Squid3-dev not working



  • Hello everyone,

    I have a PfSense 2.1.5 cluster running successfully as a Firewall with almost 250 users. OpenVPN, IPSEC and DHCP is also configured and working fine. Yesterday, checking the log files, I realized that my Squid3 stopped working about a month ago so I upgraded to Squid3-dev hoping to solve the problem. It didn't work! I checked the forum looking for known problems and did everything other users recommended to do, but still no luck.

    Here is my Squid configuration:



    Checking /var/squid/logs I only have this files:

    access.log
    cache.log
    netdb.stat
    squid.pid
    store.log

    access.log has no info so I guess the proxy is not working. cache.log onlye shows this information when I restart the service:

    2014/08/29 08:28:10 kid1| Starting Squid Cache version 3.3.10 for i386-portbld-freebsd8.3...
    2014/08/29 08:28:10 kid1|  parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/es/error-details.txt
    2014/08/29 08:28:10 kid1| Unable to load default error language files. Reset to backups.
    2014/08/29 08:28:10 kid1|  parse error while reading template file: /usr/pbi/squid-i386/etc/squid/errors/templates/error-details.txt
    2014/08/29 08:28:10 kid1| WARNING: failed to find or read error text file error-details.txt
    

    Ipv6 is enabled, downloaded additional packages, etc.

    I must be missing something… anyone can help me?

    Thanks a lot.



  • I don't have a quick answer to your problem, but I would avoid squid3-dev.  Uninstall it, clean up all the files and then try reinstalling squid3.  There is a forum post or two on how to completely remove squid before you reinstall.



  • Ok, got it.

    • Disabled transparent proxy -> saved

    • Restarted service

    • Enabled transparent proxy -> saved

    • Restarted service

    Now it is working.

    Why to avoid this package? It has a "beta" status as has squid3… are there any other known problems?

    Thanks a lot.



  • Squid3-dev is marked as experimental and it seems to be pretty fragile.  There are lots of forum posts from people who got it into a situation where it was completely broken.  I had this same problem once and went back to Squid2.  I just recently moved up to Squid 3.1.20.

    However, if it is working for you then that's great.  I just wouldn't use it for production, or play with it too much once you have it stable.



  • I was using squid3-dev for awhile myself but after a few firmware updates and other changes, it has been really been unstable. I've downgraded to squid3 and its been working fine for me.. The only feature I miss with squid3-dev is the built-in clamav. Other then that, I dont use any other features… Yeah, man-in-middle for SSL is nice if there is case for it but most networks probably wont been it...



  • Squid3-dev is not longer marked as experimental, now it is beta as it is squid3.

    I have another question… since I got the transparent proxy working, it seems to not following my lan rules anymore. I have multi WAN, one for users and one for servers. Now all the traffic is getting through the default wangw.

    Any ideas?



  • Squid3-dev is not longer marked as experimental, now it is beta as it is squid3.

    Hmm, so it is.  I still wouldn't touch it.



  • I'll take your advice and downgrade to squid3…. regarding the fw rules...  do you have any suggestions?



  • I don't have any multiWAN experience, sorry, but I do know others have had issues sometimes.  Search these forums for 'squid multiwan' and see what comes up.

    I know that transparent mode adds a hidden rule that redirects all port 80 traffic to port 3128 (Squid).



  • @jakobeissler:

    Squid3-dev is not longer marked as experimental, now it is beta as it is squid3.

    I have another question… since I got the transparent proxy working, it seems to not following my lan rules anymore. I have multi WAN, one for users and one for servers. Now all the traffic is getting through the default wangw.

    Any ideas?

    I'm not sure if it's possible using squid in transparent mode… I recall a couple of how-tos on the forum if you search but they were for non-transparent mode i believe



  • I downgraded to squid3, it is working fine as before. But I still have the problem with the lan rules… it was working before upgrading to squi3... now it does not.

    Thanks.



  • Got it… in squid had to add a few custom opcions... like this:

    acl LAN1 src 192.168.1.0/24;tcp_outgoing_address 164.67.234.231 LAN1;

    All working now. Thanks.