Squid3 - New GUI with sync, normal and reverse proxy

tester_02 · Apr 25, 2012, 4:12 AM

I am getting the following error after installing squid 3. I've looked at the folder and there is no mime.conf file.

I had squid 2 + squidguard. I installed squid 3, then uninstalled squid 2 and this started happening (had originally thought 3 would overwrite 2, but both were shown in the packages). I've even tried installing 3 again, but the same error happens. I would have stayed with 2, but I've always had trouble with ncix.com and some youtube videos (preview window plays video and then it runs another preview in the preview)

Apr 24 22:00:06 squid: MIME Config Table /usr/local/etc/squid/mime.conf: (2) No such file or directory
Apr 24 21:59:32 php: : SQUID is installed but not started. Not installing "filter" rules.
Apr 24 21:59:32 php: : SQUID is installed but not started. Not installing "pfearly" rules.
Apr 24 21:59:32 php: : SQUID is installed but not started. Not installing "nat" rules.
Apr 24 21:59:26 check_reload_status: Reloading filter
Apr 24 21:59:18 php: : SQUID is installed but not started. Not installing "filter" rules.
Apr 24 21:59:17 php: : SQUID is installed but not started. Not installing "pfearly" rules.
Apr 24 21:59:17 php: : SQUID is installed but not started. Not installing "nat" rules.
Apr 24 21:59:16 php: /pkg_edit.php: The command '/usr/local/sbin/squid' returned exit code '1', the output was '2012/04/24 21:59:16| ERROR: MIME Config Table /usr/local/etc/squid/mime.conf: (2) No such file or directory FATAL: MIME Config Table /usr/local/etc/squid/mime.conf: (2) No such file or directory Squid Cache (Version 3.1.19): Terminated abnormally. CPU Usage: 0.007 seconds = 0.007 user + 0.000 sys Maximum Resident Size: 5744 KB Page faults with physical i/o: 0'
Apr 24 21:59:16 squid: MIME Config Table /usr/local/etc/squid/mime.conf: (2) No such file or directory

So I manually created a blank mime.conf file. That error went away and I then I in turn got a missing "icons" folder in the same location. I created that, and no squid works, but squidguard fails to work..

squid[58395]: Squid Parent: child process 58727 exited due to signal 6 with status 0

Closer, but not quite working at this stage for me…
hints anyone?

tester_02 · Apr 25, 2012, 4:38 AM

Update:
Saved all screens in squid and squidguard for luck, and now it's up. I was scared to reinstall squidguard as I had read that squidguard would reinstall squid 2 again.

So finally squid 3 + squidguard working good. ncix.com even works! now to just watch some youtube videos and see if the problem comes up again.

installer still does need a fix for the missing file and missing folder.

Also getting error 22 invalid argument if I try to edit the message above this.

phil.davis · Apr 26, 2012, 7:59 AM

When you are able to make PBIs for installing Squid3 on 2.1-DEVELOPMENT I am happy to test it. No rush - I see that you already have plenty of work just now!

marcelloc · Apr 26, 2012, 1:06 PM

@phil.davis:

When you are able to make PBIs for installing Squid3 on 2.1-DEVELOPMENT I am happy to test it. No rush - I see that you already have plenty of work just now!

On 2.1, install package gui and then go to console to pkg_add -r binaries until I find time to build and test pbi

IGIdeus · Apr 27, 2012, 1:04 PM

Hi,

I looked at throttle_exts.acl generated with "Throttle multimedia files" option checked. IMHO it lacks of extensions: wma, wav, mka, mkv, ogg, oga, ogm, ogv, rmvb.

Best regards
IGIdeus

pizetta · Apr 27, 2012, 2:27 PM

Hi,
At "Proxy server: Traffic management" we can manage a single delay pool with the options: Per-host throttling / Overall bandwidth throttling / Maximum upload size.
I need to manage many groups of delay pools and set to different networks/Ips. This is very usefull, are you going to implement this?

Thanks in advance.

marcelloc · Apr 27, 2012, 10:19 PM

@pizetta:

I need to manage many groups of delay pools and set to different networks/Ips. This is very usefull, are you going to implement this?

No plans for this feature yet. But if you need it, you can post a bountry or make a donation for that ;)

Do you have any config sample for this?

pizetta · May 2, 2012, 5:15 PM

Something like this…

delay_pools 3 ######3 delay pools
delay_class 1 2
delay_parameters 1 -1/-1 12800/12800
delay_access 1 allow client_100k ######limited clients 100kbps

delay_class 2 2
delay_parameters 2 -1/-1 25600/25600
delay_access 2 allow clientes_200k ######limited clients 200kbps

delay_class 3 2
delay_parameters 3 -1/-1 38400/38400
delay_access 3 allow clientes_300k ######limited clients 300kbps

I wish to manage as many pools as I can, grouping users to limit the use of internet. I'll take a look at bounties.
Best regards!

yosu · Jun 1, 2012, 11:21 AM

Hi,

I am using package squid3 version 3.1.19 pkg 2.0.5_2.

In /usr/local/pkg/squid.inc I think this line:

http_access deny CONNECT !sslports

should be:

http_access deny connect !sslports

Also in reverse proxy web gui I need to set port 443 in order to https work. If I left blank reverse HTTPS port, it doesn't open port 443.

Also the reverse proxy HTTPS always redirect to the reverse HTTPS default site. Don't mind what mappings you use.

HTTP reverse proxy works fine.

Best regards.

nutt318 · Jun 5, 2012, 10:13 PM

When using the Reverse Proxy in theory will it redirect the traffic based upon the URL?

I've got 2 internal webservers with one public IP, should I be able to route the traffic based upon server1.mydomain.com to 192.168.1.50 and say server2.mydomain.com to 192.168.1.51 ?

It seems I've configured the reverse proxy properly and added a rule to allow http traffic to each private address but i'm not having any luck.

Anyone have any ideas or a detailed instructions?

marcelloc · Jun 5, 2012, 10:44 PM

@nutt318:

When using the Reverse Proxy in theory will it redirect the traffic based upon the URL?

I've got 2 internal webservers with one public IP, should I be able to route the traffic based upon server1.mydomain.com to 192.168.1.50 and say server2.mydomain.com to 192.168.1.51 ?

yes,

@nutt318:

It seems I've configured the reverse proxy properly and added a rule to allow http traffic to each private address but i'm not having any luck.

what you got on squid access log?

nutt318 · Jun 6, 2012, 3:01 PM

Here is what I see in the access.log file /var/squid/logs - I only see internal traffic. Shouldn't I see attempts from public IP's that are trying to access the web servers?

1338991913.168 179241 MY.DESKTOP.I.P TCP_MISS/504 1290 GET http://domain1.mydomain.com/ - DIRECT/MY.PUBLIC.I.P text/html

I'll try and add some screenshots of my setup

EDIT: added screenshots

marcelloc · Jun 6, 2012, 8:45 PM

The setup looks fine, I'll try to simulate it.

yosu · Jun 7, 2012, 2:06 PM

@nutt318:

Make URI textbox blank in order to get:

acl test1 url_regex -i http://test1.mydomain.com.*$

Now you get:

acl test1 url_regex -i test1.mydomain.com/http://test1.mydomain.com.*$

You can look at /usr/local/etc/squid/squid.conf in a ssh shell.

Best regards.

nutt318 · Jun 7, 2012, 2:19 PM

That made it work from internal on the LAN, but I still cant get to it from the outside.

Any other ideas?

Thanks!

cjbujold · Jun 9, 2012, 6:49 PM

Unable to get reverse squid 3 to work. Here is my configuration, if somebody can help. The example i'm trying to get to work is 2 web servers; one on port 80 and another on port 8081. The request comes to port 80 should be pickedup by squid and depending on the URL squid should send the request either to port 80 of the web server or to port 8081. The test Im using is www goes to port 80 and helpdesk goes to port 8081. When I try it, everythings goes to port 80. Port 8081 is never sent aqnything and the helpdesk goes to port 80.

The squid.conf file reverse proxy section looks like this: (XXX is equal to mydomainname)

Reverse Proxy settings

http_port 192.168.XXX.XXX:80 accel defaultsite=XXXX.ca vhost
http_port 156.34.XXX.XXX:80 accel defaultsite=XXXX.ca vhost
#XXXX HelpDesk
cache_peer 192.168.XXX.15 parent 8081 0 proxy-only no-query originserver login=PASS name=XXXXHelpDesk

acl XXXXHelpDesk url_regex -i http://helpdesk.XXXX.ca/.$
acl XXXXHelpDesk url_regex -i http://helpdesk.XXXX.com/.$
cache_peer_access XXXXHelpDesk allow XXXXXHelpDesk
cache_peer_access XXXXHelpDesk allow XXXXHelpDesk
cache_peer_access XXXXHelpDesk deny allsrc
cache_peer_access XXXXHelpDesk deny allsrc
never_direct allow XXXXHelpDesk
never_direct allow XXXXHelpDesk
http_access allow XXXXHelpDesk
http_access allow XXXXHelpDesk

deny_info TCP_RESET allsrc

Custom options

![MappingDetail PM.png](/public/imported_attachments/1/MappingDetail PM.png)
![MappingDetail PM.png_thumb](/public/imported_attachments/1/MappingDetail PM.png_thumb)

nutt318 · Jun 11, 2012, 1:50 PM

Sounds like the same issue I'm having, however it looks like one of your mappings isnt ON. Maybe that will fix it, if so I need to look over my config again.

nutt318 · Jun 12, 2012, 9:16 PM

I looked at my squid.config file at its basically the same as cjbujold's.

Is there anything else to try, or does anyone have any idea why this isnt working?

Thanks for the help.

IGIdeus · Jun 13, 2012, 10:11 AM

Hi,

There is no possible to restart/start squid service from dashboard and services GUI pages.

Best regards
IGIdeus

IGIdeus · Jun 13, 2012, 10:31 AM

Hi,

IMHO squid as a package for firewall should be hardened a little bit more.
From my perspective ACL safe_ports should include only 21, 80, 443 and 1025-65535 ports, ACL SSL should include only 443 port. All other ports should be added manually.
There could be information about other ports in description of the options.

The brilliant function could be possibility to manage the ACLs like in Webmin or like firewall rules in pfSense.

Best regards
IGIdeus