Squid does not work

guep

Hi there everyone.
I am new on this forum and pfsense and i tried to find a answer in some other postings, but i did not find the right one.
my system:
2.1.5-RELEASE (i386) built on Mon Aug 25 07:44:26 EDT 2014
FreeBSD 8.3-RELEASE-p16 > full install on a 40GB HD
installed package:
squid 2.7.9 pkg v.4.3.4

My problem is, squid does not work correctly.
i configured squid for transparent mode like the howto on pfsense.org and insert a nat rule:

Inf:LAN > Prot:TCP > SrcAdr:* >  SrcPort:* > DestAdr:* > DestPort:80 > NAT-IP:192.168.1.1 > NAT-Port: 3128

but every time i try to open a website, i become the following message in the browser
window:

ERROR
The requested URL could not be retrieved

_While trying to process the request:

GET / HTTP/1.1
Host: google.at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PREF=ID=f5266164f2f8ee1b:U=a1088c39fb2ef1e0:FF=0:TM=1417202611:LM=1417202649:S=oogV_gqyManemQc_; NID=67=DzEvJhruLfMZLCa-WFgTCV3JhgZOibqelCYuY1VmOtYgOos2pnpg3LyrgL_gLdHF0tbzwo4FAhWTXQAmuy5w9x2KJ7bWYWvMHvWWuTGg3jN9AbEStk-4AA0PrlO0V59z; OGPC=4061130-1:
Connection: keep-alive

The following error was encountered:

Invalid Request

Some aspect of the HTTP Request is invalid. Possible problems:

Missing or unknown request method
    Missing URL
    Missing HTTP Identifier (HTTP/1.0)
    Request is too large
    Content-Length missing for POST or PUT requests
    Illegal character in hostname; underscores are not allowed_
i hope someone of you can help me to solve this problem.
if squid works correct i also wants to install squidguard.

regards
Günter

KOM

When you install Squid and elect Transparent mode, pfSense adds a hidden NAT rule to do the redirection so you don't have to do it yourself.  I installed and used several versions of Squid and SquidGuard under pfSense , and they certainly do work.

guep

thank you for your fast response.

i tried to delete the nat-rule, but i had the same browser massage.
after that, i tried to deactivate transparent modus and aktivate the proxy in my browser.
i also have the same results.

regards
Günter

KOM

My suggestion may not relate to the problem you are having, but I wanted you to know that you didn't need to manually add the rule to redirect port 80 to 3128.  What were you accessing to generate the 'Request is too large' error?

guep

i only tried to open www.google.at or some other sites.

KOM

Hmm.  You might try removing Squid and then reinstall it.  You may have to manually clear out any files left behind after you remove the package.  Search the forums on how to remove or uninstall squid fully and you should find some details.  But before you do that, is there anything in your System log?  If you connect via SSH and run the command:

squid -k check

What output do you get?

guep

yesterday i installed pfsense again, because with my first installation i had the same errors. so this is a default installation, only squid is installed and some firewall rules are configured.

now, squid runs without "transparent"-mode, but still same error-message
i cleared the cache manually and restart squid.

squid -k check > no output

here the cache.log :

2014/11/28 22:40:45| logfileOpen: opening log /var/squid/logs/access.log
2014/11/28 22:40:45| Store logging disabled
2014/11/28 22:40:45| Referer logging is disabled.
2014/11/28 22:40:45| DNS Socket created at 0.0.0.0, port 42277, FD 7
2014/11/28 22:40:45| Adding domain localdomain from /etc/resolv.conf
2014/11/28 22:40:45| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/11/28 22:40:45| Adding nameserver 195.3.96.67 from /etc/resolv.conf
2014/11/28 22:40:45| Adding nameserver 213.33.98.136 from /etc/resolv.conf
2014/11/28 22:40:45| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 9.
2014/11/28 22:40:45| Accepting HTCP messages on port 4827, FD 10.
2014/11/28 22:40:45| Accepting SNMP messages on port 3401, FD 12.
2014/11/28 22:40:45| WCCP Disabled.
2014/11/28 22:40:45| Loaded Icons.
2014/11/28 22:40:45| Ready to serve requests.
2014/11/28 22:40:48| Reconfiguring Squid Cache (version 2.7.STABLE9)…
2014/11/28 22:40:48| FD 9 Closing HTTP connection
2014/11/28 22:40:48| FD 10 Closing HTCP socket
2014/11/28 22:40:48| FD 12 Closing SNMP socket
2014/11/28 22:40:48| logfileClose: closing log /var/squid/logs/access.log
2014/11/28 22:40:48| Including Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
2014/11/28 22:40:48| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
2014/11/28 22:40:48| Initialising SSL.
2014/11/28 22:40:48| logfileOpen: opening log /var/squid/logs/access.log
--More--(26%)2014/11/28 22:40:45| logfileOpen: opening log /var/squid/logs/access.log
2014/11/28 22:40:45| Store logging disabled
2014/11/28 22:40:45| Referer logging is disabled.
2014/11/28 22:40:45| DNS Socket created at 0.0.0.0, port 42277, FD 7
2014/11/28 22:40:45| Adding domain localdomain from /etc/resolv.conf
2014/11/28 22:40:45| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/11/28 22:40:45| Adding nameserver 195.3.96.67 from /etc/resolv.conf
2014/11/28 22:40:45| Adding nameserver 213.33.98.136 from /etc/resolv.conf
2014/11/28 22:40:45| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 9.
2014/11/28 22:40:45| Accepting HTCP messages on port 4827, FD 10.
2014/11/28 22:40:45| Accepting SNMP messages on port 3401, FD 12.
2014/11/28 22:40:45| WCCP Disabled.
2014/11/28 22:40:45| Loaded Icons.
2014/11/28 22:40:45| Ready to serve requests.
2014/11/28 22:40:48| Reconfiguring Squid Cache (version 2.7.STABLE9)...
2014/11/28 22:40:48| FD 9 Closing HTTP connection
2014/11/28 22:40:48| FD 10 Closing HTCP socket
2014/11/28 22:40:48| FD 12 Closing SNMP socket
2014/11/28 22:40:48| logfileClose: closing log /var/squid/logs/access.log
2014/11/28 22:40:48| Including Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
2014/11/28 22:40:48| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
2014/11/28 22:40:48| Initialising SSL.
2014/11/28 22:40:48| logfileOpen: opening log /var/squid/logs/access.log
2014/11/28 22:40:48| Store logging disabled
2014/11/28 22:40:48| Referer logging is disabled.
2014/11/28 22:40:48| DNS Socket created at 0.0.0.0, port 43586, FD 7
2014/11/28 22:40:48| Adding domain localdomain from /etc/resolv.conf
2014/11/28 22:40:48| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/11/28 22:40:48| Adding nameserver 195.3.96.67 from /etc/resolv.conf
--More--(33%)2014/11/28 22:40:45| logfileOpen: opening log /var/squid/logs/access.log
2014/11/28 22:40:45| Store logging disabled
2014/11/28 22:40:45| Referer logging is disabled.
2014/11/28 22:40:45| DNS Socket created at 0.0.0.0, port 42277, FD 7
2014/11/28 22:40:45| Adding domain localdomain from /etc/resolv.conf
2014/11/28 22:40:45| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/11/28 22:40:45| Adding nameserver 195.3.96.67 from /etc/resolv.conf
2014/11/28 22:40:45| Adding nameserver 213.33.98.136 from /etc/resolv.conf
2014/11/28 22:40:45| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 9.
2014/11/28 22:40:45| Accepting HTCP messages on port 4827, FD 10.
2014/11/28 22:40:45| Accepting SNMP messages on port 3401, FD 12.
2014/11/28 22:40:45| WCCP Disabled.
2014/11/28 22:40:45| Loaded Icons.
2014/11/28 22:40:45| Ready to serve requests.
2014/11/28 22:40:48| Reconfiguring Squid Cache (version 2.7.STABLE9)...
2014/11/28 22:40:48| FD 9 Closing HTTP connection
2014/11/28 22:40:48| FD 10 Closing HTCP socket
2014/11/28 22:40:48| FD 12 Closing SNMP socket
2014/11/28 22:40:48| logfileClose: closing log /var/squid/logs/access.log
2014/11/28 22:40:48| Including Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
2014/11/28 22:40:48| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
2014/11/28 22:40:48| Initialising SSL.
2014/11/28 22:40:48| logfileOpen: opening log /var/squid/logs/access.log
2014/11/28 22:40:48| Store logging disabled
2014/11/28 22:40:48| Referer logging is disabled.
2014/11/28 22:40:48| DNS Socket created at 0.0.0.0, port 43586, FD 7
2014/11/28 22:40:48| Adding domain localdomain from /etc/resolv.conf
2014/11/28 22:40:48| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/11/28 22:40:48| Adding nameserver 195.3.96.67 from /etc/resolv.conf
2014/11/28 22:40:48| Adding nameserver 213.33.98.136 from /etc/resolv.conf
--More--(34%)2014/11/28 22:40:45| logfileOpen: opening log /var/squid/logs/access.log
2014/11/28 22:40:45| Store logging disabled
2014/11/28 22:40:45| Referer logging is disabled.
2014/11/28 22:40:45| DNS Socket created at 0.0.0.0, port 42277, FD 7
2014/11/28 22:40:45| Adding domain localdomain from /etc/resolv.conf
2014/11/28 22:40:45| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/11/28 22:40:45| Adding nameserver 195.3.96.67 from /etc/resolv.conf
2014/11/28 22:40:45| Adding nameserver 213.33.98.136 from /etc/resolv.conf
2014/11/28 22:40:45| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 9.
2014/11/28 22:40:45| Accepting HTCP messages on port 4827, FD 10.
2014/11/28 22:40:45| Accepting SNMP messages on port 3401, FD 12.
2014/11/28 22:40:45| WCCP Disabled.
2014/11/28 22:40:45| Loaded Icons.
2014/11/28 22:40:45| Ready to serve requests.
2014/11/28 22:40:48| Reconfiguring Squid Cache (version 2.7.STABLE9)...
2014/11/28 22:40:48| FD 9 Closing HTTP connection
2014/11/28 22:40:48| FD 10 Closing HTCP socket
2014/11/28 22:40:48| FD 12 Closing SNMP socket
2014/11/28 22:40:48| logfileClose: closing log /var/squid/logs/access.log
2014/11/28 22:40:48| Including Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
2014/11/28 22:40:48| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
2014/11/28 22:40:48| Initialising SSL.
2014/11/28 22:40:48| logfileOpen: opening log /var/squid/logs/access.log
2014/11/28 22:40:48| Store logging disabled
2014/11/28 22:40:48| Referer logging is disabled.
2014/11/28 22:40:48| DNS Socket created at 0.0.0.0, port 43586, FD 7
2014/11/28 22:40:48| Adding domain localdomain from /etc/resolv.conf
2014/11/28 22:40:48| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/11/28 22:40:48| Adding nameserver 195.3.96.67 from /etc/resolv.conf
2014/11/28 22:40:48| Adding nameserver 213.33.98.136 from /etc/resolv.conf
2014/11/28 22:40:48| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 9.
2014/11/28 22:40:48| Accepting HTCP messages on port 4827, FD 10.
2014/11/28 22:40:48| Accepting SNMP messages on port 3401, FD 12.
2014/11/28 22:40:48| WCCP Disabled.
2014/11/28 22:40:48| Loaded Icons.
2014/11/28 22:40:48| Ready to serve requests.
2014/11/28 22:41:17| Preparing for shutdown after 19 requests
2014/11/28 22:41:17| Waiting 3 seconds for active connections to finish
2014/11/28 22:41:17| FD 9 Closing HTTP connection
2014/11/28 22:41:21| Shutting down...
2014/11/28 22:41:21| FD 10 Closing HTCP socket
2014/11/28 22:41:21| FD 12 Closing SNMP socket
2014/11/28 22:41:21| Closing unlinkd pipe on FD 11
2014/11/28 22:41:21| storeDirWriteCleanLogs: Starting...
2014/11/28 22:41:21|  Finished.  Wrote 447 entries.
2014/11/28 22:41:21|  Took 0.0 seconds (77983.3 entries/sec).
CPU Usage: 1.146 seconds = 0.896 user + 0.250 sys
Maximum Resident Size: 7932 KB
Page faults with physical i/o: 0
2014/11/28 22:41:21| logfileClose: closing log /var/squid/logs/access.log
2014/11/28 22:41:21| Squid Cache (Version 2.7.STABLE9): Exiting normally.
2014/11/28 22:41:40| Starting Squid Cache version 2.7.STABLE9 for i386-portbld-freebsd8.3...
2014/11/28 22:41:40| Process ID 64740
2014/11/28 22:41:40| With 6976 file descriptors available
2014/11/28 22:41:40| Using kqueue for the IO loop
2014/11/28 22:41:40| DNS Socket created at 0.0.0.0, port 51233, FD 6
2014/11/28 22:41:40| Adding domain localdomain from /etc/resolv.conf
2014/11/28 22:41:40| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/11/28 22:41:40| Adding nameserver 195.3.96.67 from /etc/resolv.conf
2014/11/28 22:41:40| Adding nameserver 213.33.98.136 from /etc/resolv.conf
2014/11/28 22:41:40| Referer logging is disabled.
2014/11/28 22:41:40| logfileOpen: opening log /var/squid/logs/access.log
2014/11/28 22:41:40| Unlinkd pipe opened on FD 12
2014/11/28 22:41:40| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
2014/11/28 22:41:40| Target number of buckets: 425
2014/11/28 22:41:40| Using 8192 Store buckets
2014/11/28 22:41:40| Max Mem  size: 8192 KB
2014/11/28 22:41:40| Max Swap size: 102400 KB
2014/11/28 22:41:40| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/11/28 22:41:40| Store logging disabled
2014/11/28 22:41:40| Rebuilding storage in /var/squid/cache (CLEAN)
2014/11/28 22:41:40| Using Least Load store dir selection
2014/11/28 22:41:40| Current Directory is /usr/local/www
2014/11/28 22:41:40| Loaded Icons.
2014/11/28 22:41:41| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 13.
2014/11/28 22:41:41| Accepting HTCP messages on port 4827, FD 14.
2014/11/28 22:41:41| Accepting SNMP messages on port 3401, FD 15.
2014/11/28 22:41:41| WCCP Disabled.
2014/11/28 22:41:41| Ready to serve requests.
2014/11/28 22:41:41| Done reading /var/squid/cache swaplog (447 entries)
2014/11/28 22:41:41| Finished rebuilding storage from disk.
2014/11/28 22:41:41|      447 Entries scanned
2014/11/28 22:41:41|        0 Invalid entries.
2014/11/28 22:41:41|        0 With invalid flags.
2014/11/28 22:41:41|      447 Objects loaded.
2014/11/28 22:41:41|        0 Objects expired.
2014/11/28 22:41:41|        0 Objects cancelled.
2014/11/28 22:41:41|        0 Duplicate URLs purged.
2014/11/28 22:41:41|        0 Swapfile clashes avoided.
2014/11/28 22:41:41|  Took 0.8 seconds ( 579.0 objects/sec).
2014/11/28 22:41:41| Beginning Validation Procedure
2014/11/28 22:41:41|  Completed Validation Procedure
2014/11/28 22:41:41|  Validated 447 Entries

guep

now i disabled caching on harddisk and use squid in non transparent mode  – and it works  :)
but i don't now why.....

now i try to change in transparent modus.

regards
Günter

guep

transparent mode will not work >:(
same error message as before.
But i don't want to configure all my devices manually to use a proxy.
i also want to use squidguard to filter websites and use HAVP antivirus.
maybe someone can help.

regards
Günter

KOM

Very strange.  Does it do this for more than one browser, and everywhere you try?  Do you have the following settings in Services - Proxy Server - General:

Interface: LAN
Allow user on interface: Checked
Transparent proxy: Checked
Enable logging: Checked

guep

Yes, i tried it with two different Notebooks and Browsers.
My proxy konfig is right oft yours.

Regards
Günter

KOM

Anything of interest in /var/squid/logs/access.log?

Since this is a new config for you to test, perhaps you might try the 2.2-series snapshots and see if it makes any difference.  I think I asked for your System log at some point.  Was there anything of interest in there?

guep

today i started with a new installation of pfsense on my xbox, because the last one was extremely unstable. maybe it was a problem by the installation process or the package was faulty.
now my configuration is finished, without installing squid-package. i will see how stable it works for a few days. after that, i try to install squid again.
regards
Günter

guep

now my new pfsense works for a few day without any errors. its a default installation without any packages, but firewall rules are
configured.
2.1.5-RELEASE (i386) built on Mon Aug 25 07:44:26 EDT 2014 FreeBSD 8.3-RELEASE-p16
today i install squid package again.
i tried squid3-dev ( 3.3.10 pkg 2.2.8) because i also interesting on antivirus integration.
i used standart config of squid with transparent mode enabled.
squid and transparent proxy will bind on LAN interfaces (=default).

but now, if i try to open a web site, they cannot opend.

here is my system log:

Dec 7 12:39:49 check_reload_status: Reloading filter
Dec 7 12:39:43 check_reload_status: Syncing firewall
Dec 7 12:38:36 check_reload_status: Syncing firewall
Dec 7 12:37:59 check_reload_status: Syncing firewall
Dec 7 12:37:36 check_reload_status: Reloading filter
Dec 7 12:37:36 check_reload_status: Syncing firewall
Dec 7 12:37:33 check_reload_status: Reloading filter
Dec 7 12:37:33 check_reload_status: Syncing firewall
Dec 7 12:36:10 check_reload_status: Reloading filter
Dec 7 12:36:07 Squid_Alarm[24410]: Squid has resumed. Reconfiguring filter.
Dec 7 12:36:06 check_reload_status: Reloading filter
Dec 7 12:36:04 Squid_Alarm[22884]: Reconfiguring filter…
Dec 7 12:36:01 squid[20226]: Squid Parent: (squid-1) process 20774 started
Dec 7 12:36:01 squid[20226]: Squid Parent: will start 1 kids
Dec 7 12:36:01 Squid_Alarm[18996]: Attempting restart…
Dec 7 12:36:01 Squid_Alarm[18516]: Squid has exited. Reconfiguring filter.
Dec 7 12:36:01 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
Dec 7 12:36:00 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'Killed'
Dec 7 12:35:55 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
Dec 7 12:35:55 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
Dec 7 12:34:46 check_reload_status: Reloading filter
Dec 7 12:34:45 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Dec 7 12:34:44 php: /pkg_edit.php: Reloading Squid for configuration sync
Dec 7 12:34:36 check_reload_status: Reloading filter
Dec 7 12:34:36 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Dec 7 12:34:36 check_reload_status: Syncing firewall
Dec 7 12:34:34 check_reload_status: Reloading filter
Dec 7 12:34:34 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Dec 7 12:34:33 php: /pkg_edit.php: Reloading Squid for configuration sync
Dec 7 12:34:28 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Dec 7 12:29:56 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Dec 7 12:29:56 php: /pkg_edit.php: Reloading Squid for configuration sync
Dec 7 12:29:48 check_reload_status: Reloading filter
Dec 7 12:29:48 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Dec 7 12:29:48 check_reload_status: Syncing firewall
Dec 7 12:29:46 check_reload_status: Reloading filter
Dec 7 12:29:46 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Dec 7 12:29:45 php: /pkg_edit.php: Reloading Squid for configuration sync
Dec 7 12:29:40 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Dec 7 12:26:55 check_reload_status: Reloading filter
Dec 7 12:26:54 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Dec 7 12:26:54 php: /pkg_edit.php: Reloading Squid for configuration sync
Dec 7 12:26:48 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Dec 7 12:26:47 check_reload_status: Syncing firewall
Dec 7 12:25:40 check_reload_status: Reloading filter
Dec 7 12:25:39 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
Dec 7 12:25:39 php: /pkg_edit.php: Reloading Squid for configuration sync
Dec 7 12:25:33 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Dec 7 12:25:32 check_reload_status: Syncing firewall
Dec 7 12:19:59 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'

and my firewall log:

block Dec 7 13:03:09 LAN 192.168.200.10:50783  127.0.0.1:3128 TCP:S

i think web traffic is blocked by the FW. But you told me squid add a working rule by itself.
so i tried to add a rule they allow traffic on 127.0.0.1:3128 but squid does not work right again.

what's my mistake in the config ??

regard
Günter

guep

now, i am back to squid3 version 3.1.20 pkg 2.1.2 because the squid3-dev does not work.

but the squid3 also don't work in transparent mode.    >:( >:(

if i configure my browser to use the proxy it works (web pages are shown, blacklist works)

in transparent mode i can see the following massage in my browsers:

ERROR
The requested URL could not be retrieved

The following error was encountered while trying to retrieve the URL: /

Invalid URL

Some aspect of the requested URL is incorrect.

Some possible problems are:

Missing or incorrect access protocol (should be "http://" or similar)

Missing hostname

Illegal double-escape in the URL-Path

Illegal character in hostname; underscores are not allowed.

Your cache administrator is admin@localhost.

–----

KOM

Very strange.  Transparent mode is just pfSense redirecting all port 80 traffic to port 3128, Squid's port.  It should just work.  It keeps complaining about Invalid URL.  What is in your /var/squid/logs/access.log when you get these errors?

guep

these is my access.log after activating transparaent mode:

1418066349.321      2 192.168.200.10 NONE/400 3644 GET /pki/crl/products/MicWinHarComPCA_2010-11-01.crl - NONE/- text/html
1418066349.354      2 192.168.200.10 NONE/400 3646 GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl - NONE/- text/html
1418066349.376      2 192.168.200.10 NONE/400 3638 GET /pki/crl/products/MicTimStaPCA_2010-07-01.crl - NONE/- text/html
1418066349.398      2 192.168.200.10 NONE/400 3626 GET /pki/crl/products/microsoftrootcert.crl - NONE/- text/html
1418066349.418      2 192.168.200.10 NONE/400 3638 GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl - NONE/- text/html
1418066349.439      2 192.168.200.10 NONE/400 3638 GET /pki/crl/products/MicRooCerAut_2010-06-23.crl - NONE/- text/html
1418066349.460      2 192.168.200.10 NONE/400 3604 GET /pki/crl/products/WinPCA.crl - NONE/- text/html
1418066349.503      2 192.168.200.10 NONE/400 3702 GET /pki/CRL/products/Microsoft%20Windows%20Hardware%20Compatibility%20PCA(1).crl - NONE/- text/html
1418066349.524      2 192.168.200.10 NONE/400 3634 GET /pki/crl/products/MicrosoftTimeStampPCA.crl - NONE/- text/html
1418066349.545      2 192.168.200.10 NONE/400 3658 GET /pkiops/crl/Microsoft%20Update%20Signing%20CA%202.3.crl - NONE/- text/html
1418066349.567      2 192.168.200.10 NONE/400 3658 GET /pkiops/crl/Microsoft%20Update%20Signing%20CA%201.1.crl - NONE/- text/html
1418066349.588      2 192.168.200.10 NONE/400 3674 GET /pkiops/crl/Microsoft%20Update%20Secure%20Server%20CA%202.1.crl - NONE/- text/html
1418066349.630      2 192.168.200.10 NONE/400 3694 GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?5eda0960e840cbed - NONE/- text/html
1418066349.652      2 192.168.200.10 NONE/400 3706 GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fee089f2a5d1b1b6 - NONE/- text/html
1418066464.073      2 192.168.200.10 NONE/400 3550 GET / - NONE/- text/html
1418066464.139      6 192.168.200.10 NONE/400 4852 GET /activeview?id=osdim&avi=BMSpVg_eFVLfDLazi7ga2qoHADgD6iLLNygEAABABOAHIAQTgAgDgBAGgBgSoE4AB&ti=1&adk=781421690&p=670,241,760,969&tos=0,0,0,0,0&mtos=0,0,0,0,0&rs=3&ht=0&fp=correlator%3D4000277917613494%26iu%3D%252F1022330%252FSTNET_Leaderboard%26oid%3D3%26url%3Dhttp%253A%252F%252Fwww.speedtest.net%252F&afp=%26output%3Djson_html%26impl%3Dfif%26dt%3D1418065807648%26adx%3D241%26ady%3D670%26ifi%3D5%26flash%3D15.0.0&tmo=1916&tme=2328&tdl=1966&abd=3-0-42&r=u&bs=1349,657&bos=1382,744&ps=1349,1461&ss=1366,768&tt=666504&pt=2447&deb=1-5-5-39-52-6&tvt=25363&uc=42 - NONE/- text/html
1418066464.140      4 192.168.200.10 NONE/400 4954 GET /activeview?id=osdtos&avi=BX_ZAg_eFVLChE-ea7QbQ34GoDwCrsqaCiQEAABABOAHIAQLgAgDgBAGgBgKoE4AB&ti=1&adk=2403608829&p=450,986,700,1286&tos=0,24094,0,0,0&mtos=0,16994,16994,16994,16994&rs=3&ht=0&tfs=1679&tls=668950&fp=correlator%3D4000277917613494%26iu%3D%252F1022330%252FSTNET_Leaderboard%26oid%3D3%26url%3Dhttp%253A%252F%252Fwww.speedtest.net%252F&afp=%26output%3Djson_html%26impl%3Dfif%26dt%3D1418065807201%26adx%3D986%26ady%3D450%26ifi%3D4%26flash%3D15.0.0&tmo=1281&tme=1678&tdl=1337&abd=2-0-45&r=u&bs=1349,657&bos=1382,744&ps=1349,1461&ss=1366,768&tt=666504&pt=2447&deb=1-5-5-39-52-6&tvt=25363&uc=45 - NONE/- text/html
1418066464.238      2 192.168.200.10 NONE/400 3578 GET /Artwork/SN.png - NONE/- text/html
1418066464.259      2 192.168.200.10 NONE/400 3572 GET /favicon.ico - NONE/- text/html
1418066464.569      2 192.168.200.10 NONE/400 3572 GET /favicon.ico - NONE/- text/html
1418066522.232      2 192.168.200.10 NONE/400 3550 GET / - NONE/- text/html
1418066522.290      2 192.168.200.10 NONE/400 3578 GET /Artwork/SN.png - NONE/- text/html
1418066565.388      2 192.168.200.10 NONE/400 3550 GET / - NONE/- text/html
1418066565.444      2 192.168.200.10 NONE/400 3578 GET /Artwork/SN.png - NONE/- text/html
1418066565.457      2 192.168.200.10 NONE/400 3572 GET /favicon.ico - NONE/- text/html
1418066565.474      2 192.168.200.10 NONE/400 3572 GET /favicon.ico - NONE/- text/html

and the cache.log :

2014/12/08 20:18:56| Store logging disabled
2014/12/08 20:18:56| User-Agent logging is disabled.
2014/12/08 20:18:56| Referer logging is disabled.
2014/12/08 20:18:56| DNS Socket created at [::], FD 7
2014/12/08 20:18:56| DNS Socket created at 0.0.0.0, FD 9
2014/12/08 20:18:56| Adding domain localdomain from /etc/resolv.conf
2014/12/08 20:18:56| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/12/08 20:18:56| Adding nameserver 195.3.96.67 from /etc/resolv.conf
2014/12/08 20:18:56| Adding nameserver 213.33.98.136 from /etc/resolv.conf
2014/12/08 20:18:56| Adding nameserver 195.3.96.67 from /etc/resolv.conf
2014/12/08 20:18:56| Adding nameserver 213.33.98.136 from /etc/resolv.conf
2014/12/08 20:18:56| helperOpenServers: Starting 0/0 'ssl_crtd' processes
2014/12/08 20:18:56| helperOpenServers: No 'ssl_crtd' processes needed.
2014/12/08 20:18:56| Accepting  HTTP connections at 192.168.200.1:3128, FD 11.
2014/12/08 20:18:56| Accepting ICP messages at [::]:7, FD 12.
2014/12/08 20:18:56| HTCP Disabled.
2014/12/08 20:18:56| Loaded Icons.
2014/12/08 20:18:56| Ready to serve requests.
2014/12/08 20:19:06| Reconfiguring Squid Cache (version 3.1.22)…
2014/12/08 20:19:06| FD 11 Closing HTTP connection
2014/12/08 20:19:06| FD 12 Closing ICP connection
2014/12/08 20:19:06| Processing Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
2014/12/08 20:19:06| Starting Authentication on port 127.0.0.1:3128
2014/12/08 20:19:06| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2014/12/08 20:19:06| Disabling IPv6 on port 127.0.0.1:3128 (interception enabled)
2014/12/08 20:19:06| Initializing https proxy context
2014/12/08 20:19:07| Store logging disabled
2014/12/08 20:19:07| User-Agent logging is disabled.
2014/12/08 20:19:07| Referer logging is disabled.
2014/12/08 20:19:07| DNS Socket created at [::], FD 7
2014/12/08 20:19:07| DNS Socket created at 0.0.0.0, FD 9
2014/12/08 20:19:07| Adding domain localdomain from /etc/resolv.conf
2014/12/08 20:19:07| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/12/08 20:19:07| Adding nameserver 195.3.96.67 from /etc/resolv.conf
2014/12/08 20:19:07| Adding nameserver 213.33.98.136 from /etc/resolv.conf
2014/12/08 20:19:07| Adding nameserver 195.3.96.67 from /etc/resolv.conf
2014/12/08 20:19:07| Adding nameserver 213.33.98.136 from /etc/resolv.conf
2014/12/08 20:19:07| helperOpenServers: Starting 0/0 'ssl_crtd' processes
2014/12/08 20:19:07| helperOpenServers: No 'ssl_crtd' processes needed.
2014/12/08 20:19:07| Accepting  HTTP connections at 192.168.200.1:3128, FD 11.
2014/12/08 20:19:07| Accepting  intercepted HTTP connections at 127.0.0.1:3128, FD 12.
2014/12/08 20:19:07| Accepting ICP messages at [::]:7, FD 14.
2014/12/08 20:19:07| HTCP Disabled.
2014/12/08 20:19:07| Loaded Icons.
2014/12/08 20:19:07| Ready to serve requests.

regards
Günter

KOM

Everything looks good to me.  I have no idea why transparent mode for Squid doesn't work for you, sorry.

guep

bad luck for me  :'(

many thanks for your support.

maybe some other user had the same problems and can post here a solution.

regards
Günter

KOM

One thing I will say is that I've had better luck with Squid 2 than Squid 3.  I would also try one of the 2.2 snapshots and see if it makes any different at all for you.