Squidguard
-
On current version - 2.0-BETA5 (i386)
built on Sat Jan 29 23:42:13 EST 2011Noticed that on the upgrade it also "synced" squidguard to their latest version - 1.4_2 pkg v.1.7 - and the button to upload the latest blacklist has vanished - is this a squidguard or a pfsense issue?
A few stange entries in the log when restarting
Jan 31 08:45:05 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Jan 31 08:45:05 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Jan 31 08:45:05 sshlockout[3675]: sshlockout/webConfigurator v3.0 starting up
Jan 31 08:45:05 sasldblistusers2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Jan 31 08:45:05 sasldblistusers2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Jan 31 08:45:05 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Jan 31 08:45:05 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Jan 31 08:43:05 check_reload_status: syncing firewall
Jan 31 08:43:04 php: : WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml
Jan 31 08:43:04 php: : Beginning package installation for squidGuard.
-
Hit the 'x' to remove the package, then reinstall it again.
Looks like you've got a version of the package that was pulling in OpenSSL from ports. None of the current package binaries that are up right now should be doing that.
Look at the output of:
pkg_infoFrom a command prompt, if you see openssl-<something>, then it isn't right.</something>
-
Thanks for the clue - will try later (production problems are stopping testing!)
Output of pkg_info
$ pkg_info
bsdinstaller-2.0.2011.0118 BSD Installer mega-package
cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-2.1.23_1 RFC 2222 SASL (Simple Authentication and Security Layer)
db3-3.3.11_3,1 The Berkeley DB package, revision 3.3
db41-4.1.25_4 The Berkeley DB package, revision 4.1
gettext-0.18.1.1 GNU gettext package
grub-0.97_4 GRand Unified Bootloader
libiconv-1.13.1_1 A character set conversion library
libwww-5.4.0_4 The W3C Reference Library
mbmon-205_5 A tty motherboard monitor for LM78/79, W8378x, AS99127F, VT
mysql-client-5.1.53 Multithreaded SQL database (client)
openldap-client-2.4.23 Open source LDAP client implementation
openldap-sasl-client-2.4.23 Open source LDAP client implementation with SASL2 support
openssl-1.0.0_2 SSL and crypto library
openssl-1.0.0_4 SSL and crypto library
perl-5.10.1_2 Practical Extraction and Report Language
perl-5.10.1_3 Practical Extraction and Report Language
squid-2.7.9 HTTP Caching Proxy
squidGuard-1.4_2 A fast redirector for squid
squid_radius_auth-1.10 RADIUS authenticator for squid proxy 2.5 and laterRegards
Andrew
-
Production problems not as bad as first thought…
Removed Squidguard
Installed squidguard
Still no button to upload/update the blacklist
pkg_info still shows openssl
$ pkg_info
bsdinstaller-2.0.2011.0118 BSD Installer mega-package
cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-2.1.23_1 RFC 2222 SASL (Simple Authentication and Security Layer)
db3-3.3.11_3,1 The Berkeley DB package, revision 3.3
db41-4.1.25_4 The Berkeley DB package, revision 4.1
gettext-0.18.1.1 GNU gettext package
grub-0.97_4 GRand Unified Bootloader
libiconv-1.13.1_1 A character set conversion library
libwww-5.4.0_4 The W3C Reference Library
mbmon-205_5 A tty motherboard monitor for LM78/79, W8378x, AS99127F, VT
mysql-client-5.1.53 Multithreaded SQL database (client)
openldap-client-2.4.23 Open source LDAP client implementation
openldap-sasl-client-2.4.23 Open source LDAP client implementation with SASL2 support
openssl-1.0.0_2 SSL and crypto library
openssl-1.0.0_4 SSL and crypto library
perl-5.10.1_2 Practical Extraction and Report Language
perl-5.10.1_3 Practical Extraction and Report Language
squid-2.7.9 HTTP Caching Proxy
squidGuard-1.4_2 A fast redirector for squid
squid_radius_auth-1.10 RADIUS authenticator for squid proxy 2.5 and laterRegards
Andrew
-
Meant to include these entries from the log - in the middle of the squidguard install
Feb 2 09:11:32 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Feb 2 09:11:32 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Feb 2 09:11:32 sasldblistusers2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Feb 2 09:11:32 sasldblistusers2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Feb 2 09:11:32 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Feb 2 09:11:32 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
-
Well - following a restart I now have a button which claims it will download a black list from http://www.shallalist.de/Downloads/shallalist.tar.gz - press the button and nothing happens - no entries in any log, no activity on the WAN
running out of ideas
Regards
Andrew
-
Very interesting - due to a hardware fail at a remote site I had to dtop/reconfigure and restart an IPSEC VPN - then continued the battle with Squidguard. The button now works as advertsised and it updates correctly!
Still no entries in any log file concerning squidguard, but in the "Portal Auth" tab the following entries have appeared
Feb 2 10:30:38 squid[35770]: Squid Parent: child process 57923 started
Feb 2 10:30:35 squid[35770]: Squid Parent: child process 36437 exited due to signal 6
Feb 2 10:30:35 squid[36437]: The url_rewriter helpers are crashing too rapidly, need help!
Feb 2 10:30:29 squid[35770]: Squid Parent: child process 36437 startedBut we are not using the Portal and have never had any entries in this tab before to-day.
Regards
Andrew
-
Hi,
I have exactly the same problem, except I don't use any IPSEC VPN.
I removed and reinstalled squidguard, but I still can't update the blacklist and I have the same issue in "Portal Auth" log.What to do ?
Regards
-
http://forum.pfsense.org/index.php?topic=31974.0
Need reinstall squid ?
-
I just reinstalled squid and still have the same issue :(
-
I just reinstalled squid and still have the same issue :(
Try uninstal squid/squidGuard from GUI.
Then from console deinstall any from this (if exists) - 'pkg_delete -r pkgname'squid-2.7.9 HTTP Caching Proxy squidGuard-1.4_2 A fast redirector for squid squid_radius_auth-1.10 RADIUS authenticator for squid proxy 2.5 and laterThen install squid/squidGuard new from GUI
-
It would be a good idea to remove all packages, then check the pkg_info as dvserg suggests, and pkg_delete -f each of the remaining items.
When that is done, you can reinstall your packages to make sure everything you have is current.
-
I removed all packages as suggested, renstalled squid and squiguard, and I still can't update the list
-
Just for information I just rebooted pfsense and the problem is still here
-
May be irrelevant - but including the reboot for the IPSEC VPN (wanted to make sure all caches were clear) - it started working for after the third reboot.
Regards
Andrew
-
I might have been a bit quick saying it was working. It certainly appears to be working but a look at the system log shows
Feb 2 14:48:11 php: : The command 'cp -f -p /usr/local/etc/squidGuard/blacklist.files /usr/local/etc/squidGuard' returned exit code '1', the output was 'cp: /usr/local/etc/squidGuard/blacklist.files and /usr/local/etc/squidGuard/blacklist.files are identical (not copied).'
Feb 2 14:46:35 php: : The command 'rm -R . /tmp/squidGuard/arcdb' returned exit code '1', the output was 'rm: "." and ".." may not be removed'
Feb 2 14:46:31 php: : The command 'rm -R . /tmp/squidGuard/unpack' returned exit code '1', the output was 'rm: "." and ".." may not be removed'More checking!
Andrew
-
I might have been a bit quick saying it was working. It certainly appears to be working but a look at the system log shows
Feb 2 14:48:11 php: : The command 'cp -f -p /usr/local/etc/squidGuard/blacklist.files /usr/local/etc/squidGuard' returned exit code '1', the output was 'cp: /usr/local/etc/squidGuard/blacklist.files and /usr/local/etc/squidGuard/blacklist.files are identical (not copied).'
Feb 2 14:46:35 php: : The command 'rm -R . /tmp/squidGuard/arcdb' returned exit code '1', the output was 'rm: "." and ".." may not be removed'
Feb 2 14:46:31 php: : The command 'rm -R . /tmp/squidGuard/unpack' returned exit code '1', the output was 'rm: "." and ".." may not be removed'More checking!
Andrew
It is a bug. Thanks.
-
Just to confirm, I did the following:
- removed all packages with GUI
- removed all packages with pkg_delete
- upgraded to latest snapshot
- installed squid and then squidguard
Result: the "Download" button makes nothing. No error in "Portal Auth"
-
I've recently updated the same package on pfsense 1.2.3.
The "download" button has moved to a new tab called "Blacklist" next to the "log" tab.
You can see a progress bar during update of the blacklist.
Maybe that the 2.0 version also moved there?
-
Yes but in version 2.0 the progress bar stays at 0%
-
Yes but in version 2.0 the progress bar stays at 0%
What browser you use? I test this version on IE(8)/FF/Chrome
-
Firefox and IE
But the problem is not on the progress bar itself, i.e. the progress bar for packages installation works sucessfully.
When I click on "Download" button, nothing happens at all.
-
Update: tried again, I don't know why, this time it worked, I got that message:
Begin blacklist update Start download. Download archive http://urlblacklist.com/cgi-bin/commercialdownload.pl?type=download Download complete Unpack archive Scan blacklist categories. Start rebuild DB. Copy DB to workdir. Reconfigure Squid proxy. Blacklist update complete.But the progress bar has never moved from 0%, and now the message above is not cleared.
-
Update: tried again, I don't know why, this time it worked, I got that message:
But the progress bar has never moved from 0%, and now the message above is not cleared.I'm working on it as time allows. A lot had to change, so mistakes are inevitable
-
No problem take your time. Thanks :)
-
Stranger & stranger,
Running on version Tue Feb 1 19:36:32 - Squidguard is working fine, updates when asked, progress bar works.
Only thing missing would be an automated update of the script.
Regards
Andrew
-
On pfSense 2.0 with IE8 not work for me.
And pfSense 1.2 with IE8 work fine.This task does not require frequent updates
-
Should have mentioned running on Firefox 3.6.13
Just the ability to run the update script once a month?
Andrew
-
Should have mentioned running on Firefox 3.6.13
Just the ability to run the update script once a month?
Andrew
Well, maybe, but later - after editing bugs.
-
Totally agree - fix bugs first (though I have found very, very few)
Just updated to latest snapshot - squidguard works fine
Regards
Andrew
-
Everything seems to be working fine after the upgrade to RC1 - but still these same message in syslog
Mar 2 07:38:59 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Mar 2 07:38:59 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Mar 2 07:38:59 sshlockout[31715]: sshlockout/webConfigurator v3.0 starting up
Mar 2 07:38:59 sasldblistusers2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Mar 2 07:38:59 sasldblistusers2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Mar 2 07:38:59 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
Mar 2 07:38:59 saslpasswd2: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"Mar 2 08:51:16 php: : The command 'umount -f /tmp/squidGuard' returned exit code '1', the output was 'umount: /tmp/squidGuard: not a file system root directory'
Mar 2 08:48:52 php: : The command 'chmod 1777 /tmp/squidGuard' returned exit code '1', the output was 'chmod: /tmp/squidGuard: No such file or directory'
Mar 2 08:48:52 php: : The command '/sbin/mdmfs -s 200M md15 /tmp/squidGuard' returned exit code '1', the output was 'mdmfs: mount exited with error code 64'Tried the deinstall and reinstall approach - not a scrap of difference - do I need to be woried or just ignore them? As I say everything seems to work.
Regards
Andrew
-
This may be unrelated to this thread, but after installing SquidGuard on 1.2.3 twice(tried completely removing both SquidGuard and Squid) neither service will start. The log gives me this error:
squid[28794]: The url_rewriter helpers are crashing too rapidly, need help!
Followed shortly by:
squid[27741]: Exiting due to repeated, frequent failures.
I haven't gotten around to adding any blacklists, just wanted to see how much config I have beforehand.
Any clues what I should do?
[Edit] -
I am using transparent proxy, will that prevent SquidGuard from working?
-
No, it's probably the squidguard update I did last night on the server. It's trying to use a newer version of the ldap library, and failing because it isn't there. I'm looking into it.
-
Awesome, thanks for the reply! :)
I'm heading home for the day but I'll check back in tonight and tomorrow, in case you've found the glitch. Thanks a stack!
-
squidGuard should be OK on 1.2.3 again, you might have to uninstall squid/squidguard, pkg_delete openldap*, then reinstall squid and then squidguard.
New installs of squid should be fine.
-
Thanks again, the package installed and works now :-)
