Squid not working after ip address change

ska303 · Aug 11, 2014, 10:25 AM

Hi guys,
i am just setting up a fresh install of the latest pfSense to use it as a Proxy.

Everything used to work fine until i changed the ip of the LAN Interface from our test network to the real network.
I can still access the pfSense WebGUI and can see that squid is still running and binded to the correct Interface.
Still, squid won't work at all.

What I did already:

Restart the squid Service several times
Reboot the physical Server where pfSense is running
Removed lightsquid and squid and installed them again.

Is there anything I can try now to get squid working again?

Any help is greatly appreciated.

Thanks in advance.

Sandro

KOM · Aug 11, 2014, 1:27 PM

Try uninstalling, deleting the config and install again:

https://forum.pfsense.org/index.php?topic=78521.0

ska303 · Aug 11, 2014, 2:33 PM

Hi KOM,
thanks for the quick reply.

Unfortunately that didn't do the trick.

I can see that I successfully deleted the Settings with the script mentioned in the thread you linked me to.
I also made sure that all squid-related files in /var/squid and /usr/local/pkg are gone.

Re-installed squid only (without lightsquid to make sure it doesnt conflict), but still no joy.
Anything else I could try?

Like, is there a way to find out, if my browser tries to communicate with the pfSense at all? Firewall logs e.g.?

Thank you again.

<edit>I just set up a Firewall rule that would allow any TCP traffic to my pfSense on port 3128. Now I get at least an error message.

While trying to retrieve the URL: http://pfsense.org/ 

The following error was encountered: 
•  Access Denied.  
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. 

Your cache administrator is admin@localhost.

Maybe this helps to find my issue?

Sandro</edit>

KOM · Aug 11, 2014, 2:58 PM

Can I assume that you have Allow users on interface checked in Services - Proxy server - General?? Squid may have gotten confused. What happens if you add your LAN subnet to Services - Proxy server - Access Control - Allowed subnets?

ska303 · Aug 12, 2014, 11:45 AM

Did all of that.
Now i just did a backup of my config (excluding any squid Settings), did a factory reset and restored my config.
Same result, Squid doesnt react at all.

Can i just post my XML somewhere and let you have a look at it?

Thank you.

KOM · Aug 12, 2014, 1:13 PM

Squid is just a caching proxy, so if you're getting access denied errors then that tells me that Squid doesn't think your subnet is allowed to access it.

Is there anything in Status - System Logs - System - General - (filter on 'squid' at the bottom)?

Stewart · Sep 4, 2014, 10:08 PM

Try looking at the lines:
http_port
and
acl localnet src
in
/usr/pbi/squid-amd64/etc/squid/squid.conf

to see if the addresses need changing in there.

jclarkv · Sep 9, 2014, 1:47 AM

I had been trying and failing to set up squid and squidguard when my LAN was set up to use 172.31.1.0/24.

I reset to factory defaults and left all at 192.168.1.0/24 and the installation went fine.