Squid 3.3.10 para pfsense 2.0 e 2.1 com filtro de SSL/HTTPS
-
Grande Marcello,
Funciona com a versão 2.1? Pelo que entendi, se eu habilitar Proxy transparente na Lan, posso filtrar HTTPS nesta interface, correto?Sim e sim :)
Maravilha! Kudos! 8)
Tenho muita encrenca no horizonte nestes próximos 15 dias. Vou atualizar assim que possível e, depois disto, pode contar com feedback. -
Marcelo,
Fiz os procedimentos, desistalei o squid3, instalaei o squid3-dev, baixei as libs, no diretorio /usr/local/lib..
esta dando erro
May 13 20:45:06 php: /pkg_edit.php: The command '/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '/libexec/ld-elf.so.1: Shared object "libltdl.so.7" not found, required by "squid"' May 13 20:45:07 php: : SQUID is installed but not started. Not installing "nat" rules. May 13 20:45:07 php: : SQUID is installed but not started. Not installing "pfearly" rules. May 13 20:45:08 php: : SQUID is installed but not started. Not installing "filter" rules. May 13 20:45:16 check_reload_status: Reloading filter May 13 20:45:17 check_reload_status: Rewriting resolv.conf May 13 20:45:18 php: : SQUID is installed but not started. Not installing "nat" rules. May 13 20:45:18 php: : SQUID is installed but not started. Not installing "pfearly" rules. May 13 20:45:18 php: : SQUID is installed but not started. Not installing "filter" rules. May 13 20:45:20 php: : rc.newwanip: Failed to update opt1 IP, restarting... May 13 20:45:20 check_reload_status: Configuring interface opt1 May 13 20:45:28 check_reload_status: Rewriting resolv.conf May 13 20:45:31 php: : rc.newwanip: Failed to update opt1 IP, restarting... May 13 20:45:31 check_reload_status: Configuring interface opt1 May 13 20:45:39 check_reload_status: Rewriting resolv.conf
-
Shared object "libltdl.so.7" not found, required by "squid"'
pega ela do meu repositório pessoal
amd64
http://e-sac.siteseguro.ws/packages/amd64/8/All/libltdl-2.4.2.tbz
i386
http://e-sac.siteseguro.ws/packages/8/All/libltdl-2.4.2.tbzOu do repositorio oficial
amd64
http://files.pfsense.org/packages/amd64/8/All/libltdl-2.4.2.tbz
i386
http://files.pfsense.org/packages/8/All/libltdl-2.4.2.tbz -
Atualizei a instalação do pacote para já incluir a libltdl-2.4.2 na versão 2.0.x
Qual versão do pfsense você esta usando?
-
a versão é 2.0.3
-
a versão é 2.0.3
Ok. Basta seguir o procedimento que postei agora a pouco ou esperar uns 10 minutos e reinstalar o pacote.
-
fiz nova resintalação.. agora subiu.. mas o squidguard não.. deu erro
May 13 21:08:06 php: /pkg_edit.php: Reloading Squid for configuration sync May 13 21:08:06 php: /pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '2013/05/13 21:08:06| Warning: empty ACL: acl localnet src 2013/05/13 21:08:06| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2013/05/13 21:08:06| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2013/05/13 21:08:06| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost' 2013/05/13 21:08:06| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2013/05/13 21:08:06| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2013/05/13 21:08:06| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost' squid: ERROR: Could not send signal 1 to process 11137: (3) No such process' May 13 21:08:06 check_reload_status: Reloading filter May 13 21:08:08 php: : rc.newwanip: Failed to update opt1 IP, restarting... May 13 21:08:08 php: /pkg_edit.php: Reloading Squid for configuration sync May 13 21:08:08 check_reload_status: Configuring interface opt1 May 13 21:08:08 php: /pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '2013/05/13 21:08:08| Warning: empty ACL: acl localnet src 2013/05/13 21:08:08| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2013/05/13 21:08:08| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2013/05/13 21:08:08| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost' 2013/05/13 21:08:08| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2013/05/13 21:08:08| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2013/05/13 21:08:08| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost' squid: ERROR: Could not send signal 1 to process 11137: (3) No such process'
-
fiz nova resintalação.. agora subiu.. mas o squidguard não.. deu erro
Só vi warnings e um aviso que o squid não estava rodando.
Na versão 3.3, o squidguard só é executado sob demanda.
Tem como acertar isso, mas envolve alterações no squidguard. -
tem alguma ideia ??
-
tem alguma ideia ??
O squid está execuando? está ouvindo na porta que você configurou?
-
[2.0.3-RELEASE][admin@pfSensel]/usr/local/lib(11): netstat -na | grep "3128" tcp4 0 0 127.0.0.1.3128 *.* CLOSED tcp4 0 0 192.168.0.1.3128 *.* CLOSED
root 19474 0.0 0.3 36312 10916 ?? Is 9:05PM 0:00.00 /usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf proxy 20154 0.0 0.4 48604 16680 ?? I 9:05PM 0:00.04 (squid-1) -f /usr/local/etc/squid/squid.conf (squid)
-
Está funcionando…
-
mas o squidguard não..
-
Tentei de varias formas fazer o squid funcionar e o squidguard tambem.. a maquina simplesmente não navega.. e não loga
os acesso, mesmo com o squid ativo.Escolhi a opção transparente e não transparente.. escolhendo as intefaces "LAN"..
Gustavo
-
Tente sem o squidguard e veja nos logs do squid, principalmente o cache.log.
-
desabilitei a integração, reinstalei o pacote.. e nada
segue o log no cache.log
2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_SECURE_CONNECT_FAIL': (2) No such file or directory 2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups. 2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_UNSUP_HTTPVERSION': (2) No such file or directory 2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups. 2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_PRECONDITION_FAILED': (2) No such file or directory 2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups. 2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_CONFLICT_HOST': (2) No such file or directory 2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups. 2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_ESI': (2) No such file or directory 2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups. 2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_ICAP_FAILURE': (2) No such file or directory 2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups. 2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_GATEWAY_FAILURE': (2) No such file or directory 2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups. 2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/ERR_DIR_LISTING': (2) No such file or directory 2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups. 2013/05/14 20:32:44 kid1| '/usr/local/etc/squid/errors/Portuguese/error-details.txt': (2) No such file or directory 2013/05/14 20:32:44 kid1| Unable to load default error language files. Reset to backups. 2013/05/14 20:32:44 kid1| Logfile: opening log /var/squid/logs/access.log 2013/05/14 20:32:44 kid1| WARNING: log parameters now start with a module name. Use 'stdio:/var/squid/logs/access.log' 2013/05/14 20:32:44 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2013/05/14 20:32:44 kid1| Store logging disabled 2013/05/14 20:32:44 kid1| Swap maxSize 0 + 8192 KB, estimated 630 objects 2013/05/14 20:32:44 kid1| Target number of buckets: 31 2013/05/14 20:32:44 kid1| Using 8192 Store buckets 2013/05/14 20:32:44 kid1| Max Mem size: 8192 KB 2013/05/14 20:32:44 kid1| Max Swap size: 0 KB 2013/05/14 20:32:44 kid1| Using Least Load store dir selection 2013/05/14 20:32:44 kid1| Current Directory is /usr/local/www 2013/05/14 20:32:44 kid1| Loaded Icons. 2013/05/14 20:32:44 kid1| HTCP Disabled. 2013/05/14 20:32:44 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2013/05/14 20:32:44 kid1| sendto FD 19: (1) Operation not permitted 2013/05/14 20:32:44 kid1| ipcCreate: CHILD: hello write test failed
-
Consegue interpretar o que o log esta mostrando?
Mude a linguagem do relatório.
Subi uma atualização agora a pouco para corrigir os warnings de acl para 127.0.0.1. Basta reinstalar o pacote.
-
ja mudei. e continua sem acessar.. só acessa sem passar pelo proxy..
-
ja mudei. e continua sem acessar.. só acessa sem passar pelo proxy..
E o que tem nos logs? Passe mais informações para facilitar o diagnostico.
-
2013/05/14 21:52:04 kid1| Max Mem size: 8192 KB 2013/05/14 21:52:04 kid1| Max Swap size: 0 KB 2013/05/14 21:52:04 kid1| Using Least Load store dir selection 2013/05/14 21:52:04 kid1| Current Directory is /usr/local/www 2013/05/14 21:52:04 kid1| Loaded Icons. 2013/05/14 21:52:04 kid1| HTCP Disabled. 2013/05/14 21:52:04 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2013/05/14 21:52:04 kid1| sendto FD 19: (1) Operation not permitted 2013/05/14 21:52:04 kid1| ipcCreate: CHILD: hello write test failed
as telas