Squid Returned to Packages *** PLEASE TEST ***
-
I know 'wildcards' worked in p9. I was able to enter google.com in the blacklist and was unable reach any destination at google (i.e. mail.google.com, maps.google.com, etc.) I tried others that I knew had many subdomains and got the same result. That said, true wildcards were not working as they used to. You can not enter an * in the blacklist and only allow the whitelist. Haven't had a chance to try out p10.
As far as ftp goes, I believe Squid is an HTTP proxy only. Things like ftp.host.com (i assume you meant the ftp protocol) would circumvent any sort of blacklisting that was actually working. I too would like something that could block traffic on all protocols (i.e. external proxies, remote desktop, ftp, etc.) but for now I think our only option is Squid or the captive portal (which has other limitations).
-
Then it's not p10 you are running.
I have tested this on 3 different machines, and I have just reinstalled the package from the package screen. And on all of those I see no core dumps and it works with empty fields.
Are you using reinstall xml gui components or reinstall package? Since there are 2 icons to choose from.
I use the former. If you deinstall the package and then install it again that works all the same.
No need to remove packages from the CLI. I have not required it.With regards to the blacklisting I employ a dstdomain match. so .domain.com would match all subdomains of domain.com. So no * is required. we are using dstdom regex matching for the black and whitelist.
Mikhail:
If the general settings page barks at you that you need to configure a setting. CONFIGURE A SETTING.
It's there for a reason and I really don't care that you think that you don't need it. -
If the general settings page barks at you that you need to configure a setting. CONFIGURE A SETTING.
OK, please help me out here.
Which setting is required when the log says:kernel: pid 93017 (squid), uid 0: exited on signal 6 (core dumped)
squid: No port definedThe only port I can imagine is the proxy port and that one is set to 3128.
Transparent mode is disabled currently since squid doesn't start and this would be quite … unproductive ;-)
What else can I do?Thanks for your input!
-
I just installed v.11 - it still does't work… again problems with general settings page :'(
-
And have you put in a log location field?
e.g. /var/squid/log ? -
If the general settings page complains even after providing all required fields I can troubleshoot this.
I have just committed version p13. Warning, the config format for a number of fields has changed. They should be migrated automatically. If they are not, try reinstalling the package again. When I tested this I needed 2 attempts after which it succesfully migrated the fields.
-
and p14 which might actually migrate the config correctly.
-
When i did the upgrade to P10, i selected to reinstall the whole package. it ran at first and had automatically deleted entries in the allowed subnets and whitelist field but was blocking pages i told it too. as soon as i deleted the entries in the other fields that were still dummy information, it stopped working. replacing the data had no effect and it went down hill from there. I'll fully delete and install the latest version tonight to see how it does.
I'll say this, when i can get it to read the config file right, it DOES work though so keep up the good work of sorting out the bugs. This is one of the packages that almost everyone is looking forward to be finalized.
the www. and ftp.blockeddomain.com were just example subdomains that jumped to mind. I wasnt refering to handling FTP traffic thru squid
-
And have you put in a log location field?
e.g. /var/squid/log ?Yes. I am using p14. Now one error exists:You can not run squid on the same port as the webgui.
And
Jan 17 18:48:01 kernel: pid 60080 (squid), uid 0: exited on signal 6 (core dumped)
Jan 17 18:48:01 squid: No port definedin system logs…
-
move your GUI to a different port. that issue has been around for a while and is pretty easily rectified.
-
I have a hunch. If you enable transparent mode, does it still complain then?
Note: if squid is not running, no filter rules will be installed that redirect the traffic.
-
woo woo - nice work databeestje - we are getting there :)
Testing using pfSense 1.0.1-SNAPSHOT-12-28-2006 and squid 2.6.5_1-p14 running in transparent mode - I did a bare metal reinstall of everything just to be sure.
…my squid.conf line 17 now unexpectedly reads:
Allow local network(s) on interface(s)
This is fixed :)
2007/01/11 04:01:44| ACL name 'whitelist' not defined!
FATAL: Bungled squid.conf line 65: http_access allow whitelistThis is fixed :) Blank entries now work in all sections
Blacklists now work nicely - including wildcards such as "google.com" or "ru" (no offence Russia!)
Hooray :)
Whitelists don't work for me, but I think that the fix is an easy one:
The following lines always appear in my squid.conf: (near the bottom)
Allow local network(s) on interface(s)
http_access allow localnet
These lines should be there when there is no whitelist, but I suspect that these lines should be deleted when a whitelist exists? Otherwise this rule seems to allow access to any url, even those that haven't been specified in the whitelist. If I manually comment out this line, then whitelists seem to work perfectly - i.e. users can only browse those sites specified in the whitelist as expected.
Sorry for all the smilies, but /me is happy today ;D
-
Verified. When you do not enable transparent mode it cores …. ::)
-
When you disable "allow traffic from interface" this alias goes away and would then rely on the whitelist.
At least the last time I tested this.
-
no transparent mode core dump fixed
-
Even with 2.6.5_1-p14 I get:
Jan 17 17:05:02 kernel: pid 2146 (squid), uid 0: exited on signal 6 (core dumped)
Jan 17 17:05:02 squid: No port defined
Jan 17 17:04:47 php: : SQUID is installed but not started. Not installing redirect rules.The service is marked as stopped.
My WebGUI port ist HTTPs on 445 and squid is set to 3128. Not likely they interfere.
What else can I watch out for? -
Squid p15 started!!!
-
When you disable "allow traffic from interface" this alias goes away and would then rely on the whitelist.
Okay, when I uncheck: "Allow users on interface" on the General settings tab, the:
Allow local network(s) on interface(s)
http_access allow localnet
entries do get removed from squid.conf as you thought.
At that point however, my whitelists and blacklists stop working altogether for some reason. What .conf files get updated when that setting is unchecked? I have compared squid.conf before and after, and all the other settings seems to be the same.
I also tried adding my subnet info in the: "Allowed subnets" section on the "Access control" tab - acls still don't work
-
When you disable "allow traffic from interface" this alias goes away and would then rely on the whitelist.
Okay, when I uncheck: "Allow users on interface" on the General settings tab, the:
Allow local network(s) on interface(s)
http_access allow localnet
entries do get removed from squid.conf as you thought.
At that point however, my whitelists and blacklists stop working altogether for some reason. What .conf files get updated when that setting is unchecked? I have compared squid.conf before and after, and all the other settings seems to be the same.
I also tried adding my subnet info in the: "Allowed subnets" section on the "Access control" tab - acls still don't work
thats the same problem i was having earlier. it seems to not rehash the missing value when you turn the "Allow User on Interface" option back on. should be easy enough to fix.
-
Hi all. I'm new to the forum and relatevely new to pfSense too.
I'm using pfSense since few months but I think it's a very great firewall: stable, full of features, very well implemented.
I installed the 2.6.5_1-p15 version of squid package on 1.0.1 release and it seems to work for me.
I configured it to act as a transparent proxy./usr/local/sbin/squid status
2007/01/17 18:39:20| Squid is already running! Process ID 11629/var/squid/log/access.log and /var/squid/log/cache.log are populated.
I'm writing here because I don't understand if there is a way to view squid access logs in the webConfigurator.
I don't see anything in packages logs. Have you planned to implement this feature?I think I'll try to send access.log to a remote syslog server where to run a log analyzer as SARG.
Thanks you very much for all your great work.
