Squid Returned to Packages *** PLEASE TEST ***
-
well after the rc.d file is removed, squid still starts, and the errors for the most part disappear, I think its because it starts once, then it tries to start again, but it can't bind because those ports are already in use by the previous instance of squid.
-
Did you install squid from the command line, or did you use pfSense's package manager (latest version)? I didn't encounter the problem that you are seeing even when using the same versions. Have you tried resinstalling everything from scratch? As long as you save your config first, maybe that would be the fastest way to resolve your issue?
-
The rc.d problem was fixed in a recent snapshot. Make sure your running something recent.
-
The last attempt for me was on 1.0.1-SNAPSHOT-12-28-2006, latest squid package availble on the package manager. I will try a scratch install again though and see if that fixes it.
Did you install squid from the command line, or did you use pfSense's package manager (latest version)? I didn't encounter the problem that you are seeing even when using the same versions. Have you tried resinstalling everything from scratch? As long as you save your config first, maybe that would be the fastest way to resolve your issue?
Are you running squid in transparent mode?
-
Install a version from http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ to test with.
-
I just tested it, I already had download the snapshot ;) I've been keeping up on my reading. I got it from the above address under updates and pfSense-Full-Update-1.0.1-SNAPSHOT-12-28-2006.tgz. I got the same result (unless the image has been changed within the last 45 min), I'm going to switch back and work with it a little more. Here is what I did so far. I installed the 1.0.1 release, then I uploaded the newest snapshot (12-28), changed my webgui to 443 (https), installed squid from the package manager, turned on transparent mode.
I'll give you an update after I look at it a little more.
-
I just tested it, I already had download the snapshot ;) I've been keeping up on my reading. I got it from the above address under updates and pfSense-Full-Update-1.0.1-SNAPSHOT-12-28-2006.tgz. I got the same result (unless the image has been changed within the last 45 min), I'm going to switch back and work with it a little more. Here is what I did so far. I installed the 1.0.1 release, then I uploaded the newest snapshot (12-28), changed my webgui to 443 (https), installed squid from the package manager, turned on transparent mode.
I'll give you an update after I look at it a little more.
You are right on. Then there is some other issue lurking. BTW: Those snapshots rebuild every hour, but no changes have been made. You can check cvstrac for changes, then 45-60 minutes later you will have an updated snapshot that can be tested.
-
Added to the steps in my previous post I added DNS servers to the general settings. The messages I was recieving in prior posts still persists with the stock install with transparent mode running.
-
Ya that is a weird one… I am also now using pfSense 1.0.1-SNAPSHOT-12-28-2006 and squid 2.6.5_1-p6 and yes I am running in transparent mode, but I tried it both ways and it still works for me:
Transparent:
2007/01/05 02:35:33| Loaded Icons.
2007/01/05 02:35:33| Accepting transparently proxied HTTP connections at 127.0.0.1, port 80, FD 12.
2007/01/05 02:35:33| Accepting proxy HTTP connections at 192.168.1.33, port 3128, FD 13.
2007/01/05 02:35:33| WCCP Disabled.
2007/01/05 02:35:33| Ready to serve requests.Transparent off:
2007/01/06 02:40:19| Loaded Icons.
2007/01/06 02:40:19| Accepting proxy HTTP connections at 192.168.1.33, port 3128, FD 12.
2007/01/06 02:40:19| WCCP Disabled.
2007/01/06 02:40:19| Ready to serve requests.Did you use the .iso image to install pfSense from scratch or are you installing it on an existing FreeBSD rig?
-
I have my webgui on HTTPS, and put the proxy port on 80. I have a couple sites on the blacklist and they still come up. When I take it out of transparent proxy and enable proxy in my web browser I can't get to HTTPS websites unless I put them in my whitelist but I still can access sites in my blacklist. 1.0.1-SNAPSHOT-07-01-2007 is what I am running. Is there something that I am missing here or is this just broke still?
-
There have been no changes since p6. That is, I have not had time to troublshoot the acls since then.
-
squid acls is still not working for now so the black list and whitelist should be not working for now. 1 more point on my system the squid start up is still buggy. it starts squid 2 times. and thus wont be able to auto start when pfsense boot. i need to click save on the webgui of pfsense for squid to make it run. i'll try to look into the problem later when i have time
-
Ya that is a weird one… I am also now using pfSense 1.0.1-SNAPSHOT-12-28-2006 and squid 2.6.5_1-p6 and yes I am running in transparent mode, but I tried it both ways and it still works for me:
Transparent:
2007/01/05 02:35:33| Loaded Icons.
2007/01/05 02:35:33| Accepting transparently proxied HTTP connections at 127.0.0.1, port 80, FD 12.
2007/01/05 02:35:33| Accepting proxy HTTP connections at 192.168.1.33, port 3128, FD 13.
2007/01/05 02:35:33| WCCP Disabled.
2007/01/05 02:35:33| Ready to serve requests.Transparent off:
2007/01/06 02:40:19| Loaded Icons.
2007/01/06 02:40:19| Accepting proxy HTTP connections at 192.168.1.33, port 3128, FD 12.
2007/01/06 02:40:19| WCCP Disabled.
2007/01/06 02:40:19| Ready to serve requests.Did you use the .iso image to install pfSense from scratch or are you installing it on an existing FreeBSD rig?
Thanks for the update bender, the install comes from the 1.0.1 release iso. I will work with it more, it sounds like some other people are having a problem with it while others are not. If I find out anything new I'll post an update.
-
Afaik you have to use something newer than 1.0.1 release for squid to work correctly. Please update to a recent snapshot from http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ and test again.
-
My snapshot at the time of the previous posts was 12-28, however bender wanted to know what my base load was from, that being the 1.0.1 release version and then I upgraded to the snapshot via the firmware upgrade…
-
Since the squid.sh is used by the start, stop and restart service I will not remove that one.
What I have done instead is implement a delay in the proxy monitor script to wait 5 seconds after launhing to trigger a squid start or not.
This is reflected as version p7. I have also moved the proxy start script after our attempt to start it.
-
Enter version p8.
This should have working blacklist support.
MAC acls are removed since they do not work with 2.6Please Test.
-
So does Squid not actually work, or is it only partially working. Sorry for the newb question, but I cannot get the service to start at all. Even after a few installs/reinstalls. Here's what my log keeps displaying:
Jan 10 00:56:28 last message repeated 3 times
Jan 10 00:56:23 php: : SQUID is installed but not started. Not installing redirect rules.
Jan 10 00:56:20 check_reload_status: reloading filter
Jan 10 00:56:15 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:15 php: /pkg_mgr_install.php: Starting Squid
Jan 10 00:56:15 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:15 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:14 check_reload_status: reloading filter
Jan 10 00:56:10 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:09 php: /pkg_mgr_install.php: Creating squid cache subdirs in /var/squid/cache
Jan 10 00:56:09 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:09 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:09 php: /pkg_mgr_install.php: Reloading Squid for configuration sync
Jan 10 00:56:08 squid: Bungled squid.conf line 60: http_access allow unrestricted_hosts
Jan 10 00:56:08 Squid_Alarm[1469]: Attempting restart…
Jan 10 00:56:08 Squid_Alarm[1467]: Squid has exited. Reconfiguring filter -
I must have fumbled that.
If you remove entries from unrestricted hosts. Does it work then?
-
I just tested this and it works for me.
Does you command output look anything like this?
# grep unrestricted /usr/local/etc/squid/squid.conf acl unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl" delay_access 1 deny unrestricted_hosts http_access allow unrestricted_hosts # more "/var/squid/acl/unrestricted_hosts.acl" 10.0.8.19 #You have a inputted the the hosts as IP addresses and comma seperated, yes?