Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.0.3 Squidguard not working

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    19 Posts 5 Posters 13.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alkyred
      last edited by

      I'm not going to deny that I am a newbie but have been around PFsense for a little while. I just never had problems like this before.

      I have two brand new ALIX alix2d13 boards that we are trying to set up for our guest wireless networks. The only items we need are Captive Portal, Squid, and Squidguard.

      Captive Portal and Squid work perfectly. For the life of me, I cannot get Squidguard to block anything. I use Squidguard for other things so I certainly know how to work with ACLs, Target Categories, and Blacklists.

      We use the Shallalist blacklist for other Squidguard servers and there are 57 categories when I use them on other servers, the PFsense box only sees 37. If I remove all the Blacklists and create my own Target Category with only www.yahoo.com and set that one to deny on the Common ACL it still will not block it.

      I am sure I am missing something simple so any help would be appreciated.

      Thanks,

      Todd

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Are you using Squid 2 or 3? If you loaded Squid 3 and then Squidguard it will try to load Squid 2 as a dependency and hose everything!

        The amount of RAM in the Alix is generally not enough to use blacklists with Squidguard. Assuming you are running a Nano image. Are you seeing memory related errors in the logs?

        Steve

        1 Reply Last reply Reply Quote 0
        • N
          Nachtfalke
          last edited by

          As stephenw10 said, if you are using squid3 then you must install squid3 again after you installed squid2 squidguard.

          Then on squidguard go to blacklist and upload the shallalist.tar.gz - it will build the databases.
          After that you should be able to see all these lists on "Common ACL" if you expand "Target Lists".

          After you configured anything on squidguard you must always click "Save" and then "Apply" on "General Settings" pages.

          1 Reply Last reply Reply Quote 0
          • A
            alkyred
            last edited by

            Stephenw10\Nachtfalke -

            I have tried both Squid2 and Squid3 with the same results. I also found a post in this forum related to installing squid3 again after squid2. Still no luck.

            I have not seen any memory related errors in the logs yet.

            One other issue I have that I forgot to mention is that sometimes when I hit "Apply" on the "General Settings" page, all the blacklists db are deleted and I get a big red error message saying that it could not find xxx blacklist.

            I am wondering if I am not giving the system enough time to rebuild the databases.

            Today's plan:
            Re-image the CF
            Install squid2
            Install Squidguard
            Create my own Target categories

            Test test test

            If this seems to be working then I will try the shallalist blacklist again.

            One question is if I install the blacklists and they don't work, how do I remove them. If I jsut delete the databases I get the error I mentioned above when I hit "Apply" on the "General Settings"

            Thanks for your help.

            Todd

            1 Reply Last reply Reply Quote 0
            • A
              alkyred
              last edited by

              Testing update.

              I have re-imaged the CF, installed squid2, then installed Squidguard.

              Squid is running in transparent mode

              I have set Squidguard common ACL Default Access to Deny

              Tested

              Works great!

              Changed Default Access to Allow all

              Tested

              Worked Great!

              Added my own Target category News with www.cnn.com as the only Domain.

              Tested

              Works Great! Can go everywhere except www.cnn.com

              I am now installing a blacklist.

              I installed the blacklists from:
              ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists_for_pfsense.tar.gz
              Blacklist Update Log only found 30 items from the 47 in the package. This is issue #1.

              Set adult to Deny

              Default Access is set to allow.

              "Save" on changes in "Common ACL" then "Apply" on "General Settings"

              Test test test.

              Failed No blocking of any adult sites. :(

              Restarted Squidguard service - Tested - Still no blocking

              Restarted PFsense box - Tested -  Still no Blocking

              Checked Logs - no memory errors.

              run ps aux | grep squid

              5 Instances of squidGuard -c running

              Any additional help would be great.

              Todd

              1 Reply Last reply Reply Quote 0
              • G
                Gabri.91
                last edited by

                The problem is that /var partition is too small and blacklist cannot be fully loaded. On Alix /var is in RAM, you can increase it editing /etc /rc.embedded and put a larger value on varsize.
                The problem is that probably Alix hasn't got so much RAM to do this..

                1 Reply Last reply Reply Quote 0
                • P
                  pvoigt
                  last edited by

                  @Gabri.91:

                  The problem is that /var partition is too small and blacklist cannot be fully loaded. On Alix /var is in RAM, you can increase it editing /etc /rc.embedded and put a larger value on varsize.
                  The problem is that probably Alix hasn't got so much RAM to do this..

                  I recently addressed the question of running Squid on a nanoBSD installation. There are some limitiations. I hope this thread my be helpful:
                  http://forum.pfsense.org/index.php/topic,59932.msg322453.html

                  1 Reply Last reply Reply Quote 0
                  • A
                    alkyred
                    last edited by

                    Call me stupid but the file system on the CF is read-only? How do I edit the rc.embedded file?

                    I tried vi as a su but I still get the same results. Read only system

                    Thanks again,

                    Todd

                    1 Reply Last reply Reply Quote 0
                    • N
                      Nachtfalke
                      last edited by

                      @alkyred:

                      Call me stupid but the file system on the CF is read-only? How do I edit the rc.embedded file?

                      I tried vi as a su but I still get the same results. Read only system

                      Thanks again,

                      Todd

                      Don't know the syntax on the command shell but on the packages they use "conf_mount_ro();" and "conf_mount_rw();"

                      I am using the blacklists from www.shallalist.de
                      I am just using some of the categories and not all and I see no reason to "spam" my Target Lists on squidguard with unused categories. What I do is downloading the file from the website, open it with 7zip and removing the unneeded categories. After that I upload it to /tmp and then import it in squidguard.

                      To delete the old databases go to squidguard –> blacklists and then click on the white cross on the red bottom. This take some time but it will restore the default database.

                      1 Reply Last reply Reply Quote 0
                      • P
                        pvoigt
                        last edited by

                        @alkyred:

                        Call me stupid but the file system on the CF is read-only? How do I edit the rc.embedded file?

                        I tried vi as a su but I still get the same results. Read only system

                        Thanks again,

                        Todd

                        To re-mount e.g. the root filesystem rw you can use

                        mount -uw /
                        
                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          Don't use the mount command directly that has caused problems in the past. Use the built in scripts, see: http://doc.pfsense.org/index.php/Remount_embedded_filesystem_as_read-write

                          Alternatively use the editor in the webgui which takes care of that for you. Diagnostics: Edit File:

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • P
                            pvoigt
                            last edited by

                            @stephenw10:

                            Don't use the mount command directly that has caused problems in the past. Use the built in scripts, see: http://doc.pfsense.org/index.php/Remount_embedded_filesystem_as_read-write

                            Alternatively use the editor in the webgui which takes care of that for you. Diagnostics: Edit File:

                            Steve

                            Thanks, Steve, for your correcting me. I've used the mount command in the past without any issuses. I was not aware of possible problems but like to learn :)

                            Peter

                            1 Reply Last reply Reply Quote 0
                            • G
                              Gabri.91
                              last edited by

                              @pvoigt:

                              I recently addressed the question of running Squid on a nanoBSD installation. There are some limitiations. I hope this thread my be helpful:
                              http://forum.pfsense.org/index.php/topic,59932.msg322453.html

                              Yes, I know that it works, I've already tested and used it. Increasing var and tmp size the only limitation is that you cannot do caching and you have to reload blacklist every time the box restarts, otherwise I have it in production without any problem..

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                @pvoigt:

                                I've used the mount command in the past without any issuses.

                                It's very unlikely to cause any problems.
                                Sometime during the development of 2.0 the mount script became broken in some conditions. This left the filesystem as RW which was not in itself a problem, Nano doesn't try to write anything anyway. However anyone using the mount command to set it RO immediately ran into trouble because the system could not longer re-mount the filesystem as RW via the script resulting in not being able to save any changes. This has of course been fixed for the release version but it's good practice to use the same method the system does to avoid any mistakes, IMHO.  ;)

                                Steve

                                1 Reply Last reply Reply Quote 0
                                • A
                                  alkyred
                                  last edited by

                                  I think with everyone's help I have this figured out, but I need a little more assistance.

                                  I have increased the size of the /var and /tmp inside the rc.embedded file and that has helped greatly with the importing of the blacklists however there is just not enough memory on the alix board.

                                  So here is my proposed fix:
                                  Add an external usb drive which will server as my /var and /tmp. In order to do this I need to change the rc.embedded file again. This file currently mounts sections of memory for /var and /tmp. The follow two lines do this:

                                  mdfs -S -M -s $(tmpsize) md /tmp

                                  and

                                  mdfs -S -M -s $(varsize) md /var

                                  Because I am not very familiar with FreeBSD I need help to change those lines so that it creates the directories on /dev/da0.

                                  If this solves my problems, I will make another post with the steps needed for anyone else to follow.

                                  Thanks in advance,

                                  Todd

                                  1 Reply Last reply Reply Quote 0
                                  • G
                                    Gabri.91
                                    last edited by

                                    You can do it (but I cannot help you because I don't know so much about BSD),
                                    the problem is that in tmp were written lots of data, so probably USB drive will be damaged after few time..

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      It's not as easy as just changing those lines. Creating a ramdisk does not require anything else. Using an external drive requires it to be formated correctly and mounted before you can use it. There have been a few posts about this recently, relating to using an external drive for a squid cache for Alix.

                                      http://doc.pfsense.org/index.php/Local_Disk_Storage_on_Embedded_%28soekris%29

                                      Steve

                                      1 Reply Last reply Reply Quote 0
                                      • A
                                        alkyred
                                        last edited by

                                        @stephenw10:

                                        It's not as easy as just changing those lines. Creating a ramdisk does not require anything else. Using an external drive requires it to be formated correctly and mounted before you can use it. There have been a few posts about this recently, relating to using an external drive for a squid cache for Alix.

                                        http://doc.pfsense.org/index.php/Local_Disk_Storage_on_Embedded_%28soekris%29

                                        Steve

                                        I have read the article you mentioned but it does not get me far enough.

                                        I have been able to mount the USB hard drive and it has already been formatted. I can mount the drive to /mnt but I just cannot figure out how to mount it to /tmp. The RC.embedded file sets up the /tmp folder to be loaded into a ramdisk but when I comment out that line and add /mount /dev/ufs/usbdisk /tmp it errors out.

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          alkyred
                                          last edited by

                                          I have solved my problem by following this article:

                                          http://mikepowells.net/tag/pfsense/

                                          Basically, I purchased a CF Micro Drive that allowed me to install the full version on pfsense. I don't know how long the Micro Drive will last so I am building a custom box to replace the ALIX boards. I am using an ITX board with dual NICs and an additions PCI slot for a DMZ if needed. The total cost is $348 which I don't think is to bad.

                                          Thanks for all the input.

                                          Todd

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.