Not as of yet.

Myntric · Nov 9, 2005, 1:06 AM

No commits as of yet. I can commit these changes, but I'm in the midst of a rewrite of one of the components to try and make it a little faster in writing the configuration. It's pretty inefficient at this point. I'll see what I can do.

EmanuelG · Nov 9, 2005, 1:45 AM

@Cyrandir:

Has this been comitted yet? I've manually done these changes, and they have really helped out my squid installation! Nice help Emanuel!

Hi Cyrandir, it's great I can help, but be aware that the permision changes doesn't survive a reboot, so you can do one of two things:

1- Modify the /usr/local/etc/rc.d/squid.sh and add the two commands you ran before:
chgrp squid /dev/pf
chmod g+rw /dev/pf

2- Modify the /etc/devfs.conf file and add at the end this lines:
own pf root:squid
perm pf 0640

This is to make sure the changes are re-applied every time your server boots, at least it works well for me.

Hope this help

Cyrandir · Nov 9, 2005, 4:31 AM

Thanks! I'll do that

EmanuelG · Nov 17, 2005, 6:34 AM

Hi Myntric,

I'm using the last package you release, and it works really good, but seems like it needs to change perms for squid group to "/var/run/squid.pid".

Besides, i was thinking that would be nice to have a squid entry in the "Status/Services" page in the GUI. Is it much dificult? I have no skills in editing php or xml.

Thanks again for your help!

Cyrandir · Nov 17, 2005, 7:27 AM

I agree that a service status entry would be highly useful

Guest · Nov 17, 2005, 8:30 PM

This may have already been covered in the lists, but I'm recording them here for posterity as well. After installing the squid package to my 0.93.2 box I had to make the following changes:

mkdir /var/squid/cache
chown squid: /var/squid/cache
chown squid: /var/squid/logs
squid -z -f /usr/local/etc/squid/squid.conf

in squid.conf, you have to make the following changes to the ACLs ( I believe this to be a bug in the WebGUI but I haven't looked at the code yet ):

ensure that acl all's src is set to 0.0.0.0/255.255.255.0
ensure that acl localnet's src is set to your local network (or whatever networks you want to traverse your squid proxy)
add the line: http_access allow localnet

at this point you can start squid and you should be off and running.

Myntric · Nov 18, 2005, 3:05 AM

The code is actually in there to do the chmod's and such during the install, but it is not executing properly. I've been working with colin on this. Due to the complexity with all of the GUI and integration with other items such as SquidGuard, it may come down to where I have to write this in full-fledged PHP and use the packaging system for the install portion, but I'd like to make this version as stable as possible in the meantime. Thanks for your help!

Mike

Guest · Nov 18, 2005, 3:22 AM

Mike,

There's a big bug in the ACL section of the WebGUI. When adding networks to the allow, section, only one network is captured, and its appended to the "all" ACL rather than the "localnet" ACL. Any additional networks added are ignored, although they're slumped together one on top of the next in the WebGUI display. It might be better to either create a file and write networks to that file and have squid.conf point to that file. Alternatively, you might have the localnet ACL get the networks bound to whichever NIC squid should be bound to.

EmanuelG · Nov 18, 2005, 6:25 PM

@submicron:

Mike,

There's a big bug in the ACL section of the WebGUI. When adding networks to the allow, section, only one network is captured, and its appended to the "all" ACL rather than the "localnet" ACL. Any additional networks added are ignored, although they're slumped together one on top of the next in the WebGUI display. It might be better to either create a file and write networks to that file and have squid.conf point to that file. Alternatively, you might have the localnet ACL get the networks bound to whichever NIC squid should be bound to.

Also, i have found that if you add "unrestricted IPs" in the ACL of the WebGUI, the are stored in the acl file just as they were writed down in the WebGUI, this means, separated by a semi-colon, insted of one IP address per line, which generate errors when you start the service. If you edit the acl_unrestricted_ip.acl file, and put one IP address per line, it shows funny in the WebGUI page.

Thanks again for this great piece of software!

Guest · Nov 19, 2005, 10:49 PM

Mike,

I know you'll work on these issues when you get time. Is it better for us to keep posting to this thread or would you rather we file bug reports as we come across issues?

Myntric · Nov 20, 2005, 12:46 AM

@submicron:

Mike,

I know you'll work on these issues when you get time. Is it better for us to keep posting to this thread or would you rather we file bug reports as we come across issues?

I think the this thread for now will work best for me. Thanks!

Mike

BBMitch · Nov 20, 2005, 8:01 AM

I just installed Squid 2.5.11_3 on 0.90 - I know, there's a newer release… ;-)
After install, I did this:
chgrp squid /dev/pf
chmod g+rw /dev/pf
/usr/local/sbin/squid -z -f /usr/local/etc/squid/squid.conf
Navigated to: Services->Squid
Proxy Listening Interface: LAN
Transparent Proxy: CHECKED
Log Enabled: CHECKED
Visible Hostname: XXX.com
Cache Administrator Email: support@XXX.com
Error Message Language: English
And then pressed save:
Warning: fopen(/usr/local/etc/squid/advanced/acls/src_subnets.acl): failed to open stream: No such file or directory in /usr/local/pkg/squid_ng.inc on line 487 Warning: fwrite(): supplied argument is not a valid stream resource in /usr/local/pkg/squid_ng.inc on line 488 Warning: fclose(): supplied argument is not a valid stream resource in /usr/local/pkg/squid_ng.inc on line 489 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squid_ng.inc:487) in /usr/local/www/pkg_edit.php on line 183

Are the missing files (I checked) not a part of the package?
I have set squid up on an older version before - no problems there - did I miss something or is it in a state of flux at the moment?

Thanks!

Jesse7 · Nov 20, 2005, 9:43 AM

I just installed .94 I havn't had a chance to get .94.4 yet but I got pretty much the same thing. I changed some options and clicked save and an error similar to that appeared. I was on the first tab of the setup page. I got similar errors from the second tab after changing an option or two and perhaps from the third tab also. On the tab you enter ip and domain ips etc after hitting save I got no errors.

I refreshed all the pages I changed settings on and they seemed to be set to what I changed them too.

I didn't bother posting it here because I'm not on the most current version.

Myntric · Nov 20, 2005, 3:59 PM

Interesting. The last commit was a few weeks ago and while quite a bit was changed, I was under the impression that the default install worked. The package is definitely in a state of flux at the moment. In speaking with Colin, it seems that the best way to design a flexible Squid package and allow the integration with SquidGuard, HAVP, ClamAV, or whatever is to code in pure PHP while using the packaging system simply for the install/deinstall and such. This would allow much more flexibility. I've started the process and don't expect to have a commit for little while, but am plugging away and trying to support both packages now. I'll check into this issue and see if I can fix it and commit a new version. I'll let everyone know if I do. Thanks!

sullrich · Nov 20, 2005, 5:05 PM

This actually was a server error. Or package sync script stopped copying changes from CVS.

At any rate, everything is fixed now and the squid stuff should be on the latest version on the server now.