Squid3 - New GUI with sync, normal and reverse proxy

workingman · Mar 23, 2015, 8:01 PM

Hi marcelloc/pfsense squid folks.

I've been using squid3/squidguard setup in a redundant CARP pair setup for quite some time and was just cooking up a new pair for a new site and ran into a problem that I guess I've pretty much always had.

Sync to configured system backup server - never sync's to the backup. The configured system backup server is working as expected sharing my DHCP/DNS/Firewall rules but I have always had to turn on..

Sync to host(s) defined below - set the same server as I use in the system config and then everything does get copied over to the backup.

Since it was easy to fix/workaround it never really bothered me much but I'm just setting up a brand fresh install of 2.2.1 and it seems to still happen. Am I the only one?

Thanks!

varazir · Mar 26, 2015, 8:20 PM

Hi,

How do I add this list http://winhelp2002.mvps.org/hosts.txt to squid3? or do I need squidGuard ?

KR
Daniel

messerchmidt · Mar 29, 2015, 5:18 AM

@varazir:

Hi,

How do I add this list http://winhelp2002.mvps.org/hosts.txt to squid3? or do I need squidGuard ?

KR
Daniel

i think you need squid guard

varazir · Mar 29, 2015, 8:31 AM

@messerchmidt:

@varazir:

Hi,

How do I add this list http://winhelp2002.mvps.org/hosts.txt to squid3? or do I need squidGuard ?

KR
Daniel

i think you need squid guard

Okay, have idea how? or if there are any good guide…

spittlbm · Apr 11, 2015, 8:37 PM

@varazir:

@messerchmidt:

@varazir:

Hi,

How do I add this list http://winhelp2002.mvps.org/hosts.txt to squid3? or do I need squidGuard ?

KR
Daniel

i think you need squid guard

Okay, have idea how? or if there are any good guide…

I'd be VERY interested in the same feature.

qinohe · Apr 26, 2015, 9:59 AM

@spittlbm:

@varazir:

@messerchmidt:

@varazir:

Hi,

How do I add this list http://winhelp2002.mvps.org/hosts.txt to squid3? or do I need squidGuard ?

KR
Daniel

i think you need squid guard

Okay, have idea how? or if there are any good guide…

I'd be VERY interested in the same feature.

I create this list myself. It's just one (domains) big list, which I pack together with f.i. shalla or mesd.
My main OS is Arch Linux, I use a program called hosts-update see https://aur.archlinux.org/packages/hosts-update/
From the hosts file, which is basically the MVPS list, I create the 'domains' file, which can be used by squidguard.

If there is interest, I could place this list (mvps only) on github.

robatwork · May 15, 2015, 9:37 AM

Does the version on the pfsense packages ie:

beta
0.2.8
platform: 2.2

contain support for HTTP/1.1 ?

We are having a problem with keep-alives that need this support.
Thanks

BTW the link https://github.com/pfsense/pfsense-packages/commits/master/config/34 that is on the version number leads to a 404.

SisterOfMercy · Jul 5, 2015, 5:44 PM

@robatwork:

BTW the link https://github.com/pfsense/pfsense-packages/commits/master/config/34 that is on the version number leads to a 404.

That should probably be this one then:
https://github.com/pfsense/pfsense-packages/tree/master/config/squid3/34

ismaelnoble · Jul 24, 2015, 5:34 PM

@hackersoft:

I am still experiencing the same problem.

I've got the time last week to reinstall pfsense amd-64 and the same problem exists.

So my solution right now is to reboot pfsense everyday using CRON @ 1 am. That way pfsense will be alive the next working day.

I'm suspecting one of the packages installed is messing it up at 12 midnight so I do a cron to reboot the machine @ 1am daily.

To heimdal, you can install the CRON package then add a cron task:

0 1 * * * root /sbin/reboot

I hope the fix will be released soon.

for some wierd reason im getting this too, a look at the logs doesnt show much so its been one of those evil bugs that dont leave any traces. i did mitigate it by simply seting up a cron job that runs squid at 12.15 am …

currently i have squid, squidguard, ntopng and freeradius setup and running its just this but that is "bugging" me

dkrizic · Jul 27, 2015, 1:17 PM

@Cino:

@dalex:

Hello.
I need IPv6 support, so i think Squid3 is my only option.

squid 3 does support IPv6, but it doesn't listen on an IPv6 address tho. So clients would need to connect to ipv4:3128. You can however in advance options add an IPv6 interface e.g http_port [xxxx.xxxx.xxxx.xxxx.xxx.xxx]:3182

How can I use IPv6 with the Reverse Proxy? I currently listen on IPv4/80 and IPv4/443 and would like to additionally listen on IPv6.

hell bomb · Aug 14, 2015, 12:20 AM

Interesting error, while AV is enabled while navigating to most websites (not all websites) I get TAG_NONE/500 Status error. Any suggestions?

SisterOfMercy · Aug 17, 2015, 9:08 PM

@varazir:

How do I add this list http://winhelp2002.mvps.org/hosts.txt to squid3? or do I need squidGuard ?

Wouldn't pfBlockerNG work better in this case?

aGeekhere · Aug 25, 2015, 12:36 PM

whats new in 0.2.9?

S. Kirschner · Aug 25, 2015, 2:27 PM

@aGeekHere:

whats new in 0.2.9?

Hm , its still the same version.

Here are the build options of 0.2.9

Squid Cache: Version 3.4.10
configure options:  '--with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid'
 '--localstatedir=/var' '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache' '--enable-auth'
 '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation'
 '--disable-arch-native' '--enable-eui' '--enable-cache-digests' '--enable-delay-pools' '--enable-ecap' '--disable-esi' '--enable-follow-x-forwarded-for' '--enable-htcp'
 '--enable-icap-client' '--enable-icmp' '--enable-ident-lookups' '--enable-ipv6' '--enable-kqueue' '--with-large-files' '--enable-http-violations' '--without-nettle' '--enable-snmp' '--enable-ssl'
 '--enable-ssl-crtd' '--disable-stacktraces' '--disable-ipf-transparent' '--disable-ipfw-transparent' '--enable-pf-transparent' '--with-nat-devpf' '--disable-forw-via-db' '--enable-wccp'
 '--enable-wccpv2' '--enable-auth-basic=DB MSNT MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam LDAP NIS' '--enable-auth-digest=file'
 '--enable-external-acl-helpers=file_userip time_quota unix_group LDAP_group' '--enable-auth-negotiate=kerberos wrapper' '--enable-auth-ntlm=fake smb_lm'
 '--enable-storeio=ufs aufs diskd' '--enable-disk-io=AIO Blocking IpcIo Mmapped DiskThreads DiskDaemon' '--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake'
 '--enable-storeid-rewrite-helpers=file' '--with-openssl=/usr' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd10.1' 
'build_alias=amd64-portbld-freebsd10.1' 'CC=cc' 'CFLAGS=-O2 -pipe  -I/usr/local/include -I/usr/local/include -I/usr/include -fstack-protector -DLDAP_DEPRECATED -fno-strict-aliasing'
 'LDFLAGS= -L/usr/local/lib -L/usr/local/lib -pthread -Wl,-rpath,/usr/lib:/usr/local/lib -L/usr/lib -fstack-protector' 'LIBS=' 'CPPFLAGS=' 'CXX=c++'
 'CXXFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include -I/usr/include -fstack-protector -DLDAP_DEPRECATED -fno-strict-aliasing  -Wno-unused-private-field' 'CPP=cpp' 'PKG_CONFIG=pkgconf' --enable-ltdl-convenience

aGeekhere · Aug 26, 2015, 3:29 AM

well I updated,all went well, just had to remove the cache after the install or else i get page loading issues.

magicduck · Aug 27, 2015, 10:16 AM

Hi there.

I found a "bug" / "feature" when we have IPv6.
Seems that I have to add manually the IPv6 to listen on the squid (on the integration box)

Is this normal ?

Cino · Aug 27, 2015, 3:38 PM

@magicduck:

Hi there.

I found a "bug" / "feature" when we have IPv6.
Seems that I have to add manually the IPv6 to listen on the squid (on the integration box)

Is this normal ?

Yes its normal. Its been that way since squid3 was added as a package. I would say its a feature that needs to be added to the GUI. To enable it and grab the interface IP from the interfaces you select

rataosinho · Sep 8, 2015, 1:43 PM

I installed version 0.3.0 today and ended my life. Computers with setted proxy manually, can not load pages. I had to take out the proxy settings of the LAN and did not want to do that.
Is there any way for me to go back to version 0.2.9? :'(
hugs!

whitexp · Sep 9, 2015, 12:00 AM

@rataosinho:

I installed version 0.3.0 today and ended my life. Computers with setted proxy manually, can not load pages. I had to take out the proxy settings of the LAN and did not want to do that.
Is there any way for me to go back to version 0.2.9? :'(
hugs!

same here

aGeekhere · Sep 9, 2015, 12:01 AM

I installed version 0.3.0 today and ended my life. Computers with setted proxy manually, can not load pages. I had to take out the proxy settings of the LAN and did not want to do that.
Is there any way for me to go back to version 0.2.9? :'(
hugs!

Did you delete the squid cache?