Squid Returned to Packages *** PLEASE TEST ***
-
I have an update, again…
I have changed some routing stuff, so that in transparent mode both the webgui and squid can run on port 80.
In normal mode (non transparent) you can't run them on the same port, because in that case the browser sends the packages to pfsense's ip...Ok here the updates...
Delete
if (($post['transparent_proxy'] == 'on')) { $port = 80; } else { $port = trim($post['proxy_port']); }change
if ($port == $webgui_port) {in
if (($post['transparent_proxy'] != 'on') && ($port == $webgui_port)) {then change
$conf .= "http_port {$real_ifaces[$i][0]}"; if (($settings['transparent_proxy'] == 'on')) { $conf .= ":80 transparent\n"; } else { $conf .= ":$port\n"; }in
if (($settings['transparent_proxy'] == 'on')) { $conf .= "http_port 127.0.0.1:80 transparent\n"; } else { $conf .= "http_port {$real_ifaces[$i][0]}:$port\n"; }and finally
change$rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> ($iface) port 80\n";in
$rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n"; -
I compiled a complete new squid to be sure it was not an option why the blacklist wouldn't work, but that sisn't help, so I think it's not that squid doesn't support acl, I know it did block the windows update site allready, but I wanted to be sure…
-
attaching to 127.0.0.1 seems like a good idea.
I'll change that.
-
might have to resort to the old Desk-Check method and do a manual trace thru the code to see if the logical flow of commands surrounding the blacklist makes sense. It can be extremely time consuming but it helps to pinpoint where the problems may be.
-
well, put the deny all acl on top and see if that works :-)
-
I upgraded package squid-2.5.14_2 to 2.6.5
Squid began to issue error:./restart_squid.sh
Restarting Squid whith config
2006/12/22 19:50:54| aclParseAclLine: Invalid ACL type 'snmp_community'
FATAL: Bungled squid.conf line 83: acl snmppublic snmp_community public
Squid Cache (Version 2.6.STABLE5): Terminated abnormally.
CompleteHow make on install –enable-snmp ???
Sergu
-
STOP INSTALLING THE PACKAGE FROM THE SHELL/CLI/CONSOLE.
reinstall the package from the webgui. Click System -> Packages -> Installed Packages -> reinstall package Icon.
-
Hmmm, here with my system it won't install at all…
That's what it tells me:_Downloading package configuration file… done.
Saving updated package information... done.
Downloading squid and its dependencies... done.
Checking for successful package installation... failed!Installation aborted._
-
Hmmm, here with my system it won't install at all…
That's what it tells me:_Downloading package configuration file… done.
Saving updated package information... done.
Downloading squid and its dependencies... done.
Checking for successful package installation... failed!Installation aborted._
May be previous version of squeed don't deinstall correctly?
Check this can in -
Command Prompt: pkg_info- deinstall squid
- run pkg_info - squid package exists?
- if present need deinstall them: pkg_delete squid-2.5.-next number–
after need install squid package again.
-
No, it's not that, I already tried…
I also use the latest snapshot 21-12in which package does the ldap client come along ?
might be that one ? -
save the config, reinstall your box. Then reinstall squid.
It only takes 10 minutes and you can run from livecd with the config on a usb stick whil you are installing.
Just put you existing config on a stick in the conf/ subdirectory named config.xml.After rebooting the newly installed system will allready have the correct config.
-
nice to see that squid is back.The problem is that is not working like before.I wanna use a transparent proxy as my gateway but it cannot be used like that because of an error that says that cannot run in the same mode like webgui.Wich is the protocol for the webgui?I`ve tried a lot of ports but still nothing
-
Change the port the webConfigurator is running on.
-
When I disable the checkbox log location and leave the field for the log location empty, I cannot save because it wants me to enter a location, even if i won't use it, so perhaps you should disable the check for the dir when the checkbox is disabled…
-
One more bugfix in squid.inc, string 352.
Original:foreach (explode(trim($post['msnt_secondary'])) as $server) {must be changed on:
foreach (explode(',', trim($post['msnt_secondary'])) as $server) { -
Thanks, commited!
-
So enter a log location anyways. It's required.
-
Using p5.
On line 915 of squid.inc a reference is made to $port:
$rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n";I have a port defined, however, at this point in the script the $port variable has nothing assigned to it so I get a bad rule. My fix was just to comment that line out as I'm only using transparent proxy.
-
Using p5.
On line 915 of squid.inc a reference is made to $port:
$rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n";I have a port defined, however, at this point in the script the $port variable has nothing assigned to it so I get a bad rule. My fix was just to comment that line out as I'm only using transparent proxy.
You are not running the latest squid package. There are only 863 lines in squid.inc on the latest and the pass rules do not look anything like that…
-
looks like we're back to:
stopping /usr/local/etc/rc.d/proxy_monitor.sh…
again.
just installed squid and used transparent proxy.