Squid not working after ip address change



  • Hi guys,
    i am just setting up a fresh install of the latest pfSense to use it as a Proxy.

    Everything used to work fine until i changed the ip of the LAN Interface from our test network to the real network.
    I can still access the pfSense WebGUI and can see that squid is still running and binded to the correct Interface.
    Still, squid won't work at all.

    What I did already:

    • Restart the squid Service several times
    • Reboot the physical Server where pfSense is running
    • Removed lightsquid and squid and installed them again.

    Is there anything I can try now to get squid working again?

    Any help is greatly appreciated.

    Thanks in advance.

    Sandro



  • Try uninstalling, deleting the config and install again:

    https://forum.pfsense.org/index.php?topic=78521.0



  • Hi KOM,
    thanks for the quick reply.

    Unfortunately that didn't do the trick.

    I can see that I successfully deleted the Settings with the script mentioned in the thread you linked me to.
    I also made sure that all squid-related files in /var/squid and /usr/local/pkg are gone.

    Re-installed squid only (without lightsquid to make sure it doesnt conflict), but still no joy.
    Anything else I could try?

    Like, is there a way to find out, if my browser tries to communicate with the pfSense at all? Firewall logs e.g.?

    Thank you again.

    <edit>I just set up a Firewall rule that would allow any TCP traffic to my pfSense on port 3128. Now I get at least an error message.

    While trying to retrieve the URL: http://pfsense.org/ 
    
    The following error was encountered: 
    •  Access Denied.  
    Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. 
    
    Your cache administrator is admin@localhost. 
    

    Maybe this helps to find my issue?

    Sandro</edit>



  • Can I assume that you have Allow users on interface checked in Services - Proxy server - General??  Squid may have gotten confused.  What happens if you add your LAN subnet to Services - Proxy server - Access Control - Allowed subnets?



  • Did all of that.
    Now i just did a backup of my config (excluding any squid Settings), did a factory reset and restored my config.
    Same result, Squid doesnt react at all.

    Can i just post my XML somewhere and let you have a look at it?

    Thank you.



  • Squid is just a caching proxy, so if you're getting access denied errors then that tells me that Squid doesn't think your subnet is allowed to access it.

    Is there anything in Status - System Logs - System - General - (filter on 'squid' at the bottom)?



  • Try looking at the lines:
    http_port
    and
    acl localnet src
    in
    /usr/pbi/squid-amd64/etc/squid/squid.conf

    to see if the addresses need changing in there.



  • I had been trying and failing to set up squid and squidguard when my LAN was set up to use 172.31.1.0/24.

    I reset to factory defaults and left all at 192.168.1.0/24 and the installation went fine.


Log in to reply