Squid 3.3.10 + squidGuard



  • I had some time to kill today so I tried 3.3.10. It seemed to install fine with the extra libs from marcello's site, but I couldn't get any traffic to go through it and I couldn't get it to play nice with squidGuard.

    Old setup:

    squid 3.1.20 pkg 2.0.6
    squidGuard-squid3 1.4_4 v.1.9.5

    I tried this squidGuard and squidGuard-devel 1.5_1 beta thinking the higher version number might mean there was some code in there capable of 3.3.10. But all I got (with either squidGuard) was error logs like this:

    The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'

    Curiously, I got this from the command line as well although squid 3.3.10 was definitely running (pfSense gui told me so and so did ps -x | grep squid).

    I've fallen back to my old squid now but I was curious if anyone has 3.3.10 running with squidGuard? I am using squidGuard for finer grained ACL control so I kind of need both.



  • What you get with squid -k parse and netstat -an |grep -i listen?



  • I will have to reinstall 3.3.10 to test the output of those two.

    Should squidGuard work with 3.3.10? If so I'll try again, otherwise there's not much point going to the effort.



  • Yes squidguard for ver 3 works with squid-dev latest.



  • Thanks exo.

    I tried again. I left squidGuard3 installed, uninstalled squid 3.1.20, installed 3.3.10 and rebooted.

    @marcelloc:

    What you get with squid -k parse …

    @marcelloc:

    … and netstat -an |grep -i listen?

    It's in transparent mode, but it's not listening on port 3128 (my configured port). You can see it's processing those ports, up near the top of the output of squid -k parse where I blanked out my interface IPs. But then not listening to them for some reason.

    Squid 3.1.20 is listening to 3128, on localhost and on each of my interfaces (also transparent mode, also listening on port 80). Here's the output from 3.1.20:

    Each time I try to change a config option in squid 3.3.10 or squidGuard gui, I get the same error:

    But there is a running copy:

    And which squid gives /usr/local/sbin/squid, as expected.



  • did you tried to stop squid daemon and then start it again?

    Can you test it with ipv6 enabled on pfsense system advanced options?



  • I rebooted after installing 3.3.10 but didn't try to explicitly kill and restart squid after rebooting.

    I forget why I have IPv6 disabled but there was some reason. I will try again with it enabled.



  • Hmm, interesting.

    Uninstalled 3.1.20
    Installed 3.3.10
    Rebooted

    Enabled IPv6 - squid not working

    ps -ax | grep squid now has three results (incl. the grep result)
    kill pid_squid_1
    kill pid_squid_2
    save a squid config from the gui (to restart)

    And it works!

    Reboot, not working at first, then save config and it works.

    Reboot again, working straight away.

    I still don't see how e.g. an old squid 3.1.20 daemon could possibly have survived between reboots on upgrading to 3.3.10, or whatever was going wrong.

    I'm also getting some weird lighttpd errors, from the lighttpd running the pfSense webgui. I'm not sure if that's a symptom.

    I'll stick with 3.3.10 for a while and see how it performs for me.

    Thanks marcelloc.



  • Hey all,

    I seem to be facing a similar issue, was wondering if any of you had any further insight. For the record, I'm running Squid 2.7.9 pkg v.4.3.6.

    Here's the output to some of the commands mentioned previously:

    php-fpm[27821]: /rc.start_packages: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure' returned exit code '1', the output was 'squid: ERROR: No running copy'

    But when I change something in the proxy configuration and save it, I only see the following in the logs:

    php-fpm[96582]: /pkg_edit.php: Reloading Squid for configuration sync

    I think this means it's working, but whenever my box reboots I see the "No running copy" error. Is this just a sham or is something really off?


Log in to reply