Squid Returned to Packages *** PLEASE TEST ***
-
and p14 which might actually migrate the config correctly.
-
When i did the upgrade to P10, i selected to reinstall the whole package. it ran at first and had automatically deleted entries in the allowed subnets and whitelist field but was blocking pages i told it too. as soon as i deleted the entries in the other fields that were still dummy information, it stopped working. replacing the data had no effect and it went down hill from there. I'll fully delete and install the latest version tonight to see how it does.
I'll say this, when i can get it to read the config file right, it DOES work though so keep up the good work of sorting out the bugs. This is one of the packages that almost everyone is looking forward to be finalized.
the www. and ftp.blockeddomain.com were just example subdomains that jumped to mind. I wasnt refering to handling FTP traffic thru squid
-
And have you put in a log location field?
e.g. /var/squid/log ?Yes. I am using p14. Now one error exists:You can not run squid on the same port as the webgui.
And
Jan 17 18:48:01 kernel: pid 60080 (squid), uid 0: exited on signal 6 (core dumped)
Jan 17 18:48:01 squid: No port definedin system logs…
-
move your GUI to a different port. that issue has been around for a while and is pretty easily rectified.
-
I have a hunch. If you enable transparent mode, does it still complain then?
Note: if squid is not running, no filter rules will be installed that redirect the traffic.
-
woo woo - nice work databeestje - we are getting there :)
Testing using pfSense 1.0.1-SNAPSHOT-12-28-2006 and squid 2.6.5_1-p14 running in transparent mode - I did a bare metal reinstall of everything just to be sure.
…my squid.conf line 17 now unexpectedly reads:
Allow local network(s) on interface(s)
This is fixed :)
2007/01/11 04:01:44| ACL name 'whitelist' not defined!
FATAL: Bungled squid.conf line 65: http_access allow whitelistThis is fixed :) Blank entries now work in all sections
Blacklists now work nicely - including wildcards such as "google.com" or "ru" (no offence Russia!)
Hooray :)
Whitelists don't work for me, but I think that the fix is an easy one:
The following lines always appear in my squid.conf: (near the bottom)
Allow local network(s) on interface(s)
http_access allow localnet
These lines should be there when there is no whitelist, but I suspect that these lines should be deleted when a whitelist exists? Otherwise this rule seems to allow access to any url, even those that haven't been specified in the whitelist. If I manually comment out this line, then whitelists seem to work perfectly - i.e. users can only browse those sites specified in the whitelist as expected.
Sorry for all the smilies, but /me is happy today ;D
-
Verified. When you do not enable transparent mode it cores …. ::)
-
When you disable "allow traffic from interface" this alias goes away and would then rely on the whitelist.
At least the last time I tested this.
-
no transparent mode core dump fixed
-
Even with 2.6.5_1-p14 I get:
Jan 17 17:05:02 kernel: pid 2146 (squid), uid 0: exited on signal 6 (core dumped)
Jan 17 17:05:02 squid: No port defined
Jan 17 17:04:47 php: : SQUID is installed but not started. Not installing redirect rules.The service is marked as stopped.
My WebGUI port ist HTTPs on 445 and squid is set to 3128. Not likely they interfere.
What else can I watch out for? -
Squid p15 started!!!
-
When you disable "allow traffic from interface" this alias goes away and would then rely on the whitelist.
Okay, when I uncheck: "Allow users on interface" on the General settings tab, the:
Allow local network(s) on interface(s)
http_access allow localnet
entries do get removed from squid.conf as you thought.
At that point however, my whitelists and blacklists stop working altogether for some reason. What .conf files get updated when that setting is unchecked? I have compared squid.conf before and after, and all the other settings seems to be the same.
I also tried adding my subnet info in the: "Allowed subnets" section on the "Access control" tab - acls still don't work
-
When you disable "allow traffic from interface" this alias goes away and would then rely on the whitelist.
Okay, when I uncheck: "Allow users on interface" on the General settings tab, the:
Allow local network(s) on interface(s)
http_access allow localnet
entries do get removed from squid.conf as you thought.
At that point however, my whitelists and blacklists stop working altogether for some reason. What .conf files get updated when that setting is unchecked? I have compared squid.conf before and after, and all the other settings seems to be the same.
I also tried adding my subnet info in the: "Allowed subnets" section on the "Access control" tab - acls still don't work
thats the same problem i was having earlier. it seems to not rehash the missing value when you turn the "Allow User on Interface" option back on. should be easy enough to fix.
-
Hi all. I'm new to the forum and relatevely new to pfSense too.
I'm using pfSense since few months but I think it's a very great firewall: stable, full of features, very well implemented.
I installed the 2.6.5_1-p15 version of squid package on 1.0.1 release and it seems to work for me.
I configured it to act as a transparent proxy./usr/local/sbin/squid status
2007/01/17 18:39:20| Squid is already running! Process ID 11629/var/squid/log/access.log and /var/squid/log/cache.log are populated.
I'm writing here because I don't understand if there is a way to view squid access logs in the webConfigurator.
I don't see anything in packages logs. Have you planned to implement this feature?I think I'll try to send access.log to a remote syslog server where to run a log analyzer as SARG.
Thanks you very much for all your great work.
-
@ jahonix
What version of pfSense are you running? Please be sure to be running a version beyond 1.0.1. You must be using a snapshot of some kind or else squid will not start. http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ If the update doesn't help, wipe the machine clean and start with a full iso clean install.
-
I have to debug the "whitelist access only" to see why it doesn't work. The only important part with the acls is the ordering. and allowed_subnets and localnet are last in the queue. I have no idea on this one yet.
With regards to access to the logs, none of that is currently implemented. Access to the cache.log is not such a problem. Since that one is small and for debugging purposes only. The access log however needs something akin to sarge or webalizer for generating anything usefull.
Syslog would be a workaround. Although by far the easiest way to move the logs around. Although this would be a bad idea on a larger installation.
-
@ jahonix
What version of pfSense are you running?1.0.1-SNAPSHOT-01-13-2007
built on Sun Jan 14 15:07:53 EST 2007 -
Thanks, databeestje, we have a working squid now. p15 finally did it.
-
well, here it still dumps, but no more at startup. no matter whether transparent or not.
i'm running 1.0.1-SNAPSHOT-01-13-2007 and just download the next one. squid is p15.squid starts without problems but dumps at any access.
another thing: when i disable 'allow on interface' but include the interface's ip-subnet to the allowed subnets it denies me access (and no dump!).
so, the download is ready, i'll post again after update.
edit:
now i'm running 1.0.1-SNAPSHOT-01-19-2007 and it still is the same, core dump at access.
sure there are no dependencies that need updates? -
better check if the acl(s) you use are in the new line by line format.
so no , in there.
