Squid can't work



  • I update pfSense to
    built on Wed Dec 8 22:39:45 EST 2010

    When installed the squid package, lan's computer can't access web site. Delete the squid package, lan's computer can access web site.

    Who can help me?



  • same issue here…



  • Disable your traffic shaper and limiters, then try again.  There's some cranky issues with having the shaper/ limiter catch squid.



  • without traffic shaper…


  • Rebel Alliance Developer Netgate

    Did you check the box to "allow users on interface"? Squid may now know it's supposed to allow them access.

    If it used to work and then stopped, we need a lot more detail, not just your build time. (i386/amd64, system log output, etc)



  • Same problem here und build Dec 9 04:00 x86, but you do NOT need to uninstall squid, just use the "CTRL" key and unselect the interface SQUID should listen on or better should NOT listen on, than save. In the end, its the same like uninstalling SQUID but pehraps a little faster for testing purposes.

    I didn't use any traffic shaper.

    @jimp:
    please let me know, which log files you need and in which path I could find them. I could post them here tomorrow when I'm at work again.


  • Rebel Alliance Developer Netgate

    Or just uncheck transparent mode and save to disable the redirect. :-)

    Just the system log should be ok. Status > System Logs.

    EDIT: Maybe also part of the squid log if it shows errors. It would be under /var/squid/log/cache.log



  • I did logging to my external syslog server while booting up pfsense and (try) surfing internet, but at the moment I couldn't remember any hints about squid but I am not sure at alle at the moment.
    No other log files necessary for you ?


  • Rebel Alliance Developer Netgate

    System log and squid log would be it, no others I can think of just now.



  • 2.0-BETA4 (i386) built on Thu Dec 9 13:24:37 EST 2010

    IN "Status: System logs: System"
    I find this message:

    	saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    

    When I uncheck transparent mode, It's work.


  • Rebel Alliance Developer Netgate

    Ok, that's a good solid lead I can track down. I'll let you know.



  • IN "Status: System logs: System"
    I find this message:

    
    	php: : The command '/tmp/squidGuard_db_rebuild.sh_usrdb' returned exit code '1', the output was '2010/12/10 09:51:15| aclParseAclLine: WARNING: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl" squid: ERROR: Could not send signal 1 to process 29365: (3) No such process'
    
    

    In /var/squid/log/cache.log

    2010/12/10 09:59:57| Reconfiguring Squid Cache (version 2.7.STABLE9)...
    2010/12/10 09:59:57| FD 23 Closing HTTP connection
    2010/12/10 09:59:57| FD 24 Closing HTCP socket
    2010/12/10 09:59:57| FD 25 Closing SNMP socket
    2010/12/10 09:59:57| aioSync: flushing pending I/O operations
    2010/12/10 09:59:57| aioSync: done
    2010/12/10 09:59:57| logfileClose: closing log /var/squid/log/access.log
    2010/12/10 09:59:57| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
    2010/12/10 09:59:57| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
    2010/12/10 09:59:57| aclParseAclLine: WARNING: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
    2010/12/10 09:59:57| logfileOpen: opening log /var/squid/log/access.log
    2010/12/10 09:59:57| Store logging disabled
    2010/12/10 09:59:57| Referer logging is disabled.
    2010/12/10 09:59:57| DNS Socket created at 0.0.0.0, port 30288, FD 15
    2010/12/10 09:59:57| Adding domain fyschool from /etc/resolv.conf
    2010/12/10 09:59:57| Adding nameserver 172.16.0.1 from /etc/resolv.conf
    2010/12/10 09:59:57| Adding nameserver 172.16.0.2 from /etc/resolv.conf
    2010/12/10 09:59:57| helperOpenServers: Starting 3 'squidGuard' processes
    2010-12-10 09:59:57 [22096] (squidGuard): can't write to logfile /var/log/squidGuard.log
    2010-12-10 09:59:57 [22096] New setting: logdir: /var/squidGuard/log
    2010-12-10 09:59:57 [22096] New setting: dbhome: /var/db/squidGuard
    2010-12-10 09:59:57 [22096] init domainlist /var/db/squidGuard/flv_site/domains
    2010-12-10 09:59:57 [22096] loading dbfile /var/db/squidGuard/flv_site/domains.db
    2010-12-10 09:59:57 [22096] init expressionlist /var/db/squidGuard/flv_site/expressions
    2010-12-10 09:59:57 [22096] init domainlist /var/db/squidGuard/game/domains
    2010-12-10 09:59:57 [22096] loading dbfile /var/db/squidGuard/game/domains.db
    2010-12-10 09:59:57 [22096] init expressionlist /var/db/squidGuard/game/expressions
    2010-12-10 09:59:57 [22096] init domainlist /var/db/squidGuard/bhjy_video/domains
    2010-12-10 09:59:57 [22096] loading dbfile /var/db/squidGuard/bhjy_video/domains.db
    2010-12-10 09:59:57 [22096] init expressionlist /var/db/squidGuard/taobao/expressions
    2010-12-10 09:59:57 [22096] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22096] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22096] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22096] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22096] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22377] (squidGuard): can't write to logfile /var/log/squidGuard.log
    2010-12-10 09:59:57 [22377] New setting: logdir: /var/squidGuard/log
    2010-12-10 09:59:57 [22377] New setting: dbhome: /var/db/squidGuard
    2010-12-10 09:59:57 [22377] init domainlist /var/db/squidGuard/flv_site/domains
    2010-12-10 09:59:57 [22377] loading dbfile /var/db/squidGuard/flv_site/domains.db
    2010-12-10 09:59:57 [22377] init expressionlist /var/db/squidGuard/flv_site/expressions
    2010-12-10 09:59:57 [22377] init domainlist /var/db/squidGuard/game/domains
    2010-12-10 09:59:57 [22377] loading dbfile /var/db/squidGuard/game/domains.db
    2010-12-10 09:59:57 [22377] init expressionlist /var/db/squidGuard/game/expressions
    2010-12-10 09:59:57 [22377] init domainlist /var/db/squidGuard/bhjy_video/domains
    2010-12-10 09:59:57 [22377] loading dbfile /var/db/squidGuard/bhjy_video/domains.db
    2010-12-10 09:59:57 [22377] init expressionlist /var/db/squidGuard/taobao/expressions
    2010-12-10 09:59:57 [22377] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22377] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22377] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22377] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22377] logfile not allowed in acl other than default
    2010/12/10 09:59:57| Accepting proxy HTTP connections at 192.168.0.1, port 3128, FD 23.
    2010/12/10 09:59:57| Accepting HTCP messages on port 4827, FD 24.
    2010/12/10 09:59:57| Accepting SNMP messages on port 3401, FD 25.
    2010/12/10 09:59:57| WCCP Disabled.
    2010/12/10 09:59:57| Loaded Icons.
    2010-12-10 09:59:57 [22479] (squidGuard): can't write to logfile /var/log/squidGuard.log
    2010-12-10 09:59:57 [22479] New setting: logdir: /var/squidGuard/log
    2010-12-10 09:59:57 [22479] New setting: dbhome: /var/db/squidGuard
    2010-12-10 09:59:57 [22479] init domainlist /var/db/squidGuard/flv_site/domains
    2010-12-10 09:59:57 [22479] loading dbfile /var/db/squidGuard/flv_site/domains.db
    2010-12-10 09:59:57 [22479] init expressionlist /var/db/squidGuard/flv_site/expressions
    2010-12-10 09:59:57 [22479] init domainlist /var/db/squidGuard/game/domains
    2010-12-10 09:59:57 [22479] loading dbfile /var/db/squidGuard/game/domains.db
    2010-12-10 09:59:57 [22479] init expressionlist /var/db/squidGuard/game/expressions
    2010-12-10 09:59:57 [22479] init domainlist /var/db/squidGuard/bhjy_video/domains
    2010-12-10 09:59:57 [22479] loading dbfile /var/db/squidGuard/bhjy_video/domains.db
    2010-12-10 09:59:57 [22479] init expressionlist /var/db/squidGuard/taobao/expressions
    2010-12-10 09:59:57 [22479] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22479] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22479] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22479] logfile not allowed in acl other than default
    2010-12-10 09:59:57 [22479] logfile not allowed in acl other than default
    2010/12/10 09:59:57| Ready to serve requests.
    
    

    I can't find today's access.log in "/var/squid/log"


  • Rebel Alliance Developer Netgate

    OK, try to reinstall squid now, see if it starts (the gssapi error should be gone I hope)



  • I reinstall squid, it's not work yet.
    In /var/squid/log/cache.log

    2010/12/10 12:01:29| Reconfiguring Squid Cache (version 2.7.STABLE9)...
    2010/12/10 12:01:29| FD 21 Closing HTTP connection
    2010/12/10 12:01:29| FD 22 Closing HTTP connection
    2010/12/10 12:01:29| FD 23 Closing HTCP socket
    2010/12/10 12:01:29| FD 24 Closing SNMP socket
    2010/12/10 12:01:29| aioSync: flushing pending I/O operations
    2010/12/10 12:01:29| aioSync: done
    2010/12/10 12:01:29| logfileClose: closing log /var/squid/log/access.log
    2010/12/10 12:01:29| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
    2010/12/10 12:01:29| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
    2010/12/10 12:01:29| aclParseAclLine: WARNING: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
    2010/12/10 12:01:29| Initialising SSL.
    2010/12/10 12:01:29| logfileOpen: opening log /var/squid/log/access.log
    2010/12/10 12:01:29| Store logging disabled
    2010/12/10 12:01:29| Referer logging is disabled.
    2010/12/10 12:01:29| DNS Socket created at 0.0.0.0, port 50855, FD 16
    2010/12/10 12:01:29| Adding domain fyschool from /etc/resolv.conf
    2010/12/10 12:01:29| Adding nameserver 172.16.0.1 from /etc/resolv.conf
    2010/12/10 12:01:29| Adding nameserver 172.16.0.2 from /etc/resolv.conf
    2010/12/10 12:01:29| Accepting proxy HTTP connections at 192.168.0.1, port 3128, FD 21.
    2010/12/10 12:01:29| Accepting transparently proxied HTTP connections at 127.0.0.1, port 80, FD 22.
    2010/12/10 12:01:29| Accepting HTCP messages on port 4827, FD 23.
    2010/12/10 12:01:29| Accepting SNMP messages on port 3401, FD 24.
    2010/12/10 12:01:29| WCCP Disabled.
    2010/12/10 12:01:29| Loaded Icons.
    2010/12/10 12:01:29| Ready to serve requests.
    2010/12/10 12:01:37| Reconfiguring Squid Cache (version 2.7.STABLE9)...
    2010/12/10 12:01:37| FD 21 Closing HTTP connection
    2010/12/10 12:01:37| FD 22 Closing HTTP connection
    2010/12/10 12:01:37| FD 23 Closing HTCP socket
    2010/12/10 12:01:37| FD 24 Closing SNMP socket
    2010/12/10 12:01:37| aioSync: flushing pending I/O operations
    2010/12/10 12:01:37| aioSync: done
    2010/12/10 12:01:37| logfileClose: closing log /var/squid/log/access.log
    2010/12/10 12:01:37| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
    2010/12/10 12:01:37| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
    2010/12/10 12:01:37| aclParseAclLine: WARNING: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
    2010/12/10 12:01:37| Initialising SSL.
    2010/12/10 12:01:37| logfileOpen: opening log /var/squid/log/access.log
    2010/12/10 12:01:37| Store logging disabled
    2010/12/10 12:01:37| Referer logging is disabled.
    2010/12/10 12:01:37| DNS Socket created at 0.0.0.0, port 38724, FD 16
    2010/12/10 12:01:37| Adding domain fyschool from /etc/resolv.conf
    2010/12/10 12:01:37| Adding nameserver 172.16.0.1 from /etc/resolv.conf
    2010/12/10 12:01:37| Adding nameserver 172.16.0.2 from /etc/resolv.conf
    2010/12/10 12:01:37| Accepting proxy HTTP connections at 192.168.0.1, port 3128, FD 21.
    2010/12/10 12:01:37| Accepting HTCP messages on port 4827, FD 22.
    2010/12/10 12:01:37| Accepting SNMP messages on port 3401, FD 23.
    2010/12/10 12:01:37| WCCP Disabled.
    2010/12/10 12:01:37| Loaded Icons.
    2010/12/10 12:01:37| Ready to serve requests.
    2010/12/10 12:05:14| Reconfiguring Squid Cache (version 2.7.STABLE9)...
    2010/12/10 12:05:14| FD 21 Closing HTTP connection
    2010/12/10 12:05:14| FD 22 Closing HTCP socket
    2010/12/10 12:05:14| FD 23 Closing SNMP socket
    2010/12/10 12:05:14| aioSync: flushing pending I/O operations
    2010/12/10 12:05:14| aioSync: done
    2010/12/10 12:05:14| logfileClose: closing log /var/squid/log/access.log
    2010/12/10 12:05:14| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
    2010/12/10 12:05:14| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
    2010/12/10 12:05:14| aclParseAclLine: WARNING: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
    2010/12/10 12:05:14| Initialising SSL.
    2010/12/10 12:05:14| logfileOpen: opening log /var/squid/log/access.log
    2010/12/10 12:05:14| Store logging disabled
    2010/12/10 12:05:14| Referer logging is disabled.
    2010/12/10 12:05:14| DNS Socket created at 0.0.0.0, port 27170, FD 16
    2010/12/10 12:05:14| Adding domain fyschool from /etc/resolv.conf
    2010/12/10 12:05:14| Adding nameserver 172.16.0.1 from /etc/resolv.conf
    2010/12/10 12:05:14| Adding nameserver 172.16.0.2 from /etc/resolv.conf
    2010/12/10 12:05:14| Accepting proxy HTTP connections at 192.168.0.1, port 3128, FD 21.
    2010/12/10 12:05:14| Accepting HTCP messages on port 4827, FD 22.
    2010/12/10 12:05:14| Accepting SNMP messages on port 3401, FD 23.
    2010/12/10 12:05:14| WCCP Disabled.
    2010/12/10 12:05:14| Loaded Icons.
    2010/12/10 12:05:14| Ready to serve requests.
    2010/12/10 12:05:24| Reconfiguring Squid Cache (version 2.7.STABLE9)...
    2010/12/10 12:05:24| FD 21 Closing HTTP connection
    2010/12/10 12:05:24| FD 22 Closing HTCP socket
    2010/12/10 12:05:24| FD 23 Closing SNMP socket
    2010/12/10 12:05:24| aioSync: flushing pending I/O operations
    2010/12/10 12:05:24| aioSync: done
    2010/12/10 12:05:24| logfileClose: closing log /var/squid/log/access.log
    2010/12/10 12:05:24| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
    2010/12/10 12:05:24| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
    2010/12/10 12:05:24| aclParseAclLine: WARNING: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
    2010/12/10 12:05:24| Initialising SSL.
    2010/12/10 12:05:24| logfileOpen: opening log /var/squid/log/access.log
    2010/12/10 12:05:24| Store logging disabled
    2010/12/10 12:05:24| Referer logging is disabled.
    2010/12/10 12:05:24| DNS Socket created at 0.0.0.0, port 54229, FD 16
    2010/12/10 12:05:24| Adding domain fyschool from /etc/resolv.conf
    2010/12/10 12:05:24| Adding nameserver 172.16.0.1 from /etc/resolv.conf
    2010/12/10 12:05:24| Adding nameserver 172.16.0.2 from /etc/resolv.conf
    2010/12/10 12:05:24| Accepting proxy HTTP connections at 192.168.0.1, port 3128, FD 21.
    2010/12/10 12:05:24| Accepting transparently proxied HTTP connections at 127.0.0.1, port 80, FD 22.
    2010/12/10 12:05:24| Accepting HTCP messages on port 4827, FD 23.
    2010/12/10 12:05:24| Accepting SNMP messages on port 3401, FD 24.
    2010/12/10 12:05:24| WCCP Disabled.
    2010/12/10 12:05:24| Loaded Icons.
    2010/12/10 12:05:24| Ready to serve requests.
    
    

  • Rebel Alliance Developer Netgate

    That looks like some kind of configuration error

    
    2010/12/10 12:01:37| aclParseAclLine: WARNING: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
    

    Do you have any traffic limits/throttling setup in squid? It's saying there is an empty ACL for throttle extensions.



  • installedpackages config

    
     <installedpackages><squid><config><active_interface>lan</active_interface>
    			<allow_interface>on</allow_interface>
    			 <transparent_proxy><private_subnet_proxy_off><defined_ip_proxy_off><defined_ip_proxy_off_dest><log_enabled>on</log_enabled>
    			<log_dir>/var/squid/log</log_dir>
    			<log_rotate>92</log_rotate>
    			<proxy_port>3128</proxy_port>
    			 <icp_port><visible_hostname>localhost</visible_hostname>
    			<admin_email>admin@localhost</admin_email>
    			<error_language>Simplify_Chinese</error_language>
    			 <disable_xforward><disable_via><uri_whitespace>strip</uri_whitespace>
    			 <dns_nameservers><disable_squidversion></disable_squidversion></dns_nameservers></disable_via></disable_xforward></icp_port></defined_ip_proxy_off_dest></defined_ip_proxy_off></private_subnet_proxy_off></transparent_proxy></config></squid> 
    	 <squidcache><config><harddisk_cache_size>0</harddisk_cache_size>
    			<harddisk_cache_system>aufs</harddisk_cache_system>
    			<harddisk_cache_location>/var/squid/cache</harddisk_cache_location>
    			<memory_cache_size>32</memory_cache_size>
    			<minimum_object_size>0</minimum_object_size>
    			<maximum_object_size>1024</maximum_object_size>
    			<level1_subdirs>16</level1_subdirs>
    			<memory_replacement_policy>heap LRU</memory_replacement_policy>
    			<cache_replacement_policy>heap LFUDA</cache_replacement_policy>
    			<cache_swap_low>90</cache_swap_low>
    			<cache_swap_high>95</cache_swap_high>
    			 <donotcache><enable_offline></enable_offline></donotcache></config></squidcache> 
    	 <squidnac><config><allowed_subnets><unrestricted_hosts><banned_hosts><whitelist><blacklist><ext_cachemanager></ext_cachemanager></blacklist></whitelist></banned_hosts></unrestricted_hosts></allowed_subnets></config></squidnac> 
    
    <menu>
    		<name>Cron</name>
    		<tooltiptext>cron settings.</tooltiptext>
    		Services
    		<configfile>cron.xml</configfile>
    		<url>/packages/cron/cron.php</url>
    	</menu>
    
    <menu>
    		<name>Proxy server</name>
    		<tooltiptext>Modify the proxy server's settings</tooltiptext>
    		Services
    		<url>/pkg_edit.php?xml=squid.xml&id=0</url>
    	</menu>
    
     <package><package><name>Cron</name>
    		 <website><category>Services</category>
    		 <pkginfolink><config_file>http://www.pfsense.com/packages/config/cron/cron.xml</config_file>
    		<depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
    		<version>0.1.5</version>
    		<status>Beta</status>
    		<required_version>1.2</required_version>
    		<maintainer>markjcrane@gmail.com</maintainer>
    		<configurationfile>cron.xml</configurationfile></pkginfolink></website></package> 
    	 <package><name>squid</name>
    
    		<website>http://www.squid-cache.org/</website>
    		<category>Network</category>
    		<version>2.7.9_4</version>
    		<status>Stable</status>
    		<required_version>2</required_version>
    		<maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>
    		<depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
    		<depends_on_package>squid-2.7.9.tbz</depends_on_package>
    		<depends_on_package>squid_radius_auth-1.10.tbz</depends_on_package>
    		<depends_on_package>libwww-5.4.0_4.tbz</depends_on_package>
    		<build_port_path>/usr/ports/www/squid</build_port_path>
    		<build_port_path>/usr/ports/www/squid_radius_auth</build_port_path>
    		<build_port_path>/usr/ports/www/libwww</build_port_path>
    		<build_options>WITH_SQUID_KERB_AUTH=true WITH_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITH_SQUID_SASL_AUTH=true WITH_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_CARP=true WITH_SQUID_SSL=true WITHOUT_SQUID_PINGER=true WITHOUT_SQUID_DNS_HELPER=true WITH_SQUID_HTCP=true WITH_SQUID_VIA_DB=true WITH_SQUID_CACHE_DIGESTS=true WITH_SQUID_WCCP=true WITHOUT_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true WITH_SQUID_IDENT=true WITH_SQUID_REFERER_LOG=true WITHOUT_SQUID_USERAGENT_LOG=true WITH_SQUID_ARP_ACL=true WITH_SQUID_PF=true WITHOUT_SQUID_IPFILTER=true WITH_SQUID_FOLLOW_XFF=true WITH_SQUID_AUFS=true WITH_SQUID_COSS=true WITH_SQUID_KQUEUE=true WITH_SQUID_LARGEFILE=true WITHOUT_SQUID_STACKTRACES=true</build_options>
    		<config_file>http://www.pfsense.org/packages/config/squid/squid.xml</config_file>
    		<configurationfile>squid.xml</configurationfile></package> 
    	 <service><name>cron</name>
    		<rcfile>cron.sh</rcfile>
    		<executable>cron</executable></service> 
    	 <service><name>squid</name>
    		<rcfile>squid.sh</rcfile>
    		<executable>squid</executable></service> 
    	 <squidguardlog><config><logtype>block_log</logtype></config></squidguardlog> 
    	 <squidtraffic><config><max_download_size>0</max_download_size>
    			<max_upload_size>0</max_upload_size>
    			<overall_throttling>0</overall_throttling>
    			<perhost_throttling>0</perhost_throttling>
    			<throttle_specific>on</throttle_specific>
    			 <throttle_binaries><throttle_cdimages><throttle_multimedia><throttle_others><quick_abort_min>0</quick_abort_min>
    			<quick_abort_max>0</quick_abort_max>
    			<quick_abort_pct>0</quick_abort_pct></throttle_others></throttle_multimedia></throttle_cdimages></throttle_binaries></config></squidtraffic> 
    	 <tab></tab></package></installedpackages> 
    
    

  • Rebel Alliance Developer Netgate

    You have "Throttle only specific extensions" checked but no extensions listed. Uncheck that, save, and then see if it starts.



  • I modify the /conf/config.xml set it to off,reboot the pfsense.
    It's not work it.


  • Rebel Alliance Developer Netgate

    Just delete the whole <squidtraffic>…</squidtraffic> section.



  • Hi,

    updated tomorrow to latest Snapshot Dec 9 13:xx x86.

    Removing package...
    	Starting package deletion for squid-2.7.9...done.
    	Starting package deletion for squid_radius_auth-1.10...done.
    	Starting package deletion for libwww-5.4.0_4...done.
    Removing squid components...
    	Tabs items... done.
    	Menu items... done.
    	Services... done.
    Loading package instructions...
    	Deinstall commands... done.
    	Removing package instructions...done.
    	Auxiliary files... done.
    	Package XML... done.
    	Configuration... done.
    Beginning package installation for squid...
    Downloading package configuration file... done.
    Saving updated package information... done.
    Downloading squid and its dependencies... 
    Checking for package installation... 
    libwww-5.4.0_4  (extracting)
    openssl-1.0.0_4 already installed.Loading package configuration... failed!
    
    Installation aborted.Removing package...
    	Starting package deletion for squid-2.7.9...done.
    	Starting package deletion for openssl-1.0...done.
    	Starting package deletion for cyrus-sasl-2.1...done.
    	Starting package deletion for openssl-1.0...done.
    	Starting package deletion for openldap-client-2.4...done.
    	Starting package deletion for openssl-1.0...done.
    	Starting package deletion for perl-5.10...done.
    	Starting package deletion for squid_radius_auth-1.10...done.
    	Starting package deletion for libwww-5.4.0_4...done.
    	Starting package deletion for openssl-1.0...done.
    Removing squid components...
    	Configuration... done.
    Failed to install package.
    
    All packages reinstalled.
    

    SQUID wasn't installed but lightsquid was when I look at System -> Packages. Internet connection works.

    After going to System - Packages and installing SQUID it should be installed ok.

    Installation of squid completed.
    Beginning package installation for squid...
    Downloading package configuration file... done.
    Saving updated package information... done.
    Downloading squid and its dependencies... 
    Checking for package installation... 
    libwww-5.4.0_4  (extracting)
    openssl-1.0.0_4 already installed.
    Loading package configuration... done.
    	Configuring package components...
    	Additional files... done.
    Loading package instructions...
    	Menu items... done.
    	Integrated Tab items... done.
    	Services... done.
    Custom commands...
    	Executing custom_php_install_command()...done.
    	Executing custom_php_resync_config_command()...done.
    Writing configuration... done.
    Starting service.
    
    Installation completed.   Please check to make sure that the package is configured from the respective menu then start the package.
    

    Now it is not possible from a Client to browse the internet, but I can do a ping to 8.8.8.8 AND I cand do a ping to www.google.com from Windows cmd.
    Further the pfSense is able to check for latest snapshot and tells me "You are on latest version"

    Just a short explaination:

    WAN1 –
                ---pfSense1 (LoadBalancing) ---- pfSense2 (SQUID, Lightsquid) ----- Clients
    WAN2 --/

    Ping from the clients to www.google.com or 8.8.8.8 works if SQUID is enabled or disabled.
    pfSense2 could get snapshot update information if SQUID is enabled or not
    Clients could go to webGUI of pfSense1 if SQUID is enabled or not
    Clients could ONLY browse the web, IF SQUID is NOT activated.

    Part of my syslog:

    12-10-2010	08:00:03	Cron.Info	pfsense2.localdomain	Dec 10 08:00:01 /usr/sbin/cron[54807]: (root) CMD (/usr/bin/nice -n20 newsyslog)
    12-10-2010	08:00:03	Cron.Info	pfsense2.localdomain	Dec 10 08:00:01 /usr/sbin/cron[54772]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout)
    12-10-2010	08:00:03	Cron.Info	pfsense2.localdomain	Dec 10 08:00:01 /usr/sbin/cron[54753]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot)
    12-10-2010	08:00:03	Cron.Info	pfsense2.localdomain	Dec 10 08:00:01 /usr/sbin/cron[54697]: (root) CMD (/usr/bin/perl /usr/local/www/lightsquid/lightparser.pl today)
    12-10-2010	08:00:02	Cron.Info	pfsense1.localdomain	Dec 10 08:00:00 /usr/sbin/cron[55187]: (root) CMD (/usr/bin/nice -n20 newsyslog)
    12-10-2010	08:00:02	Cron.Info	pfsense1.localdomain	Dec 10 08:00:00 /usr/sbin/cron[54969]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout)
    12-10-2010	08:00:02	Cron.Info	pfsense1.localdomain	Dec 10 08:00:00 /usr/sbin/cron[54801]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot)
    12-10-2010	07:55:36	User.Warning	pfsense2.localdomain	Dec 10 07:55:34 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
    12-10-2010	07:55:36	User.Warning	pfsense2.localdomain	Dec 10 07:55:34 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
    12-10-2010	07:55:36	User.Warning	pfsense2.localdomain	Dec 10 07:55:34 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:17: syntax error /tmp/rules.test.packages:18: syntax error' 
    12-10-2010	07:55:36	User.Warning	pfsense2.localdomain	Dec 10 07:55:34 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:17: syntax error /tmp/rules.test.packages:18: syntax error' 
    12-10-2010	07:55:36	User.Warning	pfsense2.localdomain	Dec 10 07:55:34 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
    12-10-2010	07:55:36	User.Warning	pfsense2.localdomain	Dec 10 07:55:34 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
    12-10-2010	07:55:36	User.Warning	pfsense2.localdomain	Dec 10 07:55:34 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:18: syntax error /tmp/rules.test.packages:19: syntax error' 
    12-10-2010	07:55:36	User.Warning	pfsense2.localdomain	Dec 10 07:55:34 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:18: syntax error /tmp/rules.test.packages:19: syntax error' 
    12-10-2010	07:55:35	User.Notice	pfsense2.localdomain	Dec 10 07:55:33 check_reload_status: reloading filter
    12-10-2010	07:55:35	User.Notice	pfsense2.localdomain	Dec 10 07:55:33 check_reload_status: reloading filter
    12-10-2010	07:55:35	User.Warning	pfsense2.localdomain	Dec 10 07:55:33 php: /pkg_edit.php: Reloading Squid for configuration sync
    12-10-2010	07:55:35	User.Warning	pfsense2.localdomain	Dec 10 07:55:33 php: /pkg_edit.php: Reloading Squid for configuration sync
    12-10-2010	07:54:54	User.Warning	pfsense2.localdomain	Dec 10 07:54:52 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
    12-10-2010	07:54:54	User.Warning	pfsense2.localdomain	Dec 10 07:54:52 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
    12-10-2010	07:54:54	User.Warning	pfsense2.localdomain	Dec 10 07:54:52 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:17: syntax error /tmp/rules.test.packages:18: syntax error' 
    12-10-2010	07:54:54	User.Warning	pfsense2.localdomain	Dec 10 07:54:52 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:17: syntax error /tmp/rules.test.packages:18: syntax error' 
    12-10-2010	07:54:53	User.Warning	pfsense2.localdomain	Dec 10 07:54:50 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
    12-10-2010	07:54:53	User.Warning	pfsense2.localdomain	Dec 10 07:54:50 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
    12-10-2010	07:54:52	User.Warning	pfsense2.localdomain	Dec 10 07:54:50 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:18: syntax error /tmp/rules.test.packages:19: syntax error' 
    12-10-2010	07:54:52	User.Warning	pfsense2.localdomain	Dec 10 07:54:50 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:18: syntax error /tmp/rules.test.packages:19: syntax error' 
    12-10-2010	07:54:50	User.Warning	pfsense2.localdomain	Dec 10 07:54:47 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
    12-10-2010	07:54:50	User.Warning	pfsense2.localdomain	Dec 10 07:54:47 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
    12-10-2010	07:54:50	User.Warning	pfsense2.localdomain	Dec 10 07:54:47 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:17: syntax error /tmp/rules.test.packages:18: syntax error' 
    12-10-2010	07:54:50	User.Warning	pfsense2.localdomain	Dec 10 07:54:47 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:17: syntax error /tmp/rules.test.packages:18: syntax error' 
    12-10-2010	07:54:48	User.Warning	pfsense2.localdomain	Dec 10 07:54:46 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
    12-10-2010	07:54:48	User.Warning	pfsense2.localdomain	Dec 10 07:54:46 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
    12-10-2010	07:54:48	User.Warning	pfsense2.localdomain	Dec 10 07:54:46 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:18: syntax error /tmp/rules.test.packages:19: syntax error' 
    12-10-2010	07:54:48	User.Warning	pfsense2.localdomain	Dec 10 07:54:46 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was '/tmp/rules.test.packages:18: syntax error /tmp/rules.test.packages:19: syntax error' 
    12-10-2010	07:54:34	User.Notice	pfsense2.localdomain	Dec 10 07:54:32 check_reload_status: reloading filter
    

    Hope this helps in a way…



  • I reinstall pfSense to
    2.0-BETA4 (i386)
    built on Wed Dec 8 14:27:51 EST 2010
    I installed package:Cron, Lightsquid, squid, squidGuard. It's working well.



  • Just for information:
    Still didn't work with Dec 10 00:14 i386.



  • Same here. I upgraded to build of 10th December and cannot connect to the Internet. Using Squid in transparent mode.

    Downgraded to build of 6th December everything works fine.

    Upgraded to build 8th December like dr85 said and works well - this appears to be the last good Pfsense build for Squid?

    I notice that on build 6 December my console looks normal.

    The first line says Welcome To Pfsense….......

    The last line says: Enter an option...

    On Build December 10 (which does not work for me) and build December 8 (which works for me) the console is broken.

    The first line says: syncing packages: squid....

    Then a few lines with more messages ending in: FreeBSD/i316..............

    Then the: Welcome To Pfsense.........

    The options 0 - 14 are spread out over two columns (instead of one column) and the last line is: Enter an option.....

    I have pfsense 2.0 beta on two boxes - one running December 8th build with broken console and the other December 6 build with good console. Both boxes working fine with Squid.

    @dr85:

    I reinstall pfSense to
    2.0-BETA4 (i386)
    built on Wed Dec 8 14:27:51 EST 2010
    I installed package:Cron, Lightsquid, squid, squidGuard. It's working well.



  • Further to my earlier post today, downgraded to Pfsense 2.0 beta build December 7th. Squid works fine but console broken as with build December 8th.

    Further downgraded to build December 6th and Squid and console are fine. Thus it appears Pfsense build December 6 is the last good build with Squid and Console working fine.

    We will stay with this build until someone else reports a fix.



  • I,ve just upgrade to 2.0-BETA4 (i386) built on Sat Dec 11 05:06:09 EST 2010, and it broke squid, previously squid was working perfectly with snapshot Dec 7.

    Regards
    Alfredo



  • Thanks for the heads up. We were tempted to try the Saturday Pfsense Dec 11 2.0 Beta build but as it is still broken will wait until another good soul reports success with a future build.

    @afrugone:

    I,ve just upgrade to 2.0-BETA4 (i386) built on Sat Dec 11 05:06:09 EST 2010, and it broke squid, previously squid was working perfectly with snapshot Dec 7.

    Regards
    Alfredo



  • Jimp - we tried that tactic today with December 11 build and no joy.

    Pfsense 2.0 Beta still broken with no access through Squid and broken console display.

    Downgraded to build December 6 and everything fine.

    @jimp:

    You have "Throttle only specific extensions" checked but no extensions listed. Uncheck that, save, and then see if it starts.


  • Rebel Alliance Developer Netgate

    It may be that a recently added kernel patch introduced this breakage but there isn't a quick way to know for sure. I don't want to back out the patch as a guess. If I have time tomorrow I might try a custom build without the patch to see if it makes a difference.



  • When checked "Transparent proxy"
    In cache.log

    
    2010/12/12 20:35:46| Reconfiguring Squid Cache (version 2.7.STABLE9)...
    2010/12/12 20:35:46| FD 22 Closing HTTP connection
    2010/12/12 20:35:46| FD 23 Closing HTTP connection
    2010/12/12 20:35:46| FD 24 Closing HTCP socket
    2010/12/12 20:35:46| FD 25 Closing SNMP socket
    2010/12/12 20:35:46| aioSync: flushing pending I/O operations
    2010/12/12 20:35:46| aioSync: done
    2010/12/12 20:35:46| logfileClose: closing log /var/squid/log/access.log
    2010/12/12 20:35:46| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
    2010/12/12 20:35:46| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
    2010/12/12 20:35:46| Initialising SSL.
    2010/12/12 20:35:46| logfileOpen: opening log /var/squid/log/access.log
    2010/12/12 20:35:46| Store logging disabled
    2010/12/12 20:35:46| Referer logging is disabled.
    2010/12/12 20:35:46| DNS Socket created at 0.0.0.0, port 29857, FD 14
    2010/12/12 20:35:46| Adding domain aschool from /etc/resolv.conf
    2010/12/12 20:35:46| Adding nameserver 172.16.0.1 from /etc/resolv.conf
    2010/12/12 20:35:46| Adding nameserver 172.16.0.2 from /etc/resolv.conf
    2010/12/12 20:35:46| helperOpenServers: Starting 3 'squidGuard' processes
    2010-12-12 20:35:46 [51629] (squidGuard): can't write to logfile /var/log/squidGuard.log
    2010-12-12 20:35:46 [51629] New setting: logdir: /var/squidGuard/log
    2010-12-12 20:35:46 [51629] New setting: dbhome: /var/db/squidGuard
    2010-12-12 20:35:46 [51629] init domainlist /var/db/squidGuard/flv_site/domains
    2010-12-12 20:35:46 [51629] loading dbfile /var/db/squidGuard/flv_site/domains.db
    2010-12-12 20:35:46 [51629] init expressionlist /var/db/squidGuard/flv_site/expressions
    2010-12-12 20:35:46 [51629] init domainlist /var/db/squidGuard/game/domains
    2010-12-12 20:35:46 [51629] loading dbfile /var/db/squidGuard/game/domains.db
    2010-12-12 20:35:46 [51629] init expressionlist /var/db/squidGuard/game/expressions
    2010-12-12 20:35:46 [51629] init domainlist /var/db/squidGuard/b_video/domains
    2010-12-12 20:35:46 [51629] loading dbfile /var/db/squidGuard/b_video/domains.db
    2010-12-12 20:35:46 [51629] init expressionlist /var/db/squidGuard/tb/expressions
    2010-12-12 20:35:46 [51629] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [51629] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [51629] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [51629] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [51629] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [51844] (squidGuard): can't write to logfile /var/log/squidGuard.log
    2010-12-12 20:35:46 [51844] New setting: logdir: /var/squidGuard/log
    2010-12-12 20:35:46 [51844] New setting: dbhome: /var/db/squidGuard
    2010-12-12 20:35:46 [51844] init domainlist /var/db/squidGuard/flv_site/domains
    2010-12-12 20:35:46 [51844] loading dbfile /var/db/squidGuard/flv_site/domains.db
    2010-12-12 20:35:46 [51844] init expressionlist /var/db/squidGuard/flv_site/expressions
    2010-12-12 20:35:46 [51844] init domainlist /var/db/squidGuard/game/domains
    2010-12-12 20:35:46 [51844] loading dbfile /var/db/squidGuard/game/domains.db
    2010-12-12 20:35:46 [51844] init expressionlist /var/db/squidGuard/game/expressions
    2010-12-12 20:35:46 [51844] init domainlist /var/db/squidGuard/b_video/domains
    2010-12-12 20:35:46 [51844] loading dbfile /var/db/squidGuard/b_video/domains.db
    2010-12-12 20:35:46 [51844] init expressionlist /var/db/squidGuard/tb/expressions
    2010-12-12 20:35:46 [51844] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [51844] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [51844] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [51844] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [51844] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [52057] (squidGuard): can't write to logfile /var/log/squidGuard.log
    2010-12-12 20:35:46 [52057] New setting: logdir: /var/squidGuard/log
    2010-12-12 20:35:46 [52057] New setting: dbhome: /var/db/squidGuard
    2010-12-12 20:35:46 [52057] init domainlist /var/db/squidGuard/flv_site/domains
    2010-12-12 20:35:46 [52057] loading dbfile /var/db/squidGuard/flv_site/domains.db
    2010-12-12 20:35:46 [52057] init expressionlist /var/db/squidGuard/flv_site/expressions
    2010-12-12 20:35:46 [52057] init domainlist /var/db/squidGuard/game/domains
    2010-12-12 20:35:46 [52057] loading dbfile /var/db/squidGuard/game/domains.db
    2010-12-12 20:35:46 [52057] init expressionlist /var/db/squidGuard/game/expressions
    2010-12-12 20:35:46 [52057] init domainlist /var/db/squidGuard/b_video/domains
    2010-12-12 20:35:46 [52057] loading dbfile /var/db/squidGuard/b_video/domains.db
    2010-12-12 20:35:46 [52057] init expressionlist /var/db/squidGuard/tb/expressions
    2010-12-12 20:35:46 [52057] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [52057] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [52057] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [52057] logfile not allowed in acl other than default
    2010-12-12 20:35:46 [52057] logfile not allowed in acl other than default
    2010/12/12 20:35:46| Accepting proxy HTTP connections at 192.168.0.1, port 3128, FD 22.
    2010/12/12 20:35:46| Accepting transparently proxied HTTP connections at 127.0.0.1, port 80, FD 23.
    2010/12/12 20:35:46| Accepting HTCP messages on port 4827, FD 24.
    2010/12/12 20:35:46| Accepting SNMP messages on port 3401, FD 25.
    2010/12/12 20:35:46| WCCP Disabled.
    2010/12/12 20:35:46| Loaded Icons.
    2010/12/12 20:35:46| Ready to serve requests.
    
    

  • Rebel Alliance Developer Netgate

    Does the proxy work if you hardcode a client to use it? Edit the proxy settings and point it at the interface IP of pfSense on its subnet, on port 3128.

    If that works, squid is probably fine, and there is an issue with the redirect. That's the problem I noticed on Friday and haven't yet found a fix for (admittedly I haven't had a lot of time to spend on it, however).


  • Rebel Alliance Developer Netgate

    Confirmed, it is that patch causing the issue:
    http://redmine.pfsense.org/issues/1096

    I built an amd64 update without that patch and after upgrading my VM to that image, squid+transparent mode works again.



  • When I edit the proxy settings and point it at the interface IP of pfSense on its subnet, on port 3128.
    Lan's computer can access web site.



  • Please post output of pfctl -vvsr
    netstat -aihf link



  • pfctl -vvsr

    
    @0 scrub in on em2 all fragment reassemble
      [ Evaluations: 253       Packets: 36        Bytes: 200         States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @1 scrub in on em0 all fragment reassemble
      [ Evaluations: 177       Packets: 80        Bytes: 1910        States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @2 scrub in on em1 all fragment reassemble
      [ Evaluations: 2         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @0 pass in quick on em0 inet proto tcp from any to 192.168.0.1 port = 8000 flags S/SA keep state (sloppy)
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @1 pass in quick on em0 inet proto tcp from any to 192.168.0.1 port = 8001 flags S/SA keep state (sloppy)
      [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @2 pass out quick on em0 inet proto tcp from 192.168.0.1 port = 8000 to any flags S/SA keep state (sloppy)
      [ Evaluations: 3         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @3 pass out quick on em0 inet proto tcp from 192.168.0.1 port = 8001 to any flags S/SA keep state (sloppy)
      [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @4 anchor "relayd/*" all
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @5 block drop in log all label "Default deny rule"
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @6 block drop out log all label "Default deny rule"
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @7 block drop in quick inet6 all
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @8 block drop out quick inet6 all
      [ Evaluations: 4         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @9 block drop quick proto tcp from any port = 0 to any
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @10 block drop quick proto tcp from any to any port = 0
      [ Evaluations: 3         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @11 block drop quick proto udp from any port = 0 to any
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @12 block drop quick proto udp from any to any port = 0
      [ Evaluations: 7         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @13 block drop quick from <snort2c:0>to any label "Block snort2c hosts"
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @14 block drop quick from any to <snort2c:0>label "Block snort2c hosts"
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @15 block drop in log quick proto tcp from <sshlockout:0>to any port = ssh label "sshlockout"
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @16 block drop in log quick proto tcp from <webconfiguratorlockout:0>to any port = 8080 label "webConfiguratorlockout"
      [ Evaluations: 3         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @17 block drop in quick from <virusprot:0>to any label "virusprot overload table"
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @18 block drop in on ! em2 inet from 172.17.1.140/30 to any
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @19 block drop in inet from 172.17.1.141 to any
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @20 block drop in on ! em0 inet from 192.168.0.0/23 to any
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @21 block drop in inet from 192.168.0.1 to any
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @22 block drop in on em2 inet6 from fe80::21b:21ff:fe17:2d67 to any
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @23 block drop in on em0 inet6 from fe80::21b:21ff:fe17:2d64 to any
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @24 pass in on em0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @25 pass in on em0 inet proto udp from any port = bootpc to 192.168.0.1 port = bootps keep state label "allow access to DHCP server"
      [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @26 pass out on em0 inet proto udp from 192.168.0.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
      [ Evaluations: 7         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @27 block drop in on ! em1 inet from 172.20.211.0/24 to any
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @28 block drop in inet from 172.20.211.254 to any
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @29 block drop in on em1 inet6 from fe80::21b:21ff:fe08:f738 to any
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @30 pass in on lo0 all flags S/SA keep state label "pass loopback"
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @31 pass out on lo0 all flags S/SA keep state label "pass loopback"
      [ Evaluations: 4         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @32 pass out all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @33 pass out route-to (em2 172.17.1.142) inet from 172.17.1.141 to ! 172.17.1.140/30 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
      [ Evaluations: 4         Packets: 8         Bytes: 1510        States: 4     ]
      [ Inserted: uid 0 pid 46236 ]
    @34 pass in quick on em0 proto tcp from any to (em0:2) port = 8080 flags S/SA keep state label "anti-lockout rule"
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @35 pass in quick on em0 proto tcp from any to (em0:2) port = ssh flags S/SA keep state label "anti-lockout rule"
      [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @36 pass in inet all flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" tagged PFREFLECT
      [ Evaluations: 10        Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @37 pass in log quick on em2 reply-to (em2 172.17.1.142) inet from <safeweb:21>to 192.168.0.0/23 flags S/SA keep state label "USER_RULE: SafeWeb in"
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @38 pass in log quick on em2 reply-to (em2 172.17.1.142) inet from any to <remote:13>flags S/SA keep state label "USER_RULE: any2 remote"
      [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @39 block drop in log quick on em2 reply-to (em2 172.17.1.142) inet from any to <block_lan:4>label "USER_RULE: block any2 block_lan"
      [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @40 pass in log quick on em2 reply-to (em2 172.17.1.142) inet proto tcp from any to <web:1>port = http flags S/SA keep state label "USER_RULE: Web"
      [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @41 pass in log quick on em2 reply-to (em2 172.17.1.142) inet proto tcp from any to 192.168.1.2 port = hosts2-ns flags S/SA keep state label "USER_RULE: NAT "
      [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @42 block drop in log quick on em2 reply-to (em2 172.17.1.142) inet all label "USER_RULE: block wan 2 any"
      [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @43 pass in log quick on em1 all flags S/SA keep state label "USER_RULE: DMZ-> any"
      [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @44 pass in log quick on em0 from <remote:13>to any flags S/SA keep state label "USER_RULE: remote 2 any"
      [ Evaluations: 6         Packets: 19        Bytes: 1535        States: 5     ]
      [ Inserted: uid 0 pid 46236 ]
    @45 block drop in log quick on em0 from <block_lan:4>to any label "USER_RULE: block_lan 2 any"
      [ Evaluations: 1         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @46 block drop in log quick on em0 from any to <block_wan:45>label "USER_RULE: LAN 2 block Web"
      [ Evaluations: 1         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @47 block drop in log quick on em0 from any to <flv_site:29>label "USER_RULE: LAN 2 block flv Web"
      [ Evaluations: 1         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @48 pass in log quick on em0 inet from 192.168.0.0/23 to <safeweb:21>flags S/SA keep state label "USER_RULE: LAN 2 Safe Web"
      [ Evaluations: 1         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @49 pass in log quick on em0 inet proto udp from any to 192.168.0.1 port = domain keep state label "USER_RULE: NAT "
      [ Evaluations: 1         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @50 pass in log quick on em0 inet proto tcp from 192.168.0.0/23 to any port = http flags S/SA keep state label "USER_RULE: HTTP"
      [ Evaluations: 1         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @51 pass in log quick on em0 inet proto tcp from 192.168.0.0/23 to any port = https flags S/SA keep state label "USER_RULE: HTTPS"
      [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @52 pass in log quick on em0 proto tcp from <yey:3>to <yeyoa:1>port = 8008 flags S/SA keep state label "USER_RULE: yey OA"
      [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @53 block drop in quick on em0 all label "USER_RULE: block LAN 2 any"
      [ Evaluations: 1         Packets: 1         Bytes: 33          States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @54 anchor "tftp-proxy/*" all
      [ Evaluations: 4         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @55 anchor "miniupnpd" all
      [ Evaluations: 4         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @56 pass in quick on em0 proto tcp from any to ! (em0:2) port = http flags S/SA keep state
      [ Evaluations: 4         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]
    @57 pass in quick on em0 proto tcp from any to ! (em0:2) port = 3128 flags S/SA keep state
      [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
      [ Inserted: uid 0 pid 46236 ]</yeyoa:1></yey:3></safeweb:21></flv_site:29></block_wan:45></block_lan:4></remote:13></web:1></block_lan:4></remote:13></safeweb:21></virusprot:0></webconfiguratorlockout:0></sshlockout:0></snort2c:0></snort2c:0> 
    

    netstat -aihf link

    
    Name               Mtu Network       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
    em0               1500 <link#1>00:1b:21:17:3e:96      35K     0     0      49K     0     0
                              33:33:18:61:20:ce     5231              4
                              33:33:00:00:00:01     5231              4
                              33:33:ff:17:2d:64     5231              4
                              01:00:5e:00:00:01     5231              4
    em1               1500 <link#2>00:1b:21:48:c7:e8      52K     0     0      32K     0     0
                              33:33:18:61:20:ce      135              3
                              33:33:00:00:00:01      135              3
                              33:33:ff:08:f7:38      135              3
                              01:00:5e:00:00:01      135              3
    em2               1500 <link#3>00:1b:21:47:3e:57      74K     0     0      86K     0     0
                              33:33:18:61:20:ce        0              3
                              33:33:00:00:00:01        0              3
                              33:33:ff:17:2d:67        0              3
                              01:00:5e:00:00:01        0              3
    pflog0*          33128 <link#4>0     0     0     3.9K     0     0
    enc0*             1536 <link#5>0     0     0        0     0     0
    lo0              16384 <link#6>97     0     0       97     0     0
    pfsync0*          1460 <link#7>0     0     0        0     0     0
    ipfw0            65536 <link#8>0     0     0        0     0     0</link#8></link#7></link#6></link#5></link#4></link#3></link#2></link#1> 
    


  • Thank you Jimp for confirming this bug.

    Would appreciate a note in the forums when it has been squashed as we are stuck on December 6 build.

    @jimp:

    Confirmed, it is that patch causing the issue:
    http://redmine.pfsense.org/issues/1096

    I built an amd64 update without that patch and after upgrading my VM to that image, squid+transparent mode works again.


  • Rebel Alliance Developer Netgate

    If you want to confirm it for yourself, you could try either one of these updates that I built without the patch in question.

    amd64 - http://pingle.org/files/pfSense-Full-Update-2.0-BETA4-20101212-2328.tgz

    i386 - http://pingle.org/files/pfSense-Full-Update-2.0-BETA4-20101214-1319.tgz

    Use at your own risk, YMMV, etc. :-)



  • Did that test with the i386-image:

    First updated via the "normal" update to snap from Dec, 14. Enabled squid transparent and tried to surf to a site: Nothing except a timeout. Disabled sq2uid transparent, site loads.

    ok.

    Now installed your snap from post above and enabled squid transparent. Site loads fine.  (tested with another site to eliminate caches.)

    Its definitly the change which causes that malfunction of squid.



  • I try to update with the file :  386 - http://pingle.org/files/pfSense-Full-Update-2.0-BETA4-20101214-1319.tgz

    But the squid with transparent enable browsing can not run normally.
    and disable transparent when browsing can work well ..

    So, where is his fault?

    :o



  • reply #6, page 1 explains the thing…



  • Thanks you
    and Thank jimp, on page 1 says checks, allow interface

    :)


Locked