Access.log won't update until I …
Background - Packages/Versions:
Pfsense 1.2.3 RELEASE
Lightsquid 1.7.1 pkg 1.2
Squid 2.7.9_4 (Transparent proxy mode)
When my PFSENSE box reboots. Users can browse to their heart content but my access.log does not get updated. (Cache.log does though)
drwxr-xr-x 2 proxy proxy 512 Mar 30 22:00 .
drwxr-xr-x 6 proxy proxy 512 Nov 24 23:00 ..
-rw-r–--- 1 proxy proxy 29316 Mar 31 11:00 access.log
-rw-r----- 1 proxy proxy 0 Mar 30 21:42 access.log.0
-rw-r----- 1 proxy proxy 221926 Mar 31 11:00 cache.log
-rw-r----- 1 proxy proxy 5162 Mar 30 22:00 cache.log.0
The only way I get to access.log to 'wake up' is to do the following;
1. In PFSENSE, Status, Sevices -> Restart the squid service
2. In PFSENSE, Services, Proxy Server, General tab -> Untick 'enabled logging' , Save and re-tick 'enabled logging' , Save.
AS soon as I did one of the above tricks – surf around a bit, I can see Access.log’s datestamp correlates correctly.
I'm baffled a why this is happening! ???
Other things I tried:
1. Reinstalled squid + squidlight. still does the same.
2. Trying to stop/start from cli also does not work:
/usr/local/sbin/squid -k shutdown
Sounds like squid is not started in time on boot. There is a process that checks to see if squid is running before the firewall adds the transparent rule. If squid is not running then it does not add the transparent redirect for port 80 fw rule. Thats why if you click save it then starts working.
You will probably find this in your log entries "SQUID is installed but not started. Not installing redirect rules.".
thx wagonza - your reply nudged me into the right direction.
if I do a pfctl -sn | grep http - I am suppose to see the redirect rule :
rdr on re0 inet proto tcp from any to ! (re0) port = http -> 127.0.0.1 port 80
After browsing I found the solution in the http://forum.pfsense.org/index.php/topic,20690.15.html discussion… in a nutshell, it looks like there is some sort of race condition in rc. so by commenting out the 'rm -f /tmp/filter_dirty' line fixes the problem!