• Hi there everyone.
    I am new on this forum and pfsense and i tried to find a answer in some other postings, but i did not find the right one.
    my system:
    2.1.5-RELEASE (i386) built on Mon Aug 25 07:44:26 EDT 2014
    FreeBSD 8.3-RELEASE-p16 > full install on a 40GB HD
    installed package:
    squid 2.7.9 pkg v.4.3.4

    My problem is, squid does not work correctly.
    i configured squid for transparent mode like the howto on pfsense.org and insert a nat rule:

    Inf:LAN > Prot:TCP > SrcAdr:* >  SrcPort:* > DestAdr:* > DestPort:80 > NAT-IP:192.168.1.1 > NAT-Port: 3128

    but every time i try to open a website, i become the following message in the browser
    window:

    ERROR
    The requested URL could not be retrieved

    _While trying to process the request:

    GET / HTTP/1.1
    Host: google.at
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
    Accept-Language: de,en-US;q=0.7,en;q=0.3
    Accept-Encoding: gzip, deflate
    DNT: 1
    Cookie: PREF=ID=f5266164f2f8ee1b:U=a1088c39fb2ef1e0:FF=0:TM=1417202611:LM=1417202649:S=oogV_gqyManemQc_; NID=67=DzEvJhruLfMZLCa-WFgTCV3JhgZOibqelCYuY1VmOtYgOos2pnpg3LyrgL_gLdHF0tbzwo4FAhWTXQAmuy5w9x2KJ7bWYWvMHvWWuTGg3jN9AbEStk-4AA0PrlO0V59z; OGPC=4061130-1:
    Connection: keep-alive

    The following error was encountered:

    Invalid Request

    Some aspect of the HTTP Request is invalid. Possible problems:

    Missing or unknown request method
        Missing URL
        Missing HTTP Identifier (HTTP/1.0)
        Request is too large
        Content-Length missing for POST or PUT requests
        Illegal character in hostname; underscores are not allowed_
    i hope someone of you can help me to solve this problem.
    if squid works correct i also wants to install squidguard.

    regards
    Günter


  • When you install Squid and elect Transparent mode, pfSense adds a hidden NAT rule to do the redirection so you don't have to do it yourself.  I installed and used several versions of Squid and SquidGuard under pfSense , and they certainly do work.


  • thank you for your fast response.

    i tried to delete the nat-rule, but i had the same browser massage.
    after that, i tried to deactivate transparent modus and aktivate the proxy in my browser.
    i also have the same results.

    regards
    Günter


  • My suggestion may not relate to the problem you are having, but I wanted you to know that you didn't need to manually add the rule to redirect port 80 to 3128.  What were you accessing to generate the 'Request is too large' error?


  • i only tried to open www.google.at or some other sites.


  • Hmm.  You might try removing Squid and then reinstall it.  You may have to manually clear out any files left behind after you remove the package.  Search the forums on how to remove or uninstall squid fully and you should find some details.  But before you do that, is there anything in your System log?  If you connect via SSH and run the command:

    squid -k check

    What output do you get?


  • yesterday i installed pfsense again, because with my first installation i had the same errors. so this is a default installation, only squid is installed and some firewall rules are configured.

    now, squid runs without "transparent"-mode, but still same error-message
    i cleared the cache manually and restart squid.

    squid -k check > no output

    here the cache.log :

    2014/11/28 22:40:45| logfileOpen: opening log /var/squid/logs/access.log
    2014/11/28 22:40:45| Store logging disabled
    2014/11/28 22:40:45| Referer logging is disabled.
    2014/11/28 22:40:45| DNS Socket created at 0.0.0.0, port 42277, FD 7
    2014/11/28 22:40:45| Adding domain localdomain from /etc/resolv.conf
    2014/11/28 22:40:45| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2014/11/28 22:40:45| Adding nameserver 195.3.96.67 from /etc/resolv.conf
    2014/11/28 22:40:45| Adding nameserver 213.33.98.136 from /etc/resolv.conf
    2014/11/28 22:40:45| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 9.
    2014/11/28 22:40:45| Accepting HTCP messages on port 4827, FD 10.
    2014/11/28 22:40:45| Accepting SNMP messages on port 3401, FD 12.
    2014/11/28 22:40:45| WCCP Disabled.
    2014/11/28 22:40:45| Loaded Icons.
    2014/11/28 22:40:45| Ready to serve requests.
    2014/11/28 22:40:48| Reconfiguring Squid Cache (version 2.7.STABLE9)…
    2014/11/28 22:40:48| FD 9 Closing HTTP connection
    2014/11/28 22:40:48| FD 10 Closing HTCP socket
    2014/11/28 22:40:48| FD 12 Closing SNMP socket
    2014/11/28 22:40:48| logfileClose: closing log /var/squid/logs/access.log
    2014/11/28 22:40:48| Including Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
    2014/11/28 22:40:48| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
    2014/11/28 22:40:48| Initialising SSL.
    2014/11/28 22:40:48| logfileOpen: opening log /var/squid/logs/access.log
    --More--(26%)2014/11/28 22:40:45| logfileOpen: opening log /var/squid/logs/access.log
    2014/11/28 22:40:45| Store logging disabled
    2014/11/28 22:40:45| Referer logging is disabled.
    2014/11/28 22:40:45| DNS Socket created at 0.0.0.0, port 42277, FD 7
    2014/11/28 22:40:45| Adding domain localdomain from /etc/resolv.conf
    2014/11/28 22:40:45| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2014/11/28 22:40:45| Adding nameserver 195.3.96.67 from /etc/resolv.conf
    2014/11/28 22:40:45| Adding nameserver 213.33.98.136 from /etc/resolv.conf
    2014/11/28 22:40:45| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 9.
    2014/11/28 22:40:45| Accepting HTCP messages on port 4827, FD 10.
    2014/11/28 22:40:45| Accepting SNMP messages on port 3401, FD 12.
    2014/11/28 22:40:45| WCCP Disabled.
    2014/11/28 22:40:45| Loaded Icons.
    2014/11/28 22:40:45| Ready to serve requests.
    2014/11/28 22:40:48| Reconfiguring Squid Cache (version 2.7.STABLE9)...
    2014/11/28 22:40:48| FD 9 Closing HTTP connection
    2014/11/28 22:40:48| FD 10 Closing HTCP socket
    2014/11/28 22:40:48| FD 12 Closing SNMP socket
    2014/11/28 22:40:48| logfileClose: closing log /var/squid/logs/access.log
    2014/11/28 22:40:48| Including Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
    2014/11/28 22:40:48| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
    2014/11/28 22:40:48| Initialising SSL.
    2014/11/28 22:40:48| logfileOpen: opening log /var/squid/logs/access.log
    2014/11/28 22:40:48| Store logging disabled
    2014/11/28 22:40:48| Referer logging is disabled.
    2014/11/28 22:40:48| DNS Socket created at 0.0.0.0, port 43586, FD 7
    2014/11/28 22:40:48| Adding domain localdomain from /etc/resolv.conf
    2014/11/28 22:40:48| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2014/11/28 22:40:48| Adding nameserver 195.3.96.67 from /etc/resolv.conf
    --More--(33%)2014/11/28 22:40:45| logfileOpen: opening log /var/squid/logs/access.log
    2014/11/28 22:40:45| Store logging disabled
    2014/11/28 22:40:45| Referer logging is disabled.
    2014/11/28 22:40:45| DNS Socket created at 0.0.0.0, port 42277, FD 7
    2014/11/28 22:40:45| Adding domain localdomain from /etc/resolv.conf
    2014/11/28 22:40:45| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2014/11/28 22:40:45| Adding nameserver 195.3.96.67 from /etc/resolv.conf
    2014/11/28 22:40:45| Adding nameserver 213.33.98.136 from /etc/resolv.conf
    2014/11/28 22:40:45| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 9.
    2014/11/28 22:40:45| Accepting HTCP messages on port 4827, FD 10.
    2014/11/28 22:40:45| Accepting SNMP messages on port 3401, FD 12.
    2014/11/28 22:40:45| WCCP Disabled.
    2014/11/28 22:40:45| Loaded Icons.
    2014/11/28 22:40:45| Ready to serve requests.
    2014/11/28 22:40:48| Reconfiguring Squid Cache (version 2.7.STABLE9)...
    2014/11/28 22:40:48| FD 9 Closing HTTP connection
    2014/11/28 22:40:48| FD 10 Closing HTCP socket
    2014/11/28 22:40:48| FD 12 Closing SNMP socket
    2014/11/28 22:40:48| logfileClose: closing log /var/squid/logs/access.log
    2014/11/28 22:40:48| Including Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
    2014/11/28 22:40:48| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
    2014/11/28 22:40:48| Initialising SSL.
    2014/11/28 22:40:48| logfileOpen: opening log /var/squid/logs/access.log
    2014/11/28 22:40:48| Store logging disabled
    2014/11/28 22:40:48| Referer logging is disabled.
    2014/11/28 22:40:48| DNS Socket created at 0.0.0.0, port 43586, FD 7
    2014/11/28 22:40:48| Adding domain localdomain from /etc/resolv.conf
    2014/11/28 22:40:48| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2014/11/28 22:40:48| Adding nameserver 195.3.96.67 from /etc/resolv.conf
    2014/11/28 22:40:48| Adding nameserver 213.33.98.136 from /etc/resolv.conf
    --More--(34%)2014/11/28 22:40:45| logfileOpen: opening log /var/squid/logs/access.log
    2014/11/28 22:40:45| Store logging disabled
    2014/11/28 22:40:45| Referer logging is disabled.
    2014/11/28 22:40:45| DNS Socket created at 0.0.0.0, port 42277, FD 7
    2014/11/28 22:40:45| Adding domain localdomain from /etc/resolv.conf
    2014/11/28 22:40:45| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2014/11/28 22:40:45| Adding nameserver 195.3.96.67 from /etc/resolv.conf
    2014/11/28 22:40:45| Adding nameserver 213.33.98.136 from /etc/resolv.conf
    2014/11/28 22:40:45| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 9.
    2014/11/28 22:40:45| Accepting HTCP messages on port 4827, FD 10.
    2014/11/28 22:40:45| Accepting SNMP messages on port 3401, FD 12.
    2014/11/28 22:40:45| WCCP Disabled.
    2014/11/28 22:40:45| Loaded Icons.
    2014/11/28 22:40:45| Ready to serve requests.
    2014/11/28 22:40:48| Reconfiguring Squid Cache (version 2.7.STABLE9)...
    2014/11/28 22:40:48| FD 9 Closing HTTP connection
    2014/11/28 22:40:48| FD 10 Closing HTCP socket
    2014/11/28 22:40:48| FD 12 Closing SNMP socket
    2014/11/28 22:40:48| logfileClose: closing log /var/squid/logs/access.log
    2014/11/28 22:40:48| Including Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
    2014/11/28 22:40:48| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
    2014/11/28 22:40:48| Initialising SSL.
    2014/11/28 22:40:48| logfileOpen: opening log /var/squid/logs/access.log
    2014/11/28 22:40:48| Store logging disabled
    2014/11/28 22:40:48| Referer logging is disabled.
    2014/11/28 22:40:48| DNS Socket created at 0.0.0.0, port 43586, FD 7
    2014/11/28 22:40:48| Adding domain localdomain from /etc/resolv.conf
    2014/11/28 22:40:48| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2014/11/28 22:40:48| Adding nameserver 195.3.96.67 from /etc/resolv.conf
    2014/11/28 22:40:48| Adding nameserver 213.33.98.136 from /etc/resolv.conf
    2014/11/28 22:40:48| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 9.
    2014/11/28 22:40:48| Accepting HTCP messages on port 4827, FD 10.
    2014/11/28 22:40:48| Accepting SNMP messages on port 3401, FD 12.
    2014/11/28 22:40:48| WCCP Disabled.
    2014/11/28 22:40:48| Loaded Icons.
    2014/11/28 22:40:48| Ready to serve requests.
    2014/11/28 22:41:17| Preparing for shutdown after 19 requests
    2014/11/28 22:41:17| Waiting 3 seconds for active connections to finish
    2014/11/28 22:41:17| FD 9 Closing HTTP connection
    2014/11/28 22:41:21| Shutting down...
    2014/11/28 22:41:21| FD 10 Closing HTCP socket
    2014/11/28 22:41:21| FD 12 Closing SNMP socket
    2014/11/28 22:41:21| Closing unlinkd pipe on FD 11
    2014/11/28 22:41:21| storeDirWriteCleanLogs: Starting...
    2014/11/28 22:41:21|  Finished.  Wrote 447 entries.
    2014/11/28 22:41:21|  Took 0.0 seconds (77983.3 entries/sec).
    CPU Usage: 1.146 seconds = 0.896 user + 0.250 sys
    Maximum Resident Size: 7932 KB
    Page faults with physical i/o: 0
    2014/11/28 22:41:21| logfileClose: closing log /var/squid/logs/access.log
    2014/11/28 22:41:21| Squid Cache (Version 2.7.STABLE9): Exiting normally.
    2014/11/28 22:41:40| Starting Squid Cache version 2.7.STABLE9 for i386-portbld-freebsd8.3...
    2014/11/28 22:41:40| Process ID 64740
    2014/11/28 22:41:40| With 6976 file descriptors available
    2014/11/28 22:41:40| Using kqueue for the IO loop
    2014/11/28 22:41:40| DNS Socket created at 0.0.0.0, port 51233, FD 6
    2014/11/28 22:41:40| Adding domain localdomain from /etc/resolv.conf
    2014/11/28 22:41:40| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2014/11/28 22:41:40| Adding nameserver 195.3.96.67 from /etc/resolv.conf
    2014/11/28 22:41:40| Adding nameserver 213.33.98.136 from /etc/resolv.conf
    2014/11/28 22:41:40| Referer logging is disabled.
    2014/11/28 22:41:40| logfileOpen: opening log /var/squid/logs/access.log
    2014/11/28 22:41:40| Unlinkd pipe opened on FD 12
    2014/11/28 22:41:40| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
    2014/11/28 22:41:40| Target number of buckets: 425
    2014/11/28 22:41:40| Using 8192 Store buckets
    2014/11/28 22:41:40| Max Mem  size: 8192 KB
    2014/11/28 22:41:40| Max Swap size: 102400 KB
    2014/11/28 22:41:40| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
    2014/11/28 22:41:40| Store logging disabled
    2014/11/28 22:41:40| Rebuilding storage in /var/squid/cache (CLEAN)
    2014/11/28 22:41:40| Using Least Load store dir selection
    2014/11/28 22:41:40| Current Directory is /usr/local/www
    2014/11/28 22:41:40| Loaded Icons.
    2014/11/28 22:41:41| Accepting proxy HTTP connections at 192.168.1.1, port 3128, FD 13.
    2014/11/28 22:41:41| Accepting HTCP messages on port 4827, FD 14.
    2014/11/28 22:41:41| Accepting SNMP messages on port 3401, FD 15.
    2014/11/28 22:41:41| WCCP Disabled.
    2014/11/28 22:41:41| Ready to serve requests.
    2014/11/28 22:41:41| Done reading /var/squid/cache swaplog (447 entries)
    2014/11/28 22:41:41| Finished rebuilding storage from disk.
    2014/11/28 22:41:41|      447 Entries scanned
    2014/11/28 22:41:41|        0 Invalid entries.
    2014/11/28 22:41:41|        0 With invalid flags.
    2014/11/28 22:41:41|      447 Objects loaded.
    2014/11/28 22:41:41|        0 Objects expired.
    2014/11/28 22:41:41|        0 Objects cancelled.
    2014/11/28 22:41:41|        0 Duplicate URLs purged.
    2014/11/28 22:41:41|        0 Swapfile clashes avoided.
    2014/11/28 22:41:41|  Took 0.8 seconds ( 579.0 objects/sec).
    2014/11/28 22:41:41| Beginning Validation Procedure
    2014/11/28 22:41:41|  Completed Validation Procedure
    2014/11/28 22:41:41|  Validated 447 Entries


  • now i disabled caching on harddisk and use squid in non transparent mode  – and it works  :)
    but i don't now why.....

    now i try to change in transparent modus.

    regards
    Günter


  • transparent mode will not work >:(
    same error message as before.
    But i don't want to configure all my devices manually to use a proxy.
    i also want to use squidguard to filter websites and use HAVP antivirus.
    maybe someone can help.

    regards
    Günter


  • Very strange.  Does it do this for more than one browser, and everywhere you try?  Do you have the following settings in Services - Proxy Server - General:

    Interface: LAN
    Allow user on interface: Checked
    Transparent proxy: Checked
    Enable logging: Checked


  • Yes, i tried it with two different Notebooks and Browsers.
    My proxy konfig is right oft yours.

    Regards
    Günter


  • Anything of interest in /var/squid/logs/access.log?

    Since this is a new config for you to test, perhaps you might try the 2.2-series snapshots and see if it makes any difference.  I think I asked for your System log at some point.  Was there anything of interest in there?


  • today i started with a new installation of pfsense on my xbox, because the last one was extremely unstable. maybe it was a problem by the installation process or the package was faulty.
    now my configuration is finished, without installing squid-package. i will see how stable it works for a few days. after that, i try to install squid again.
    regards
    Günter


  • now my new pfsense works for a few day without any errors. its a default installation without any packages, but firewall rules are
    configured.
    2.1.5-RELEASE (i386) built on Mon Aug 25 07:44:26 EDT 2014 FreeBSD 8.3-RELEASE-p16
    today i install squid package again.
    i tried squid3-dev ( 3.3.10 pkg 2.2.8) because i also interesting on antivirus integration.
    i used standart config of squid with transparent mode enabled.
    squid and transparent proxy will bind on LAN interfaces (=default).

    but now, if i try to open a web site, they cannot opend.

    here is my system log:

    Dec 7 12:39:49 check_reload_status: Reloading filter
    Dec 7 12:39:43 check_reload_status: Syncing firewall
    Dec 7 12:38:36 check_reload_status: Syncing firewall
    Dec 7 12:37:59 check_reload_status: Syncing firewall
    Dec 7 12:37:36 check_reload_status: Reloading filter
    Dec 7 12:37:36 check_reload_status: Syncing firewall
    Dec 7 12:37:33 check_reload_status: Reloading filter
    Dec 7 12:37:33 check_reload_status: Syncing firewall
    Dec 7 12:36:10 check_reload_status: Reloading filter
    Dec 7 12:36:07 Squid_Alarm[24410]: Squid has resumed. Reconfiguring filter.
    Dec 7 12:36:06 check_reload_status: Reloading filter
    Dec 7 12:36:04 Squid_Alarm[22884]: Reconfiguring filter…
    Dec 7 12:36:01 squid[20226]: Squid Parent: (squid-1) process 20774 started
    Dec 7 12:36:01 squid[20226]: Squid Parent: will start 1 kids
    Dec 7 12:36:01 Squid_Alarm[18996]: Attempting restart…
    Dec 7 12:36:01 Squid_Alarm[18516]: Squid has exited. Reconfiguring filter.
    Dec 7 12:36:01 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
    Dec 7 12:36:00 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'Killed'
    Dec 7 12:35:55 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
    Dec 7 12:35:55 php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: No running copy'
    Dec 7 12:34:46 check_reload_status: Reloading filter
    Dec 7 12:34:45 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
    Dec 7 12:34:44 php: /pkg_edit.php: Reloading Squid for configuration sync
    Dec 7 12:34:36 check_reload_status: Reloading filter
    Dec 7 12:34:36 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
    Dec 7 12:34:36 check_reload_status: Syncing firewall
    Dec 7 12:34:34 check_reload_status: Reloading filter
    Dec 7 12:34:34 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
    Dec 7 12:34:33 php: /pkg_edit.php: Reloading Squid for configuration sync
    Dec 7 12:34:28 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
    Dec 7 12:29:56 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
    Dec 7 12:29:56 php: /pkg_edit.php: Reloading Squid for configuration sync
    Dec 7 12:29:48 check_reload_status: Reloading filter
    Dec 7 12:29:48 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
    Dec 7 12:29:48 check_reload_status: Syncing firewall
    Dec 7 12:29:46 check_reload_status: Reloading filter
    Dec 7 12:29:46 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
    Dec 7 12:29:45 php: /pkg_edit.php: Reloading Squid for configuration sync
    Dec 7 12:29:40 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
    Dec 7 12:26:55 check_reload_status: Reloading filter
    Dec 7 12:26:54 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
    Dec 7 12:26:54 php: /pkg_edit.php: Reloading Squid for configuration sync
    Dec 7 12:26:48 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
    Dec 7 12:26:47 check_reload_status: Syncing firewall
    Dec 7 12:25:40 check_reload_status: Reloading filter
    Dec 7 12:25:39 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'
    Dec 7 12:25:39 php: /pkg_edit.php: Reloading Squid for configuration sync
    Dec 7 12:25:33 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
    Dec 7 12:25:32 check_reload_status: Syncing firewall
    Dec 7 12:19:59 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'

    and my firewall log:

    block Dec 7 13:03:09 LAN 192.168.200.10:50783  127.0.0.1:3128 TCP:S

    i think web traffic is blocked by the FW. But you told me squid add a working rule by itself.
    so i tried to add a rule they allow traffic on 127.0.0.1:3128 but squid does not work right again.

    what's my mistake in the config ??

    regard
    Günter


  • now, i am back to squid3 version 3.1.20 pkg 2.1.2 because the squid3-dev does not work.

    but the squid3 also don't work in transparent mode.    >:( >:(

    if i configure my browser to use the proxy it works (web pages are shown, blacklist works)

    in transparent mode i can see the following massage in my browsers:

    ERROR
    The requested URL could not be retrieved

    The following error was encountered while trying to retrieve the URL: /

    Invalid URL

    Some aspect of the requested URL is incorrect.

    Some possible problems are:

    Missing or incorrect access protocol (should be "http://" or similar)

    Missing hostname

    Illegal double-escape in the URL-Path

    Illegal character in hostname; underscores are not allowed.

    Your cache administrator is admin@localhost.

    –----


  • Very strange.  Transparent mode is just pfSense redirecting all port 80 traffic to port 3128, Squid's port.  It should just work.  It keeps complaining about Invalid URL.  What is in your /var/squid/logs/access.log when you get these errors?


  • these is my access.log after activating transparaent mode:

    1418066349.321      2 192.168.200.10 NONE/400 3644 GET /pki/crl/products/MicWinHarComPCA_2010-11-01.crl - NONE/- text/html
    1418066349.354      2 192.168.200.10 NONE/400 3646 GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl - NONE/- text/html
    1418066349.376      2 192.168.200.10 NONE/400 3638 GET /pki/crl/products/MicTimStaPCA_2010-07-01.crl - NONE/- text/html
    1418066349.398      2 192.168.200.10 NONE/400 3626 GET /pki/crl/products/microsoftrootcert.crl - NONE/- text/html
    1418066349.418      2 192.168.200.10 NONE/400 3638 GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl - NONE/- text/html
    1418066349.439      2 192.168.200.10 NONE/400 3638 GET /pki/crl/products/MicRooCerAut_2010-06-23.crl - NONE/- text/html
    1418066349.460      2 192.168.200.10 NONE/400 3604 GET /pki/crl/products/WinPCA.crl - NONE/- text/html
    1418066349.503      2 192.168.200.10 NONE/400 3702 GET /pki/CRL/products/Microsoft%20Windows%20Hardware%20Compatibility%20PCA(1).crl - NONE/- text/html
    1418066349.524      2 192.168.200.10 NONE/400 3634 GET /pki/crl/products/MicrosoftTimeStampPCA.crl - NONE/- text/html
    1418066349.545      2 192.168.200.10 NONE/400 3658 GET /pkiops/crl/Microsoft%20Update%20Signing%20CA%202.3.crl - NONE/- text/html
    1418066349.567      2 192.168.200.10 NONE/400 3658 GET /pkiops/crl/Microsoft%20Update%20Signing%20CA%201.1.crl - NONE/- text/html
    1418066349.588      2 192.168.200.10 NONE/400 3674 GET /pkiops/crl/Microsoft%20Update%20Secure%20Server%20CA%202.1.crl - NONE/- text/html
    1418066349.630      2 192.168.200.10 NONE/400 3694 GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?5eda0960e840cbed - NONE/- text/html
    1418066349.652      2 192.168.200.10 NONE/400 3706 GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fee089f2a5d1b1b6 - NONE/- text/html
    1418066464.073      2 192.168.200.10 NONE/400 3550 GET / - NONE/- text/html
    1418066464.139      6 192.168.200.10 NONE/400 4852 GET /activeview?id=osdim&avi=BMSpVg_eFVLfDLazi7ga2qoHADgD6iLLNygEAABABOAHIAQTgAgDgBAGgBgSoE4AB&ti=1&adk=781421690&p=670,241,760,969&tos=0,0,0,0,0&mtos=0,0,0,0,0&rs=3&ht=0&fp=correlator%3D4000277917613494%26iu%3D%252F1022330%252FSTNET_Leaderboard%26oid%3D3%26url%3Dhttp%253A%252F%252Fwww.speedtest.net%252F&afp=%26output%3Djson_html%26impl%3Dfif%26dt%3D1418065807648%26adx%3D241%26ady%3D670%26ifi%3D5%26flash%3D15.0.0&tmo=1916&tme=2328&tdl=1966&abd=3-0-42&r=u&bs=1349,657&bos=1382,744&ps=1349,1461&ss=1366,768&tt=666504&pt=2447&deb=1-5-5-39-52-6&tvt=25363&uc=42 - NONE/- text/html
    1418066464.140      4 192.168.200.10 NONE/400 4954 GET /activeview?id=osdtos&avi=BX_ZAg_eFVLChE-ea7QbQ34GoDwCrsqaCiQEAABABOAHIAQLgAgDgBAGgBgKoE4AB&ti=1&adk=2403608829&p=450,986,700,1286&tos=0,24094,0,0,0&mtos=0,16994,16994,16994,16994&rs=3&ht=0&tfs=1679&tls=668950&fp=correlator%3D4000277917613494%26iu%3D%252F1022330%252FSTNET_Leaderboard%26oid%3D3%26url%3Dhttp%253A%252F%252Fwww.speedtest.net%252F&afp=%26output%3Djson_html%26impl%3Dfif%26dt%3D1418065807201%26adx%3D986%26ady%3D450%26ifi%3D4%26flash%3D15.0.0&tmo=1281&tme=1678&tdl=1337&abd=2-0-45&r=u&bs=1349,657&bos=1382,744&ps=1349,1461&ss=1366,768&tt=666504&pt=2447&deb=1-5-5-39-52-6&tvt=25363&uc=45 - NONE/- text/html
    1418066464.238      2 192.168.200.10 NONE/400 3578 GET /Artwork/SN.png - NONE/- text/html
    1418066464.259      2 192.168.200.10 NONE/400 3572 GET /favicon.ico - NONE/- text/html
    1418066464.569      2 192.168.200.10 NONE/400 3572 GET /favicon.ico - NONE/- text/html
    1418066522.232      2 192.168.200.10 NONE/400 3550 GET / - NONE/- text/html
    1418066522.290      2 192.168.200.10 NONE/400 3578 GET /Artwork/SN.png - NONE/- text/html
    1418066565.388      2 192.168.200.10 NONE/400 3550 GET / - NONE/- text/html
    1418066565.444      2 192.168.200.10 NONE/400 3578 GET /Artwork/SN.png - NONE/- text/html
    1418066565.457      2 192.168.200.10 NONE/400 3572 GET /favicon.ico - NONE/- text/html
    1418066565.474      2 192.168.200.10 NONE/400 3572 GET /favicon.ico - NONE/- text/html

    and the cache.log :

    2014/12/08 20:18:56| Store logging disabled
    2014/12/08 20:18:56| User-Agent logging is disabled.
    2014/12/08 20:18:56| Referer logging is disabled.
    2014/12/08 20:18:56| DNS Socket created at [::], FD 7
    2014/12/08 20:18:56| DNS Socket created at 0.0.0.0, FD 9
    2014/12/08 20:18:56| Adding domain localdomain from /etc/resolv.conf
    2014/12/08 20:18:56| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2014/12/08 20:18:56| Adding nameserver 195.3.96.67 from /etc/resolv.conf
    2014/12/08 20:18:56| Adding nameserver 213.33.98.136 from /etc/resolv.conf
    2014/12/08 20:18:56| Adding nameserver 195.3.96.67 from /etc/resolv.conf
    2014/12/08 20:18:56| Adding nameserver 213.33.98.136 from /etc/resolv.conf
    2014/12/08 20:18:56| helperOpenServers: Starting 0/0 'ssl_crtd' processes
    2014/12/08 20:18:56| helperOpenServers: No 'ssl_crtd' processes needed.
    2014/12/08 20:18:56| Accepting  HTTP connections at 192.168.200.1:3128, FD 11.
    2014/12/08 20:18:56| Accepting ICP messages at [::]:7, FD 12.
    2014/12/08 20:18:56| HTCP Disabled.
    2014/12/08 20:18:56| Loaded Icons.
    2014/12/08 20:18:56| Ready to serve requests.
    2014/12/08 20:19:06| Reconfiguring Squid Cache (version 3.1.22)…
    2014/12/08 20:19:06| FD 11 Closing HTTP connection
    2014/12/08 20:19:06| FD 12 Closing ICP connection
    2014/12/08 20:19:06| Processing Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
    2014/12/08 20:19:06| Starting Authentication on port 127.0.0.1:3128
    2014/12/08 20:19:06| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
    2014/12/08 20:19:06| Disabling IPv6 on port 127.0.0.1:3128 (interception enabled)
    2014/12/08 20:19:06| Initializing https proxy context
    2014/12/08 20:19:07| Store logging disabled
    2014/12/08 20:19:07| User-Agent logging is disabled.
    2014/12/08 20:19:07| Referer logging is disabled.
    2014/12/08 20:19:07| DNS Socket created at [::], FD 7
    2014/12/08 20:19:07| DNS Socket created at 0.0.0.0, FD 9
    2014/12/08 20:19:07| Adding domain localdomain from /etc/resolv.conf
    2014/12/08 20:19:07| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2014/12/08 20:19:07| Adding nameserver 195.3.96.67 from /etc/resolv.conf
    2014/12/08 20:19:07| Adding nameserver 213.33.98.136 from /etc/resolv.conf
    2014/12/08 20:19:07| Adding nameserver 195.3.96.67 from /etc/resolv.conf
    2014/12/08 20:19:07| Adding nameserver 213.33.98.136 from /etc/resolv.conf
    2014/12/08 20:19:07| helperOpenServers: Starting 0/0 'ssl_crtd' processes
    2014/12/08 20:19:07| helperOpenServers: No 'ssl_crtd' processes needed.
    2014/12/08 20:19:07| Accepting  HTTP connections at 192.168.200.1:3128, FD 11.
    2014/12/08 20:19:07| Accepting  intercepted HTTP connections at 127.0.0.1:3128, FD 12.
    2014/12/08 20:19:07| Accepting ICP messages at [::]:7, FD 14.
    2014/12/08 20:19:07| HTCP Disabled.
    2014/12/08 20:19:07| Loaded Icons.
    2014/12/08 20:19:07| Ready to serve requests.

    regards
    Günter


  • Everything looks good to me.  I have no idea why transparent mode for Squid doesn't work for you, sorry.


  • bad luck for me  :'(

    many thanks for your support.

    maybe some other user had the same problems and can post here a solution.

    regards
    Günter


  • One thing I will say is that I've had better luck with Squid 2 than Squid 3.  I would also try one of the 2.2 snapshots and see if it makes any different at all for you.


  • Have you tried setting the logging option to either "Encode" or "Allow" ?

    
    strip: The whitespace characters are stripped out of the URL. This is the behavior recommended by RFC2396.
    deny: The request is denied. The user receives an "Invalid Request" message.
    allow: The request is allowed and the URI is not changed. The whitespace characters remain in the URI.
    encode: The request is allowed and the whitespace characters are encoded according to RFC1738.
    chop:The request is allowed and the URI is chopped at the first whitespace.
    
    

    With "squid3-dev" you could try with "forwarded_for transparent" typed into "Custom ACLS (Before_Auth)" field (and with the "Disable X-Forward" not selected off course.)