Squidguard-squid3-1.4_4-amd64 failed on pfsense 2.2



  • Hi there,

    I guess here is a problem with the installation. What should I do to get the package or is there a bug?
    Hope to get a solution.

    thnx.



  • search around the forum for the last 2 weeks



  • @Cino:

    search around the forum for the last 2 weeks

    OK THANX

    … found the hint:
    Do NOT check package signature

    @Admins: you can delete this post. THNX



  • if you using squid3…. use squidguard-dev or squidguard3... i've had good luck with squidguard-dev



  • I received the same error with Squid-guard3. Just Notifying.


  • Banned

    That's awesome. Very useful to know you get the same unknown error…



  • I ran into the same problem.

    The log files showed that there was an error evaluating /tmp/rules.test.packages.

    It seems as if this file does not get written correctly.



  • maybe post the output of your logs??? system, squidguard and squid logs?

    this may help for now until squidguard can be corrected as I feel this is the issue..

    
    ln -s /usr/pbi/squidguard-devel-amd64/local/lib/libldap-2.4.so.8 /usr/local/lib/libldap-2.4.so.8
    ln -s /usr/pbi/squidguard-devel-amd64/local/lib/libldap-2.4.so.8 /lib/libldap-2.4.so.8
    ln -s /usr/pbi/squidguard-devel-amd64/local/lib/libdb-4.6.so.0 /usr/local/lib/libdb-4.6.so.0
    ln -s /usr/pbi/squidguard-devel-amd64/local/lib/libdb-4.6.so.0 /usr/lib/libdb-4.6.so.0
    
    


  • Better send it as a pull request, just like we did with icap on squid3…



  • true! I submitted a bug report around the same time but no has looked at it. I'lltake a look at squidguard.inc but I think this needs to fix in the pbi build and the pbi's are missing the dig digital signature



  • Just for feedback.

    I've tested squidguard-devel without symlinks and ldap as well. It's working fine togheter with squid3 and clamav integration.

    https://forum.pfsense.org/index.php?topic=87424.msg480232#msg480232



  • Have you rebooted your box? On initial install, everything seems to be fine.. Its when I reboot when the lib issues pop up, and I have to create the lnks to resolve it.



  • Didn't tried a reboot yet.



  • Hi Marcello,

    Is the clamav integration in squid working in 2.2 x64? Or does c-icap still crash?

    thanx!

    Pistolero.

    @marcelloc:

    Just for feedback.

    I've tested squidguard-devel without symlinks and ldap as well. It's working fine togheter with squid3 and clamav integration.

    https://forum.pfsense.org/index.php?topic=87424.msg480232#msg480232



  • @Pistolero:

    Is the clamav integration in squid working in 2.2 x64? Or does c-icap still crash?

    working.

    https://forum.pfsense.org/index.php?topic=87424.msg480232#msg480232


  • Rebel Alliance Developer Netgate

    squidGuard-squid3 should be OK now. It installed fine for me in a VM today after I rebuilt the PBI.



  • @jimp:

    squidGuard-squid3 should be OK now. It installed fine for me in a VM today after I rebuilt the PBI.

    Were you also able to rebuild SquidGuard-Dev PBIs? I noticed some changes in github but didn't see any new binaries.


  • Rebel Alliance Developer Netgate

    No the build failed and I didn't have time to investigate.



  • :-\  If there is anything I could assist with, I'll be glad to help..



  • Subj does not start after reboot until you do not update the blacklist  :-\



  • Hello,

    I have the same Problem with pfSense and Squidguard.

    I installed pfSense2.2 with FreeBDS (amd64), squid (2.7.9 pkg v. 4.3.6), squidGuard-devel (1.5_1beta pkg v. 1.5.6) and Captive Protal Plus in VMware Player.
    Yesterday everything worked fine , but today the squid and squidGuard service keep crashing all the time.

    I updates the Blacklist, and then everything was fine again.

    Is this a normal behavior of this package? How can i fix this?

    Im not so skilled with linux, would be grade if anyone can help me :-)



  • @bioperiodik:

    Hello,

    I have the same Problem with pfSense and Squidguard.

    I installed pfSense2.2 with FreeBDS (amd64), squid (2.7.9 pkg v. 4.3.6), squidGuard-devel (1.5_1beta pkg v. 1.5.6) and Captive Protal Plus in VMware Player.
    Yesterday everything worked fine , but today the squid and squidGuard service keep crashing all the time.

    I updates the Blacklist, and then everything was fine again.

    Is this a normal behavior of this package? How can i fix this?

    Im not so skilled with linux, would be grade if anyone can help me :-)

    I am having the same issue on my box.

    Has this been resolved?



  • Try squid3 + squidguard 3



  • It seems the cause for the problem is that the blacklist db is either removed or corrupted when restarting the box. Proof: The blacklist tab shows no sign of a downloaded blacklist and a blacklist database. Since squidguard is configured to use a blacklist it will fail which subsequently also causes squid to fail since the url_rewriter fails.



  • Hi folks,

    I tried to get squid3 and squidguard for squid3 to function on a 64Bit-system. I updated from 2.1.5 to 2.2.1. Some packages did not update at all like squi3, squidguard for squid3 and pfblocker (because the package has now a new name = pfblockerng). That was still ok for me. So I treid to install pfblockerng at first. The installtaion and the configuration where successful and to me is this package realy good.

    Then I tried to install squid3 without squidguard. All OK so far. I was able to start both addons clamav and icap. Then came the test, if squid3 and squidguard for squid3 are operational. This failed. Squid3 stopped and squidguard never started. Then I read in the forum to tr squidguard-devel instead. I did so, but this did not function at all.

    Disapointed about thes packages I deinstalled both packages. After a reboot, I installed squid2 and squidguard for squid2. Everthing was OK and squid with squidguard are OK now. The blacklist were still there after a reboot and the system ist working now.

    Now a question to those how are responsible for the package squi3 and its squidguard: When will there be a solution for this problem and is it possible not to implement clamav and icap? I suggest that this should be a separate package.

    Hope to see a new package as soon as possible.

    thnx a lot.

    I TRIED THIS ON THE LATEST pfsense 2.2.1

    Sorry for this overhasty message that squid2 with squidguard works fine on pfsense 2.2.1.

    That is not realy true. Some things work and some do not. I tried it with several clients and some had connection and some did not. What is the reason. I don not know, but what I know is that not all "Proxy filter SquidGuard: Groups Access Control List (ACL)" work. If you try to configure more than 2 acls you are able to save them, but those clients have no internet at all.

    example:
    First 192.168.1.60-192.168.1.69 ist set to client1 = These IPs are able to surf.
    Second 192.168.1.70-192.168.1.79 ist set to client1 = These IPs are able to surf.
    … everyting follows has no connection.
    fith 192.168.1.90-192.168.1.99 ist set to client1 = These IPs are able to surf.

    Therefor I guess, there ist still work to do. I am going back to the older release pfsense 2.1.5.
    :'( :-\ >:(



  • I looked around a bit and found out that the issue is SquidGuard saving files to the /tmp directory.

    When pfsense is rebooted /tmp directory is rebuilt meaning it erases all files and puts updated ones
    BUT squidGuards files: squidGuard, squidGuard_blacklist_update.sh, squidguard_blacklist.tar & squidguard_download.stat are never rebuilt. Im guessing one of this files is the db or wrkdir.

    You can test this by downloading the blacklist.tar.gz of ur choice and looked at the /tmp folder, then reboot and those files will be gone.

    This can potentially be a very easy fix for someone that has knowledge of squidGuard package code or maybe even the config file. Pretty much squidGuard has to not read/write files in the /tmp but rather somewhere else. (Ex. in the /var/squidGuard directory)

    Ill try to mess around to see if i can find the file or code that saves files to the /tmp and advice back.

    Attached are pics of the /temp directory before and after the reboot

    @mir:

    It seems the cause for the problem is that the blacklist db is either removed or corrupted when restarting the box. Proof: The blacklist tab shows no sign of a downloaded blacklist and a blacklist database. Since squidguard is configured to use a blacklist it will fail which subsequently also causes squid to fail since the url_rewriter fails.

    ![Before reboot.jpg](/public/imported_attachments/1/Before reboot.jpg)
    ![Before reboot.jpg_thumb](/public/imported_attachments/1/Before reboot.jpg_thumb)
    ![After Reboot.jpg](/public/imported_attachments/1/After Reboot.jpg)
    ![After Reboot.jpg_thumb](/public/imported_attachments/1/After Reboot.jpg_thumb)



  • Thanks, this is exactly my problem, rebuilding the database in Squidguard solves the issue.

    However, I am in a third world country with multiple daily power cuts, so there are many reboots of pfsense. therefore Squidguard as it is, is not usefull for me. Hope for a fix soon, or if somebody knows how to do an automatic rebuild after a reboot I would be happy :-)



  • Get a small UPS that allows your router to survive brief outages.



  • @Altijd_Lastig:

    Thanks, this is exactly my problem, rebuilding the database in Squidguard solves the issue.

    However, I am in a third world country with multiple daily power cuts, so there are many reboots of pfsense. therefore Squidguard as it is, is not usefull for me. Hope for a fix soon, or if somebody knows how to do an automatic rebuild after a reboot I would be happy :-)

    Current squidGuard version is 1.9.14
    SquidGuard has gone through a couple updates since my post here, not sure if the issue has actually been fix.

    Anyhow I got around that issue by automatically updating the blacklist after every reboot.
    Below tutorial was done using root account and shallalist blacklist.

    1. I manually downloaded the blacklist and put it in the directory /var/squidGuard

    cd /var/squidGuard && fetch http://www.shallalist.de/Downloads/shallalist.tar.gz
    

    2. Then I created file named squidGuard_blacklist_update.sh made it executable and placed it in directory /usr/local/etc/rc.d/
       ```
    cd /usr/local/etc/rc.d/ && touch squidGuard_blacklist_update.sh && chmod +x squidGuard_blacklist_update.sh

    
    3\. Then using ee I copied below script to squidGuard_blacklist_update.sh and saved it
    

    ee /usr/local/etc/rc.d/squidGuard_blacklist_update.sh

    
    

    #!/usr/local/bin/php -f
        $incl = "/usr/local/pkg/squidguard_configurator.inc";
        if (file_exists($incl)) {
            require_once($incl);
            sg_reconfigure_blacklist( "/var/squidGuard/shallalist.tar.gz", "" );
        }
        exit;

    
    At this point you can reboot and the script will rebuild the blacklist on every boot up.
    The only downside is that it also runs the script on shutdown for some reason. This causes shutdown to take about a minute longer than usual but worth the sacrifice.
    
    Important Notes:
    Keep in mind that this solution will not actually update the blacklist from the internet just rebuild it from the blacklist file downloaded on /var/squidGuard.
    A solutions to this is to use below script place it in /root and then use CRON to run it on a schedule
    

    cd /root && touch squidGuard_blacklist_update.sh && chmod +x squidGuard_blacklist_update.sh

    ee /root/squidGuard_blacklist_update.sh

    #!/usr/local/bin/php -f
        $incl = "/usr/local/pkg/squidguard_configurator.inc";
        if (file_exists($incl)) {
            require_once($incl);
            sg_reconfigure_blacklist( "http://www.shallalist.de/Downloads/shallalist.tar.gz", "" );
        }
        exit;

    
    Please let me know if you have any questions and hope this tutorial helps


  • @KOM:

    Get a small UPS that allows your router to survive brief outages.

    I have a big ups that can run for 2 hours. However, that is not enough. Power cuts are often 5 or 6 hours. generator only tuns in the evening.

    @louicruz88:

    Current squidGuard version is 1.9.14
    SquidGuard has gone through a couple updates since my post here, not sure if the issue has actually been fix.

    No, not yet fixed.

    @louicruz88:

    Anyhow I got around that issue by automatically updating the blacklist after every reboot.
    Below tutorial was done using root account and shallalist blacklist.

    Please let me know if you have any questions and hope this tutorial helps

    Yes, it helps!

    Thank you very much :-)



  • I also struggle to get squid3 (amd64) on pfsense 2.2. But it already get stuck during the installation process:

    Reconfiguring filter… One moment please...

    and then remains there forever, no progress. Under "services" there is also no entry for squid (proxy server).
    The log gives me this:

    May 14 14:15:23	lighttpd[21484]: (network_writev.c.107) writev failed: Operation not permitted 12
    May 14 14:15:23	lighttpd[21484]: (connections.c.619) connection closed: write failed on fd 12
    

    How can I resolve this?