I am now creating new DansGuardian and Squid3 binaries.



  • No luck on my end, but I am running the latest beta…

    2.2-BETA (amd64)
    built on Fri Nov 07 13:54:45 CST 2014
    FreeBSD 10.1-RC4-p1

    squid3-dev
    3.3.11_1 pkg 2.2.8

    Last 50 system log entries
    Nov 8 11:42:45 php-fpm[50841]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "filter" rules.
    Nov 8 11:42:44 php-fpm[50841]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "pfearly" rules.
    Nov 8 11:42:44 php-fpm[50841]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "nat" rules.
    Nov 8 11:42:43 check_reload_status: Reloading filter
    Nov 8 11:42:33 kernel: pid 85517 (squid), uid 0: exited on signal 11 (core dumped)
    Nov 8 11:42:33 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
    Nov 8 11:42:32 php-fpm[92516]: /pkg_edit.php: Starting Squid
    Nov 8 11:42:32 kernel: pid 81637 (squid), uid 0: exited on signal 11 (core dumped)
    Nov 8 11:42:32 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -z -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
    Nov 8 11:42:31 kernel: pid 77608 (squid), uid 0: exited on signal 11 (core dumped)
    Nov 8 11:42:31 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k kill -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
    Nov 8 11:42:26 kernel: pid 57759 (squid), uid 0: exited on signal 11 (core dumped)
    Nov 8 11:42:26 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k shutdown -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
    Nov 8 11:42:25 php-fpm[92516]: /pkg_edit.php: Creating squid cache subdirs in /var/squid/cache
    Nov 8 11:42:25 php-fpm[25084]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "filter" rules.
    Nov 8 11:42:25 php-fpm[25084]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "pfearly" rules.
    Nov 8 11:42:25 php-fpm[25084]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "nat" rules.
    Nov 8 11:42:24 php-fpm[25084]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "filter" rules.
    Nov 8 11:42:24 php-fpm[25084]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "pfearly" rules.
    Nov 8 11:42:24 php-fpm[25084]: /rc.filter_configure_sync: SQUID is installed but not started. Not installing "nat" rules.
    Nov 8 11:42:24 php-fpm[92516]: /pkg_edit.php: [Squid] - Squid_resync function call pr: bp: rpc:no
    Nov 8 11:42:24 check_reload_status: Reloading filter
    Nov 8 11:42:24 check_reload_status: Syncing firewall
    Nov 8 11:42:13 kernel: pid 39066 (squid), uid 0: exited on signal 11 (core dumped)
    Nov 8 11:42:13 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
    Nov 8 11:42:12 php-fpm[92516]: /pkg_edit.php: Starting Squid
    Nov 8 11:42:12 kernel: pid 34816 (squid), uid 0: exited on signal 11 (core dumped)
    Nov 8 11:42:12 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -z -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
    Nov 8 11:42:12 kernel: pid 31211 (squid), uid 0: exited on signal 11 (core dumped)
    Nov 8 11:42:12 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k kill -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
    Nov 8 11:42:06 kernel: pid 27894 (squid), uid 0: exited on signal 11 (core dumped)
    Nov 8 11:42:06 php-fpm[92516]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k shutdown -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '139', the output was ''
    Nov 8 11:42:06 php-fpm[92516]: /pkg_edit.php: Creating squid cache subdirs in /var/squid/cache
    Nov 8 11:42:04 php-fpm[92516]: /pkg_edit.php: [Squid] - Squid_resync function call pr: bp: rpc:no
    Nov 8 11:41:20 kernel: pid 93914 (squid), uid 0: exited on signal 11 (core dumped)
    Nov 8 11:41:15 syslogd: kernel boot file is /boot/kernel/kernel



  • @Escorpiom:

    Today, a new Squid package was made available.
    As I was feeling adventurous, decided to hit the pkg button and….
    Installed just fine, all configs retained. No errors.

    I haven't tried to update the beta snapshot yet, better wait until it gets final.
     
    Cheers.

    That update for squid3 (3.1) and squid-dev (3.3) was just to add some extra checks to swapstate_check.php that were in squid (2) but had never been put into the newer squid versions. It does not effect any squid functionality, and has no change to the binaries. So it won't help any issues with running on 2.2-BETA,



  • Fix for Squid. Needs to be run on each box. Survives a reboot. Survives an update to latest beta, as far as I can tell.

    Open a command prompt:

    
    cd /usr/pbi/squid-amd64
    
    ```- for x64
    
    –- or ---
    
    

    cd /usr/pbi/squid-i386

    
    then:
    
    

    cp -R local/etc local/lib local/libexec /usr/

    
    I'm doing this from memory, so please do this on a test box, Virtual Machine, etc. and make a backup or snapshot first. I did this several days ago, and I copied only one folder at a time. I tried to condense the instructions to make it easier. Please let me know if I made a typo.
    
    You then will need to reboot your pfSense box. I was unable to use the Web interface until I did so. YMMV.


  • That's not a good fix, that'll leave behind files in places where they shouldn't be. The root cause of that issue is being looked into. If you need an immediate work around on 2.2, I guess that's OK, but you're going to want to blow away the system and reinstall from scratch once the root issue is fixed if you do that. Or know exactly what you copied into /usr/ and manually remove only those files.



  • Hi!
    I'am trying to install squid and DG on pfSense 2.2 Beta
    DG isn't working

    To run squid I do:

    
    ln -s /lib/libmd.so.6 /usr/lib/libmd5.so.1
    ln -s /usr/pbi/squid-amd64/local/etc/squid /usr/local/etc/squid
    ln -s /usr/pbi/squid-amd64/local/libexec/squid /usr/local/libexec/squid
    
    

    After that squid starting and working, but DG and squid-guard doesn't work!
    Squid transparent proxy with HTTPS doesn't work!
    Does filtering working on pfSense 2.2. Beta?



  • Squidguard + Squid dev does work, with the workaround.
    As 2.2 is still in beta, you will have to wait until issues have been resolved.

    Cheers.



  • @hmh:

    Hi!
    I'am trying to install squid and DG on pfSense 2.2 Beta
    DG isn't working

    To run squid I do:

    
    ln -s /lib/libmd.so.6 /usr/lib/libmd5.so.1
    ln -s /usr/pbi/squid-amd64/local/etc/squid /usr/local/etc/squid
    ln -s /usr/pbi/squid-amd64/local/libexec/squid /usr/local/libexec/squid
    
    

    After that squid starting and working, but DG and squid-guard doesn't work!
    Squid transparent proxy with HTTPS doesn't work!
    Does filtering working on pfSense 2.2. Beta?

    If you are going to use DansGuardian, don't use transparent mode with Squid. If you want to use SSL Filtering, set Squid to use the same port for SSL as for regular traffic.

    Squid defaults to port 3128 for regular traffic, and 3129 for SSL traffic. Change them so they both are 3128, for example. You then need to go into your computer's proxy settings, and enable the use of a proxy, and set the proxy server to be your router's IP address, and the port to the one on which DansGuardian is listening, usually port 8080.

    I highly recommend changing the Web UI port to something other than 443 or 80.



  • aaronouthier, why is it not recommended to use Squid transparent with DansGuardian enabled?
    Any reason particular? I've got it set up like that at the moment.

    Cheers.



  • @Escorpiom:

    aaronouthier, why is it not recommended to use Squid transparent with DansGuardian enabled?
    Any reason particular? I've got it set up like that at the moment.

    Cheers.

    Because the flow for DansGuardian is supposed to go Browser -> DansGuardian -> Squid -> Internet. However, with Transparent mode enabled, it forces Browser -> Squid -> Internet.

    Using transparent mode bypasses DansGuardian.

    Using SquidGuard should work with Squid in transparent mode, but not DansGuardian. Still, I could be wrong.

    To test this, download a blacklist for DansGuardian, and enable a category to block, such as "Warez". Then go to a site which should be blocked, like the pirate bay, etc. If Squid is in transparent mode, then the site won't be blocked. Disable Transparent mode, and setup a manual proxy from IE settings. Violla, Blocked!



  • Thanks for explaining. I remember having seen other posts regarding the issue.
    Squidguard is indeed working.

    Cheers.


Log in to reply