Squid errors
-
Hi, I installed the squid package on my 0.90a version, but in order to it works properly, i did some changes based on some advices I got:
There is some configuration missed on /dev/pf
I was receiving the error:
"parseHttpRequest: PF open failed: (13) Permission denied"
In the cache.log
So according to some posts I found the permissions for the /dev/pf should be changed to:
chgrp squid /dev/pf
chmod g+rw /dev/pfI'm not an expert on FreeBSD or Squid, but this certainly remove the errors on cache.log and enhanced the performance of cache.
Besides after installing the squid package I have to replace the second line in the /usr/local/etc/rc.d/squid.sh with :
#: /usr/local/etc/rc.d/squid.shI hope this may help someone else.
-
Emanuel,
I appreciate the suggestions. I have made the changes in the package code to modify permissions on /dev/pf after reviewing several articles stating that this is appears to be a good way to give Squid permission to write to it.
Does anyone see any negative implications of doing such before the code is committed? I'm still working on some other issues before committing, so let me know. Thanks!
Mike
-
Thanks Myntric!!
-
Has this been comitted yet? I've manually done these changes, and they have really helped out my squid installation! Nice help Emanuel!
-
Has this been comitted yet? I've manually done these changes, and they have really helped out my squid installation! Nice help Emanuel!
Not as of yet.
-
No commits as of yet. I can commit these changes, but I'm in the midst of a rewrite of one of the components to try and make it a little faster in writing the configuration. It's pretty inefficient at this point. I'll see what I can do.
-
Has this been comitted yet? I've manually done these changes, and they have really helped out my squid installation! Nice help Emanuel!
Hi Cyrandir, it's great I can help, but be aware that the permision changes doesn't survive a reboot, so you can do one of two things:
1- Modify the /usr/local/etc/rc.d/squid.sh and add the two commands you ran before:
chgrp squid /dev/pf
chmod g+rw /dev/pf2- Modify the /etc/devfs.conf file and add at the end this lines:
own pf root:squid
perm pf 0640This is to make sure the changes are re-applied every time your server boots, at least it works well for me.
Hope this help
-
Thanks! I'll do that
-
Hi Myntric,
I'm using the last package you release, and it works really good, but seems like it needs to change perms for squid group to "/var/run/squid.pid".
Besides, i was thinking that would be nice to have a squid entry in the "Status/Services" page in the GUI. Is it much dificult? I have no skills in editing php or xml.
Thanks again for your help!
-
I agree that a service status entry would be highly useful
-
This may have already been covered in the lists, but I'm recording them here for posterity as well. After installing the squid package to my 0.93.2 box I had to make the following changes:
mkdir /var/squid/cache
chown squid: /var/squid/cache
chown squid: /var/squid/logs
squid -z -f /usr/local/etc/squid/squid.confin squid.conf, you have to make the following changes to the ACLs ( I believe this to be a bug in the WebGUI but I haven't looked at the code yet ):
ensure that acl all's src is set to 0.0.0.0/255.255.255.0
ensure that acl localnet's src is set to your local network (or whatever networks you want to traverse your squid proxy)
add the line: http_access allow localnetat this point you can start squid and you should be off and running.
-
The code is actually in there to do the chmod's and such during the install, but it is not executing properly. I've been working with colin on this. Due to the complexity with all of the GUI and integration with other items such as SquidGuard, it may come down to where I have to write this in full-fledged PHP and use the packaging system for the install portion, but I'd like to make this version as stable as possible in the meantime. Thanks for your help!
Mike
-
Mike,
There's a big bug in the ACL section of the WebGUI. When adding networks to the allow, section, only one network is captured, and its appended to the "all" ACL rather than the "localnet" ACL. Any additional networks added are ignored, although they're slumped together one on top of the next in the WebGUI display. It might be better to either create a file and write networks to that file and have squid.conf point to that file. Alternatively, you might have the localnet ACL get the networks bound to whichever NIC squid should be bound to.
-
@submicron:
Mike,
There's a big bug in the ACL section of the WebGUI. When adding networks to the allow, section, only one network is captured, and its appended to the "all" ACL rather than the "localnet" ACL. Any additional networks added are ignored, although they're slumped together one on top of the next in the WebGUI display. It might be better to either create a file and write networks to that file and have squid.conf point to that file. Alternatively, you might have the localnet ACL get the networks bound to whichever NIC squid should be bound to.
Also, i have found that if you add "unrestricted IPs" in the ACL of the WebGUI, the are stored in the acl file just as they were writed down in the WebGUI, this means, separated by a semi-colon, insted of one IP address per line, which generate errors when you start the service. If you edit the acl_unrestricted_ip.acl file, and put one IP address per line, it shows funny in the WebGUI page.
Thanks again for this great piece of software!
-
Mike,
I know you'll work on these issues when you get time. Is it better for us to keep posting to this thread or would you rather we file bug reports as we come across issues?
-
@submicron:
Mike,
I know you'll work on these issues when you get time. Is it better for us to keep posting to this thread or would you rather we file bug reports as we come across issues?
I think the this thread for now will work best for me. Thanks!
Mike
-
I just installed Squid 2.5.11_3 on 0.90 - I know, there's a newer release… ;-)
After install, I did this:
chgrp squid /dev/pf
chmod g+rw /dev/pf
/usr/local/sbin/squid -z -f /usr/local/etc/squid/squid.conf
Navigated to: Services->Squid
Proxy Listening Interface: LAN
Transparent Proxy: CHECKED
Log Enabled: CHECKED
Visible Hostname: XXX.com
Cache Administrator Email: support@XXX.com
Error Message Language: English
And then pressed save:
Warning: fopen(/usr/local/etc/squid/advanced/acls/src_subnets.acl): failed to open stream: No such file or directory in /usr/local/pkg/squid_ng.inc on line 487 Warning: fwrite(): supplied argument is not a valid stream resource in /usr/local/pkg/squid_ng.inc on line 488 Warning: fclose(): supplied argument is not a valid stream resource in /usr/local/pkg/squid_ng.inc on line 489 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squid_ng.inc:487) in /usr/local/www/pkg_edit.php on line 183Are the missing files (I checked) not a part of the package?
I have set squid up on an older version before - no problems there - did I miss something or is it in a state of flux at the moment?Thanks!
-
I just installed .94 I havn't had a chance to get .94.4 yet but I got pretty much the same thing. I changed some options and clicked save and an error similar to that appeared. I was on the first tab of the setup page. I got similar errors from the second tab after changing an option or two and perhaps from the third tab also. On the tab you enter ip and domain ips etc after hitting save I got no errors.
I refreshed all the pages I changed settings on and they seemed to be set to what I changed them too.
I didn't bother posting it here because I'm not on the most current version.
-
Interesting. The last commit was a few weeks ago and while quite a bit was changed, I was under the impression that the default install worked. The package is definitely in a state of flux at the moment. In speaking with Colin, it seems that the best way to design a flexible Squid package and allow the integration with SquidGuard, HAVP, ClamAV, or whatever is to code in pure PHP while using the packaging system simply for the install/deinstall and such. This would allow much more flexibility. I've started the process and don't expect to have a commit for little while, but am plugging away and trying to support both packages now. I'll check into this issue and see if I can fix it and commit a new version. I'll let everyone know if I do. Thanks!
-
This actually was a server error. Or package sync script stopped copying changes from CVS.
At any rate, everything is fixed now and the squid stuff should be on the latest version on the server now.
-
I'm guessing that the correct answer is to uninstall and then re-install the squid package?
-
@submicron:
I'm guessing that the correct answer is to uninstall and then re-install the squid package?
Yep.
-
Just did a remove and install…
At the bottom of the package install screen in black on the grey background was this text:
Parse error: parse error, unexpected T_STRING in /etc/inc/pkg-utils.inc(426) : eval()'d code on line 1Tried the same task again, got the same message about missing includes etc. when I pressed save on the first page of the config... perhaps the cause was the error above?
Thanks!
Still running 0.90 on that box - will upgrade to 94.4 today -
@submicron:
I'm guessing that the correct answer is to uninstall and then re-install the squid package?
My install was 100% fresh. The first thing I did was install squid and start to configure it.
I am thinking I havn't seen these errors before or not I remember, is because I have just used the upgrade option each time (except this time). And it keeps all my settings even when you get the error.
-
Hi all!
Likewise, all references to "GSDF" should also be changed to "GDSF".
;)
-
Hi all!
Likewise, all references to "GSDF" should also be changed to "GDSF".
;)
Already fixed.
-
have pfsense .95a installed and just installed squid.
first time it's installed, i got misconfigured it and got lots of error.
so i removed it and install again.
this time it works fine.but after reboot, it wont start up automatically.
i have to go to shell and type squid to start itwhat to do to make it startup on every boot?
-
have pfsense .95a installed and just installed squid.
This version is not supported. Upgrade to receive support.
-
fresh installed pfsense 1 beta
then directly install squid package only.squid doesnt run at all.
i try see from shell, no /var/squid folder
there's a squid folder on /etc/local
but it's only contain 2 folders (logs and cache) and both folders are empty.so, no log i can see.
the cache folder also not created yet.i try squid -z but it gives out error: failed to create folder…
-
these steps you need to take to get squid 2.5.12 from the pfsense packages working with pfsense beta 1
pfSense console setup 8) Shell mkdir /var/squid chown squid:squid /var/squid mkdir /var/squid/logs chown squid:squid /var/squid/logs mkdir /var/squid/cache chown squid:squid /var/squid/cache mkdir /usr/local/etc/squid/advanced chown squid:squid /usr/local/etc/squid/advanced mkdir /usr/local/etc/squid/advanced/acls chown squid:squid /usr/local/etc/squid/advanced/acls touch /usr/local/etc/squid/advanced/acls/src_subnets.acl chown squid:squid /usr/local/etc/squid/advanced/acls/src_subnets.acl touch /usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl chown squid:squid /usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl squid -z exit pfSense console setup 11) Restart webConfigurator now config in pfsense browser http://ipadress/pkg_edit.php?xml=squid_ng.xml&id=0 go back to consul pfSense console setup 8) Shell squid ps -ax | grep squid if you see somving like this : 4683 ?? Ss 0:00.00 squid 4685 ?? S 0:00.19 (squid) (squid) 4695 p0 S+ 0:00.01 grep squid squid is running
-
ok now squid runs fine.
still one problem.
how do i make it automatically start on each boot?btw… one more issue...
even that squid does run, when i check the access.log file,
i only see access to http://my.ip.address
and all access to the internet doesn showed up there.is this normal?
tnx
rex -
Try starting it by using the hidden xml-options for the config.xml: http://faq.pfsense.com/index.php?sid=18492&lang=en&action=artikel&cat=10&id=38&artlang=en&highlight=hidden
This of course won't be needed later when the package is final.
-
can you explain more detailed…
exactly, what to put into config.xml, where to put it?few issue i found:
transparent proxy doesnt seem to work (yet) ?
and proxy also refuse https protocol?tnx
rex -
here transparent proxy for poort 80 works but only with 3128 as squid poort on pfsense
the log is on /var/squid/logs/access.log10.141.254.1 - - [07/Jan/2006:09:32:23 +0100] "GET http://forum.pfsense.org/favicon.ico HTTP/1.1" 404 483 TCP_NEGATIVE_HIT:NONE 10.141.254.1 - - [07/Jan/2006:09:32:24 +0100] "GET http://www.imageshack.us/iframe.php?txtcolor=111111&type=blank HTTP/1.1" 200 1211 TCP_MISS:DIRECT 10.141.254.1 - - [07/Jan/2006:09:32:24 +0100] "GET http://forum.pfsense.org/favicon.ico HTTP/1.1" 404 483 TCP_NEGATIVE_HIT:NONE 10.141.254.1 - - [07/Jan/2006:09:34:06 +0100] "GET http://checkip.dyndns.org/ HTTP/1.0" 200 264 TCP_MISS:DIRECT 10.141.254.1 - - [07/Jan/2006:09:39:09 +0100] "GET http://checkip.dyndns.org/ HTTP/1.0" 200 264 TCP_MISS:DIRECT
check /var/squid/logs/cache.log for squid errors
to start squid from config.xml:
add <shellcmd>squid</shellcmd> to config.xml
look at the code below for where to put it<system><optimization>normal</optimization> <hostname>pfsense</hostname> <domain>wlelystad.homeip.net</domain> <username>admin</username> <password>$1$.Qr5mty/$FZsZiYnpLMX1fs3VPAJpq1</password> <timezone>Europe/Amsterdam</timezone> <time-update-interval>300</time-update-interval> <timeservers>pool.ntp.org</timeservers> <webgui><protocol>http</protocol> <certificate><private-key><port>10000</port></private-key></certificate></webgui> <enablesshd>yes</enablesshd> <maximumstates><dnsallowoverride><dnsserver><dnsserver><shellcmd>squid</shellcmd></dnsserver></dnsserver></dnsallowoverride></maximumstates></system>
-
these steps you need to take to get squid 2.5.12 from the pfsense packages working with pfsense beta 1
pfSense console setup 8) Shell mkdir /var/squid chown squid:squid /var/squid mkdir /var/squid/logs chown squid:squid /var/squid/logs mkdir /var/squid/cache chown squid:squid /var/squid/cache mkdir /usr/local/etc/squid/advanced chown squid:squid /usr/local/etc/squid/advanced mkdir /usr/local/etc/squid/advanced/acls chown squid:squid /usr/local/etc/squid/advanced/acls touch /usr/local/etc/squid/advanced/acls/src_subnets.acl chown squid:squid /usr/local/etc/squid/advanced/acls/src_subnets.acl touch /usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl chown squid:squid /usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl squid -z exit pfSense console setup 11) Restart webConfigurator now config in pfsense browser http://ipadress/pkg_edit.php?xml=squid_ng.xml&id=0 go back to consul pfSense console setup 8) Shell squid ps -ax | grep squid if you see somving like this : 4683 ?? Ss 0:00.00 squid 4685 ?? S 0:00.19 (squid) (squid) 4695 p0 S+ 0:00.01 grep squid squid is running
I just updated the squid INIT code to include this. Please test again!
-
This actually was a server error. Or package sync script stopped copying changes from CVS.
At any rate, everything is fixed now and the squid stuff should be on the latest version on the server now.
Speaking of this, we had yet another problem syncing packages. Please try squid again, I've fixed a ton of errors and made sure that it is sycning.
Out of the box squid starts now for me. Please let me know if this is not the case for anyone else, I really want squid working for 1.0.
-
Hi @all!
I've tried to use the captive portal together with squid in transparent mode. The captive portal was running before without any errors, but after I have installed squid I've got a lot of errors and squid refused the connection to any server on the wan-side.
Well, I've read the squid docs and faqs and there I've found, it isn't possible to run squid in transparent mode with authentification by acl, ldap and so on.
Now my question: Is it possible to run squid together with a captive portal?Thanks and so long
Schnuffel -
i uninstalled squid
removed leftovers
installed squid again
its now working direct for meby the way if you select any of the Authentication settings on squid then squid breeks
the squid auth files are missing
had to reinstall squid to get squid working again afther thatWarning: Unknown(/usr/local/pkg/squid_auth.inc): failed to open stream: No such file or directory in /usr/local/www/pkg_edit.php(164) : eval()'d code on line 1 Fatal error: (null)(): Failed opening required '/usr/local/pkg/squid_auth.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal') in /usr/local/www/pkg_edit.php(164) : eval()'d code on line 1
only inc file i have in /usr/local/pkg is squid_ng.inc
the rest are xml filesthese steps you need to take to get squid 2.5.12 from the pfsense packages working with pfsense beta 1
pfSense console setup 8) Shell mkdir /var/squid chown squid:squid /var/squid mkdir /var/squid/logs chown squid:squid /var/squid/logs mkdir /var/squid/cache chown squid:squid /var/squid/cache mkdir /usr/local/etc/squid/advanced chown squid:squid /usr/local/etc/squid/advanced mkdir /usr/local/etc/squid/advanced/acls chown squid:squid /usr/local/etc/squid/advanced/acls touch /usr/local/etc/squid/advanced/acls/src_subnets.acl chown squid:squid /usr/local/etc/squid/advanced/acls/src_subnets.acl touch /usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl chown squid:squid /usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl squid -z exit pfSense console setup 11) Restart webConfigurator now config in pfsense browser http://ipadress/pkg_edit.php?xml=squid_ng.xml&id=0 go back to consul pfSense console setup 8) Shell squid ps -ax | grep squid if you see somving like this : 4683 ?? Ss 0:00.00 squid 4685 ?? S 0:00.19 (squid) (squid) 4695 p0 S+ 0:00.01 grep squid squid is running
I just updated the squid INIT code to include this. Please test again!
-
Did a clean install on VMware and installed the SQUID package.
As far as i can see it seams to be working.
I enabled logging in the web gui but the log can only be viewed from the shell.-
Only set logging and i saw requests.
Set the captive portal and that didn't work anymore :( -
Then set tranparted proxy delete the logs
Captive portal loggin page was working again but u could not get webpages. -
disabled captive portal and got requests in the logfiles.
I take it that the requests showing up ib the logfile indicate squid is working.
-
-
Warning: Unknown(/usr/local/pkg/squid_auth.inc): failed to open stream: No such file or directory in /usr/local/www/pkg_edit.php(164) : eval()'d code on line 1 Fatal error: (null)(): Failed opening required '/usr/local/pkg/squid_auth.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal') in /usr/local/www/pkg_edit.php(164) : eval()'d code on line 1
I just updated squid_ng.xml to include squid_auth.inc. Deinstall the package and reinstall. Hoepfully this one is fixed now.