Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid - 3.3.5 not working?

    Scheduled Pinned Locked Moved pfSense Packages
    19 Posts 3 Posters 14.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Deadringers
      last edited by

      Hey all,

      Cannot get a transparent proxy working with Squid 3.3.5.

      I have it setup all right as far as I can tell but none of the client traffic is going through the proxy server…

      What am I doing wrong?

      screen shot of my settings:

      1 Reply Last reply Reply Quote 0
      • D
        Deadringers
        last edited by

        ahh Just seen this in the logs:
        no idea what it means though!?

        Jun 20 13:13:59 php: : SQUID is installed but not started. Not installing "filter" rules.
        Jun 20 13:13:59 php: : SQUID is installed but not started. Not installing "pfearly" rules.
        Jun 20 13:13:59 php: : SQUID is installed but not started. Not installing "nat" rules.
        Jun 20 13:13:56 check_reload_status: Reloading filter
        Jun 20 13:13:46 php: /pkg_edit.php: The command '/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '/libexec/ld-elf.so.1: Shared object "libgssapi.so.10" not found, required by "squid"'
        Jun 20 13:13:46 php: /pkg_edit.php: Starting Squid
        Jun 20 13:13:46 php: /pkg_edit.php: The command '/usr/local/etc/rc.d/clamav-clamd start' returned exit code '127', the output was '/usr/local/etc/rc.d/clamav-clamd: not found'
        Jun 20 13:13:46 php: /pkg_edit.php: The command '/usr/local/etc/rc.d/c-icap start' returned exit code '1', the output was 'Starting c_icap. su: unknown login: clamav /usr/local/etc/rc.d/c-icap: WARNING: failed to start c_icap'
        Jun 20 13:13:46 root: /usr/local/etc/rc.d/c-icap: WARNING: failed to start c_icap
        Jun 20 13:13:46 php: /pkg_edit.php: [Squid] - Squid_resync function call pr: bp: rpc:no
        Jun 20 13:13:46 check_reload_status: Syncing firewall
        Jun 20 13:12:48 php: : SQUID is installed but not started. Not installing "filter" rules.
        Jun 20 13:12:48 php: : SQUID is installed but not started. Not installing "pfearly" rules.
        Jun 20 13:12:48 php: : SQUID is installed but not started. Not installing "nat" rules.
        Jun 20 13:12:45 check_reload_status: Reloading filter
        Jun 20 13:12:37 php: : SQUID is installed but not started. Not installing "filter" rules.
        Jun 20 13:12:37 php: : SQUID is installed but not started. Not installing "pfearly" rules.
        Jun 20 13:12:37 php: : SQUID is installed but not started. Not installing "nat" rules.
        Jun 20 13:12:35 php: /pkg_edit.php: The command '/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '/libexec/ld-elf.so.1: Shared object "libgssapi.so.10" not found, required by "squid"'
        Jun 20 13:12:35 php: /pkg_edit.php: Starting Squid
        Jun 20 13:12:35 php: /pkg_edit.php: The command '/usr/local/etc/rc.d/clamav-clamd start' returned exit code '127', the output was '/usr/local/etc/rc.d/clamav-clamd: not found'
        Jun 20 13:12:35 php: /pkg_edit.php: The command '/usr/local/etc/rc.d/c-icap start' returned exit code '1', the output was 'Starting c_icap. su: unknown login: clamav /usr/local/etc/rc.d/c-icap: WARNING: failed to start c_icap'
        Jun 20 13:12:35 root: /usr/local/etc/rc.d/c-icap: WARNING: failed to start c_icap
        Jun 20 13:12:35 php: /pkg_edit.php: [Squid] - Squid_resync function call pr: bp: rpc:no
        Jun 20 13:12:35 check_reload_status: Syncing firewall
        Jun 20 13:12:35 check_reload_status: Reloading filter

        1 Reply Last reply Reply Quote 0
        • D
          Deadringers
          last edited by

          Right I have got it working now by downloading those missing files.

          HOWEVER.

          I cannot pass any traffic over the proxy!

          Using transparent proxy just doesn't work  :(

          settings are the same as above.

          Any ideas?

          1 Reply Last reply Reply Quote 0
          • T
            Tikimotel
            last edited by

            read the first post in this thread :
            http://forum.pfsense.org/index.php/topic,62256.0.html

            You need the libs offered my marcelloc. Download the appropriate version (386 / AMD64) and install them by hand (winSCP + chmod 755 ).

            1 Reply Last reply Reply Quote 0
            • D
              Deadringers
              last edited by

              Thanks I have the LIBs installed but now I just can't pass any traffic over the proxy.

              I can see that the proxy service has started.  but whether I use transparent proxy or point my PC to the proxy server/port it just doesn't work.

              1 Reply Last reply Reply Quote 0
              • T
                Tikimotel
                last edited by

                Do you mean : You can't browse with the client PC? or Do you think the proxy doesn't do anything?

                After installing the LIBs, did you use the dashboard to restart squid? or use the save button in the proxy server page?

                p.s. Clamav is NOT working!! (disable for now)

                1 Reply Last reply Reply Quote 0
                • D
                  Deadringers
                  last edited by

                  @Tikimotel:

                  Do you mean : You can't browse with the client PC? or Do you think the proxy doesn't do anything?

                  After installing the LIBs, did you use the dashboard to restart squid? or use the save button in the proxy server page?

                  I can't browse any page on my Client PC and I cannot see any of the squid logs indicating that traffic is being passed.
                  Also I restated the service, pressed save, and rebooted the FW to see if that helped - none of them did.

                  1 Reply Last reply Reply Quote 0
                  • T
                    Tikimotel
                    last edited by

                    Clamav is NOT working, please disable and only use squid options for now.

                    After squid has started does "/var/squid/logs/cache.log" contain new data?

                    1 Reply Last reply Reply Quote 0
                    • D
                      Deadringers
                      last edited by

                      @Tikimotel:

                      Clamav is NOT working, please disable and only use squid options for now.

                      After squid has started does "/var/squid/logs/cache.log" contain new data?

                      Right thanks done that - the new data below..seems it can't write to some directory or sometihng?

                      2013/06/20 18:32:44 kid1| helperOpenServers: Starting 5/8 'ssl_crtd' processes
                      2013/06/20 18:32:44 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
                      2013/06/20 18:32:44 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
                      2013/06/20 18:32:44 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
                      2013/06/20 18:32:44 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
                      2013/06/20 18:32:44 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
                      2013/06/20 18:32:44 kid1| Logfile: opening log /var/squid/logs/access.log
                      2013/06/20 18:32:44 kid1| WARNING: log parameters now start with a module name. Use 'stdio:/var/squid/logs/access.log'
                      2013/06/20 18:32:44 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
                      2013/06/20 18:32:44 kid1| Unlinkd pipe opened on FD 31
                      2013/06/20 18:32:44 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
                      2013/06/20 18:32:44 kid1| Store logging disabled
                      2013/06/20 18:32:44 kid1| Swap maxSize 7680000 + 524288 KB, estimated 631099 objects
                      2013/06/20 18:32:44 kid1| Target number of buckets: 31554
                      2013/06/20 18:32:44 kid1| Using 32768 Store buckets
                      2013/06/20 18:32:44 kid1| Max Mem  size: 524288 KB
                      2013/06/20 18:32:44 kid1| Max Swap size: 7680000 KB
                      2013/06/20 18:32:44 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
                      2013/06/20 18:32:44 kid1| Rejecting swap file v1 to avoid cache index corruption. Forcing a full cache index rebuild. See Squid bug #3441.
                      2013/06/20 18:32:44 kid1| Rebuilding storage in /var/squid/cache (no log)
                      2013/06/20 18:32:44 kid1| Using Least Load store dir selection
                      2013/06/20 18:32:44 kid1| Current Directory is /usr/local/www
                      2013/06/20 18:32:44 kid1| Loaded Icons.
                      2013/06/20 18:32:44 kid1| HTCP Disabled.
                      2013/06/20 18:32:44 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
                      2013/06/20 18:32:44 kid1| sendto FD 39: (1) Operation not permitted
                      2013/06/20 18:32:44 kid1| ipcCreate: CHILD: hello write test failed

                      1 Reply Last reply Reply Quote 0
                      • D
                        Deadringers
                        last edited by

                        my settings:  nothing wrong with them?

                        1 Reply Last reply Reply Quote 0
                        • marcellocM
                          marcelloc
                          last edited by

                          What version of pfsense you have?

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • D
                            Deadringers
                            last edited by

                            2.0.3-RELEASE (amd64)
                            built on Fri Apr 12 10:27:15 EDT 2013
                            FreeBSD 8.1-RELEASE-p13

                            You are on the latest version.

                            :)

                            1 Reply Last reply Reply Quote 0
                            • marcellocM
                              marcelloc
                              last edited by

                              Enable ipv6 and see if works.

                              Treinamentos de Elite: http://sys-squad.com

                              Help a community developer! ;D

                              1 Reply Last reply Reply Quote 0
                              • D
                                Deadringers
                                last edited by

                                okay that looks to be working….

                                Just one weird thing...

                                So I have a few servers here, desktop PC and my laptop.

                                Seems my laptop is the only one which is still getting the web pages but not going through the proxy?!

                                all the others I can see the traffic going throuhg the proxy...just not the laptop!?

                                1 Reply Last reply Reply Quote 0
                                • D
                                  Deadringers
                                  last edited by

                                  Ignore that last one!

                                  All working :)

                                  Just one thing - now im getting

                                  The site's security certificate is not trusted!

                                  when visiting https sites - are my settings wrong on this?
                                  Thanks for your help!

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    Deadringers
                                    last edited by

                                    hmm just seen this:

                                    "Install the CA crt as an trusted ca on each computer you want to filter ssl to avoid ssl error on each connection."

                                    Not really worth it for me - Can I disable ssl man in the middle filtering or did I read somewhere that transparent proxy doesn't work without SSL interception also>

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      Deadringers
                                      last edited by

                                      Ha not working again!

                                      Not having much luck with this squid…

                                      Error messages in log:

                                      Jun 20 23:38:33 squid[45037]: Squid Parent: (squid-1) process 46711 exited with status 1
                                      Jun 20 23:38:33 (squid-1): msgget failed
                                      Jun 20 23:38:32 squid[45037]: Squid Parent: (squid-1) process 46711 started
                                      Jun 20 23:38:29 squid[45037]: Squid Parent: (squid-1) process 45612 exited with status 1
                                      Jun 20 23:38:29 (squid-1): msgget failed
                                      Jun 20 23:38:29 squid[45037]: Squid Parent: (squid-1) process 45612 started
                                      Jun 20 23:38:29 squid[45037]: Squid Parent: will start 1 kids
                                      Jun 20 23:38:27 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: ERROR: Could not send signal 15 to process 3384: (3) No such process'
                                      Jun 20 23:38:26 squid[46131]: Squid Parent: (squid-1) process 21999 exited with status 1
                                      Jun 20 23:38:26 (squid-1): msgget failed
                                      Jun 20 23:38:25 squid[46131]: Squid Parent: (squid-1) process 21999 started
                                      Jun 20 23:38:22 squid[46131]: Squid Parent: (squid-1) process 53784 exited with status 1
                                      Jun 20 23:38:22 (squid-1): msgget failed

                                      1 Reply Last reply Reply Quote 0
                                      • marcellocM
                                        marcelloc
                                        last edited by

                                        @Deadringers:

                                        hmm just seen this:

                                        "Install the CA crt as an trusted ca on each computer you want to filter ssl to avoid ssl error on each connection."

                                        Not really worth it for me - Can I disable ssl man in the middle filtering or did I read somewhere that transparent proxy doesn't work without SSL interception also>

                                        Check what part of certificate ssl is not working. Ca or common name?

                                        Treinamentos de Elite: http://sys-squad.com

                                        Help a community developer! ;D

                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          Deadringers
                                          last edited by

                                          Right well a reboot of the firewall sorted out the problem.

                                          Have to say I didn't get along with squid.
                                          I found the performance tweaks here on the forum and through google.  Still not good IMO.

                                          Pages were taking too long to load, youtube (and other sites) videos were also affected slightly even though I hadn't turned on dynamic caching.

                                          So I have un-installed squid for now.  I might create a stand alone squid server at some point but who knows.

                                          Thanks for your time mate :)

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.