Squid3 - New GUI with sync, normal and reverse proxy

gar2k

Good day to all! Help please!

2.0.3-RELEASE (amd64)
built on Fri Apr 12 10:27:15 EDT 2013
FreeBSD 8.1-RELEASE-p13

Squid3 and SquidGuard Installed. Everything works except for reverse proxy, if you turn off SquidGuard - revers proxy works fine, as soon as there is in the config Squid "redirect_program/usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf" reverse falls off. Squidguard finds sqerrore.php on the web server where was мapped reverse.
I'm sorry for my english.

mromero

Can someone confirm if the 3.38.PBI is still broken / fixed?

Any special steps to take when installing not to break anything?

I see it in the Packages now in my PFSENSE GUI but hesitant to install.

Thanks!

mromero

Looks like still broken. Installed and it complains about some ClamV file missing but I do not have antivirus enabled.

djnemo

I have a pfSense 2.0.3 Box Squid3 + SquidGuard was worked nice,
i removed squid3 and installed squid3-dev from package menu i download those 6 lib file to /usr/local/lib it seems squid-dev is running since i dont have any error in system log and service status is running,But nothing can pass via pfsense i have set it up as default gateway in my workstations but not website can browse !
ping is passing without problem.

i have this kind of error when trying ro restart the service or change configurations:

php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: ERROR: Could not send signal 15 to process 6614: (3) No such process'

• i didnt touch any routing,rule,nat setting they are all like default setting.

thanks

mromero

Would appreciate it if someone opens a new thread when this version of  Squid is up and running as a package with no need to be mucking around with external libs and patches etc.  ::)

marcelloc

Squid3-dev has it's own forum topic.

Truster

Hi Marcelloc,

I discovered a bug, i don't know if it IIS8 or the Reverse Proxy. I'm running Exchange 2010 SP3 on Server 2012

1st test:
Im using OWA on Exchange 2010 Through the Reverse Proxy, all working fine, but i can't attach larger files to an Email. I'll get connection reset and in the SQUID Log i see the Line TCP_MISS/401. i Tried Firefox and Chrome.

2nd test:
i add a NAT rule to forward Port 4343 to the IIS Server on Port 443. All working fine, i test it with an attachment with 8mb in size.

IIS/Exchange is configured for Basic Auth.

if i get this working, i will write a little Howto. all other thinks, like Autodiscover, Outlook Anywhere, etc. are working perfectly…

Best regards
Dave

Hobby-Student

@Truster:

2nd test:
i add a NAT rule to forward Port 4343 to the IIS Server on Port 443. All working fine, i test it with an attachment with 8mb in size.

This is a known issue caused by IIS… i think default is 2KB upload. can't give u more atm, but google can help you in seconds with somethin like "iis owa attachement size"

Truster

@Hobby-Student:

This is a known issue caused by IIS… i think default is 2KB upload. can't give u more atm, but google can help you in seconds with somethin like "iis owa attachement size"

i dont think so, because the test file has 8MB in size. i uploaded it with chrome on https://internalhostname/owa/ without any problems.

But anyway, i'll try your suggestion.

Edit: OWA's default size Limit is 30MB

Hobby-Student

@Truster:

i dont think so, because the test file has 8MB in size. i uploaded it with chrome on https://internalhostname/owa/ without any problems.

But anyway, i'll try your suggestion.

Edit: OWA's default size Limit is 30MB

Try Google like I said… This is an IIS property which is not controlled by any other Management console or powershell.

mromero

I need to bring this up again.

Is this package still broken and needing to assemble and download pieces from elsewhere not in the package itself?

When I go to Package Manager Console in my PFSENSE 2.1 RC1 I see Squid 3 BETA and the MORE INFO links direct to this post.

When will we be able to do a normal install of Squid 3 BETA from PFSENSE as with other packages?

Truster

@Hobby-Student:

Try Google like I said… This is an IIS property which is not controlled by any other Management console or powershell.

Hi Hobby-Student.

i tried this this already. Also a coworker has checked the IIS configuration. Nothing found. The problem only occur if the connection is forwared through the proxy. a direct-connection to the iis enabeld site works.

Best regards
Dave

Hobby-Student

@Truster:

Hi Hobby-Student.

i tried this this already. Also a coworker has checked the IIS configuration. Nothing found. The problem only occur if the connection is forwared through the proxy. a direct-connection to the iis enabeld site works.

Best regards
Dave

I do have a similar Setups. Exchange-Server (2007, 2010) behind pfsense with squid as reverse proxy. For me the only thing breaking attachments was the IIS default configuration.

Am I reading right, that attachments work through squid, except larger files? (you mentioned 8MB)
It's working from the outside,if squid is not active? (direct connection from the outside to the Exchange)

Truster

Hi hobby-student,

thats right, if i create a nat rule for webmail.contoso.com, port  443 and forward it to the  target address 192.168.0.10, owa works with large attachement
if i enable the reverse proxy (all enabled) i can only attach 1-2kb files

im using iis7 and iis8 in different setups.

Hobby-Student

@Truster:

Hi hobby-student,

thats right, if i create a nat rule for webmail.contoso.com, port  443 and forward it to the  target address 192.168.0.10, owa works with large attachement
if i enable the reverse proxy (all enabled) i can only attach 1-2kb files

im using iis7 and iis8 in different setups.

that sounds weird… did you use something like

With the following command you can change the value (in this case 10MB):
C:\Windows\System32\inetsrv\appcmd.exe set config -section:system.webServer/serverRuntime /uploadReadAheadSize:"10485760" /commit:apphost

C:\Windows\System32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/serverRuntime /uploadReadAheadSize:"10485760" /commit:apphost

Truster

No, hobby-student, but i did some future investigations and my conclusion is: maybe a bug in IIS 8
i did the following tests
pfsense reverse proxy, behind an iis7 (server 2008r2) with exchange 2010 sp3 UR2: It works 
pfsense reverse proxy, behind an iis8 (server 2012) with exchange 2010 sp3 UR2: It doesn't work with safari/firefox/chrome. No problems wih IE…. grrr

so i think its not the pfsense....

Hobby-Student

@Truster:

No, hobby-student, but i did some future investigations and my conclusion is: maybe a bug in IIS 8
i did the following tests
pfsense reverse proxy, behind an iis7 (server 2008r2) with exchange 2010 sp3 UR2: It works 
pfsense reverse proxy, behind an iis8 (server 2012) with exchange 2010 sp3 UR2: It doesn't work with safari/firefox/chrome. No problems wih IE…. grrr

so i think its not the pfsense....

that's what i meant. it's an IIS thing… with non-IE Browsers it's invoking other stuff, so an IIS setting could be the problem.

mromero

@marcelloc:

Squid3-dev has it's own forum topic.

Can you point me to the Forum Topic?

TheNetStriker

@marcelloc:

@TheNetStriker:

I've added a new page to configure additional ports and added a configuration for client certificates.

I'm doing it on web servers page but I'll take a look on your code and see how can I merge it with my current uncommitted code.

Thanks for your code contribution.  :)

Could you already take a look at my code changes? (https://github.com/TheNetStriker/pfsense-packages/commit/7d926f3d44cee817475c20bde44fe6471bab4ba7)

dld121

@marcelloc:

Squid3-dev has it's own forum topic.

I have looked for it… and I can't find it.

Could you please post a link to it here?