Squidguard



  • On current version - 2.0-BETA5 (i386)
    built on Sat Jan 29 23:42:13 EST 2011

    Noticed that on the upgrade it also "synced" squidguard to their latest version - 1.4_2 pkg v.1.7 - and the button to upload the latest blacklist has vanished - is this a squidguard or a pfsense issue?

    A few stange entries in the log when restarting

    Jan 31 08:45:05 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Jan 31 08:45:05 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Jan 31 08:45:05 sshlockout[3675]: sshlockout/webConfigurator v3.0 starting up
    Jan 31 08:45:05 sasldblistusers2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Jan 31 08:45:05 sasldblistusers2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Jan 31 08:45:05 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Jan 31 08:45:05 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Jan 31 08:43:05 check_reload_status: syncing firewall
    Jan 31 08:43:04 php: : WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml
    Jan 31 08:43:04 php: : Beginning package installation for squidGuard.


  • Rebel Alliance Developer Netgate

    Hit the 'x' to remove the package, then reinstall it again.

    Looks like you've got a version of the package that was pulling in OpenSSL from ports. None of the current package binaries that are up right now should be doing that.

    Look at the output of:

    pkg_info
    

    From a command prompt, if you see openssl-<something>, then it isn't right.</something>



  • Thanks for the clue - will try later (production problems are stopping testing!)

    Output of pkg_info

    $ pkg_info
    bsdinstaller-2.0.2011.0118 BSD Installer mega-package
    cyrus-sasl-2.1.23  RFC 2222 SASL (Simple Authentication and Security Layer)
    cyrus-sasl-2.1.23_1 RFC 2222 SASL (Simple Authentication and Security Layer)
    db3-3.3.11_3,1      The Berkeley DB package, revision 3.3
    db41-4.1.25_4      The Berkeley DB package, revision 4.1
    gettext-0.18.1.1    GNU gettext package
    grub-0.97_4        GRand Unified Bootloader
    libiconv-1.13.1_1  A character set conversion library
    libwww-5.4.0_4      The W3C Reference Library
    mbmon-205_5        A tty motherboard monitor for LM78/79, W8378x, AS99127F, VT
    mysql-client-5.1.53 Multithreaded SQL database (client)
    openldap-client-2.4.23 Open source LDAP client implementation
    openldap-sasl-client-2.4.23 Open source LDAP client implementation with SASL2 support
    openssl-1.0.0_2    SSL and crypto library
    openssl-1.0.0_4    SSL and crypto library
    perl-5.10.1_2      Practical Extraction and Report Language
    perl-5.10.1_3      Practical Extraction and Report Language
    squid-2.7.9        HTTP Caching Proxy
    squidGuard-1.4_2    A fast redirector for squid
    squid_radius_auth-1.10 RADIUS authenticator for squid proxy 2.5 and later

    Regards

    Andrew



  • Production problems not as bad as first thought…

    Removed Squidguard

    Installed squidguard

    Still no button to upload/update the blacklist

    pkg_info still shows openssl

    $ pkg_info
    bsdinstaller-2.0.2011.0118 BSD Installer mega-package
    cyrus-sasl-2.1.23  RFC 2222 SASL (Simple Authentication and Security Layer)
    cyrus-sasl-2.1.23_1 RFC 2222 SASL (Simple Authentication and Security Layer)
    db3-3.3.11_3,1      The Berkeley DB package, revision 3.3
    db41-4.1.25_4      The Berkeley DB package, revision 4.1
    gettext-0.18.1.1    GNU gettext package
    grub-0.97_4        GRand Unified Bootloader
    libiconv-1.13.1_1  A character set conversion library
    libwww-5.4.0_4      The W3C Reference Library
    mbmon-205_5        A tty motherboard monitor for LM78/79, W8378x, AS99127F, VT
    mysql-client-5.1.53 Multithreaded SQL database (client)
    openldap-client-2.4.23 Open source LDAP client implementation
    openldap-sasl-client-2.4.23 Open source LDAP client implementation with SASL2 support
    openssl-1.0.0_2    SSL and crypto library
    openssl-1.0.0_4    SSL and crypto library
    perl-5.10.1_2      Practical Extraction and Report Language
    perl-5.10.1_3      Practical Extraction and Report Language
    squid-2.7.9        HTTP Caching Proxy
    squidGuard-1.4_2    A fast redirector for squid
    squid_radius_auth-1.10 RADIUS authenticator for squid proxy 2.5 and later

    Regards

    Andrew



  • Meant to include these entries from the log - in the middle of the squidguard install

    Feb 2 09:11:32 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Feb 2 09:11:32 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Feb 2 09:11:32 sasldblistusers2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Feb 2 09:11:32 sasldblistusers2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Feb 2 09:11:32 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Feb 2 09:11:32 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"



  • Well - following a restart I now have a button which claims it will download a black list from http://www.shallalist.de/Downloads/shallalist.tar.gz - press the button and nothing happens - no entries in any log, no activity on the WAN

    running out of ideas

    Regards

    Andrew



  • Very interesting - due to a hardware fail at a remote site I had to dtop/reconfigure and restart an IPSEC VPN - then continued the battle with Squidguard.  The button now works as advertsised and it updates correctly!

    Still no entries in any log file concerning squidguard, but in the "Portal Auth" tab the following entries have appeared

    Feb 2 10:30:38 squid[35770]: Squid Parent: child process 57923 started
    Feb 2 10:30:35 squid[35770]: Squid Parent: child process 36437 exited due to signal 6
    Feb 2 10:30:35 squid[36437]: The url_rewriter helpers are crashing too rapidly, need help!
    Feb 2 10:30:29 squid[35770]: Squid Parent: child process 36437 started

    But we are not using the Portal and have never had any entries in this tab before to-day.

    Regards

    Andrew



  • Hi,

    I have exactly the same problem, except I don't use any IPSEC VPN.
    I removed and reinstalled squidguard, but I still can't update the blacklist and I have the same issue in "Portal Auth" log.

    What to do ?

    Regards





  • I just reinstalled squid and still have the same issue :(



  • @OyyoDams:

    I just reinstalled squid and still have the same issue :(

    Try uninstal squid/squidGuard from GUI.
    Then from console deinstall any from this (if exists) - 'pkg_delete -r pkgname'

    
    squid-2.7.9         HTTP Caching Proxy
    squidGuard-1.4_2    A fast redirector for squid
    squid_radius_auth-1.10 RADIUS authenticator for squid proxy 2.5 and later
    
    

    Then install squid/squidGuard new from GUI


  • Rebel Alliance Developer Netgate

    It would be a good idea to remove all packages, then check the pkg_info as dvserg suggests, and pkg_delete -f each of the remaining items.

    When that is done, you can reinstall your packages to make sure everything you have is current.



  • I removed all packages as suggested, renstalled squid and squiguard, and I still can't update the list



  • Just for information I just rebooted pfsense and the problem is still here



  • May be irrelevant - but including the reboot for the IPSEC VPN (wanted to make sure all caches were clear) - it started working for after the third reboot.

    Regards

    Andrew



  • I might have been a bit quick saying it was working.  It certainly appears to be working but a look at the system log shows

    Feb 2 14:48:11 php: : The command 'cp -f -p /usr/local/etc/squidGuard/blacklist.files /usr/local/etc/squidGuard' returned exit code '1', the output was 'cp: /usr/local/etc/squidGuard/blacklist.files and /usr/local/etc/squidGuard/blacklist.files are identical (not copied).'
    Feb 2 14:46:35 php: : The command 'rm -R . /tmp/squidGuard/arcdb' returned exit code '1', the output was 'rm: "." and ".." may not be removed'
    Feb 2 14:46:31 php: : The command 'rm -R . /tmp/squidGuard/unpack' returned exit code '1', the output was 'rm: "." and ".." may not be removed'

    More checking!

    Andrew



  • @andrew0401:

    I might have been a bit quick saying it was working.  It certainly appears to be working but a look at the system log shows

    Feb 2 14:48:11 php: : The command 'cp -f -p /usr/local/etc/squidGuard/blacklist.files /usr/local/etc/squidGuard' returned exit code '1', the output was 'cp: /usr/local/etc/squidGuard/blacklist.files and /usr/local/etc/squidGuard/blacklist.files are identical (not copied).'
    Feb 2 14:46:35 php: : The command 'rm -R . /tmp/squidGuard/arcdb' returned exit code '1', the output was 'rm: "." and ".." may not be removed'
    Feb 2 14:46:31 php: : The command 'rm -R . /tmp/squidGuard/unpack' returned exit code '1', the output was 'rm: "." and ".." may not be removed'

    More checking!

    Andrew

    It is a bug. Thanks.



  • Just to confirm, I did the following:

    • removed all packages with GUI
    • removed all packages with pkg_delete
    • upgraded to latest snapshot
    • installed squid and then squidguard

    Result: the "Download" button makes nothing. No error in "Portal Auth"



  • I've recently updated the same package on pfsense 1.2.3.
    The "download" button has moved to a new tab called "Blacklist" next to the "log" tab.
    You can see a progress bar during update of the blacklist.
    Maybe that the 2.0 version also moved there?



  • Yes but in version 2.0 the progress bar stays at 0%



  • @OyyoDams:

    Yes but in version 2.0 the progress bar stays at 0%

    What browser you use? I test this version on IE(8)/FF/Chrome



  • Firefox and IE

    But the problem is not on the progress bar itself, i.e. the progress bar for packages installation works sucessfully.

    When I click on "Download" button, nothing happens at all.



  • Update: tried again, I don't know why, this time it worked, I got that message:

    Begin blacklist update
    Start download.
    Download archive http://urlblacklist.com/cgi-bin/commercialdownload.pl?type=download
    Download complete
    Unpack archive
    Scan blacklist categories.
    Start rebuild DB.
    Copy DB to workdir.
    Reconfigure Squid proxy.
    Blacklist update complete.
    

    But the progress bar has never moved from 0%, and now the message above is not cleared.



  • @OyyoDams:

    Update: tried again, I don't know why, this time it worked, I got that message:
    But the progress bar has never moved from 0%, and now the message above is not cleared.

    I'm working on it as time allows. A lot had to change, so mistakes are inevitable



  • No problem take your time. Thanks :)



  • Stranger & stranger,

    Running on version  Tue Feb  1 19:36:32 - Squidguard is working fine, updates when asked, progress bar works.

    Only thing missing would be an automated update of the script.

    Regards

    Andrew



  • On pfSense 2.0 with IE8 not work for me.
    And pfSense 1.2 with IE8 work fine.

    This task does not require frequent updates



  • Should have mentioned running on Firefox 3.6.13

    Just the ability to run the update script once a month?

    Andrew



  • @andrew0401:

    Should have mentioned running on Firefox 3.6.13

    Just the ability to run the update script once a month?

    Andrew

    Well, maybe, but later - after editing bugs.



  • Totally agree - fix bugs first (though I have found very, very few)

    Just updated to latest snapshot - squidguard works fine

    Regards

    Andrew



  • Everything seems to be working fine after the upgrade to RC1 - but still these same message in syslog

    Mar 2 07:38:59 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Mar 2 07:38:59 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Mar 2 07:38:59 sshlockout[31715]: sshlockout/webConfigurator v3.0 starting up
    Mar 2 07:38:59 sasldblistusers2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Mar 2 07:38:59 sasldblistusers2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Mar 2 07:38:59 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
    Mar 2 07:38:59 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"

    Mar 2 08:51:16 php: : The command 'umount -f /tmp/squidGuard' returned exit code '1', the output was 'umount: /tmp/squidGuard: not a file system root directory'
    Mar 2 08:48:52 php: : The command 'chmod 1777 /tmp/squidGuard' returned exit code '1', the output was 'chmod: /tmp/squidGuard: No such file or directory'
    Mar 2 08:48:52 php: : The command '/sbin/mdmfs -s 200M md15 /tmp/squidGuard' returned exit code '1', the output was 'mdmfs: mount exited with error code 64'

    Tried the deinstall and reinstall approach - not a scrap of difference - do I need to be woried or just ignore them?  As I say everything seems to work.

    Regards

    Andrew



  • This may be unrelated to this thread, but after installing SquidGuard on 1.2.3 twice(tried completely removing both SquidGuard and Squid) neither service will start. The log gives me this error:

    squid[28794]: The url_rewriter helpers are crashing too rapidly, need help!

    Followed shortly by:

    squid[27741]: Exiting due to repeated, frequent failures.

    I haven't gotten around to adding any blacklists, just wanted to see how much config I have beforehand.

    Any clues what I should do?

    [Edit] -
    I am using transparent proxy, will that prevent SquidGuard from working?


  • Rebel Alliance Developer Netgate

    No, it's probably the squidguard update I did last night on the server. It's trying to use a newer version of the ldap library, and failing because it isn't there. I'm looking into it.



  • Awesome, thanks for the reply!  :)

    I'm heading home for the day but I'll check back in tonight and tomorrow, in case you've found the glitch. Thanks a stack!


  • Rebel Alliance Developer Netgate

    squidGuard should be OK on 1.2.3 again, you might have to uninstall squid/squidguard, pkg_delete openldap*, then reinstall squid and then squidguard.

    New installs of squid should be fine.



  • Thanks again, the package installed and works now :-)


Locked