Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid 3 (squid.inc) changes to get it working

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 11.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • _
      _igor_
      last edited by

      Installing squid3 on pfSense 2.0 (amd64) results in a bunch of errors:

      php: /pkg_edit.php: The command '/usr/local/sbin/squid -D' returned exit code '1', the output was '2011/02/24 10:30:04| WARNING: -D command-line option is obsolete. 2011/02/24 10:30:04| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2011/02/24 10:30:04| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2011/02/24 10:30:04| WARNING: For now we will assume you meant to write /27 2011/02/24 10:30:04| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2011/02/24 10:30:04| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2011/02/24 10:30:04| WARNING: For now we will assume you meant to write /8 2011/02/24 10:30:04| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2011/02/24 10:30:04| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2011/02/24 10:30:04| WARNING: You should probably remove '::/0' from the ACL named 'all' 2011/02/24 10:30:04| aclParseAclL
      

      So i decided to look at the squid.inc and made the following changes:

      first change is to get rid of the "wrong" netmask: squid wants CDIR.
      second change is the change from the acl-netmasks to CDIR too.
      third change is the removing of the reply_body_max_size, because the squid manpage says

      Configuration Format is:
      reply_body_max_size SIZE UNITS [acl …]
      ie.
      reply_body_max_size 10 MB

      and at the same time

      reply_body_max_size SIZE [acl acl…]

      (without units)

      So i tested with "reply_body_max_size 0 deny all" and with "reply_body_max_size 0 KB deny all". Tested with other values greater 0, but all time same result.
      If anybody has an explanation to this strange behaviour, please feel free to tell me.

      And at last i removed the "-d" from the starting-script.

      Output of diff:

      676a677
      > 			$mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2);
      806,807c807,808
      < acl all src 0.0.0.0/0.0.0.0
      < acl localhost src 127.0.0.1/255.255.255.255
      ---
      > acl all src all
      > acl localhost src 127.0.0.1/32
      896c897
      < 	$conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny all\n";
      ---
      > //	$conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny all\n";
      1159c1160
      < 		mwexec("/usr/local/sbin/squid -D");
      ---
      > 		mwexec("/usr/local/sbin/squid");
      
      

      Now squid3 starts without any errror, squidguard starts too and its working as expected:

      Feb 24 13:25:39	check_reload_status: syncing firewall
      Feb 24 13:25:38	check_reload_status: reloading filter
      Feb 24 13:25:38	squid[43719]: Squid Parent: child process 43989 started
      Feb 24 13:25:38	php: /pkg_edit.php: Starting Squid
      

      :)

      1 Reply Last reply Reply Quote 0
      • _
        _igor_
        last edited by

        Who maintains that package to get the most annoying errors out of the squid3 package? Would be nice to get it running directly… :)

        1 Reply Last reply Reply Quote 0
        • M
          mhab12
          last edited by

          Thanks for the work you have done on the squid package.  Many people will appreciate it when when 2.0 goes RC or final.

          I suspect the devs will see your work here and implement the changes.  The package was maintained by databeestje, however I'm not sure if he is involved with the project anymore.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.