Squid3 i386 pfsense 2.2

marcelloc

Hi,

i386 pbi for squid 3.4 was rebuild. Can you chech if transparent proxy is working now?

squid-3.4.10_2-amd64.pbi  09-Feb-2015 17:22
squid-3.4.10_2-i386.pbi  09-Feb-2015 17:41

Visseroth

Squid3 is working with transparent but you need to disable the antivirus and configure it to get squid to fire.

Cino

@Visseroth:

Squid3 is working with transparent but you need to disable the antivirus and configure it to get squid to fire.

For the antivirus, did you following the checks that displayed to correct the config files?

Steve Evans

@marcelloc:

Hi,

i386 pbi for squid 3.4 was rebuild. Can you chech if transparent proxy is working now?

squid-3.4.10_2-amd64.pbi  09-Feb-2015 17:22
squid-3.4.10_2-i386.pbi  09-Feb-2015 17:41

Hi Marcelloc,

Only just spotted you'd opened a thread to track this, so forgive me for duplicating an existing post here…

I've just installed 3.4.10_2 pkg 0.2.6 and I'm seeing the following config using "squid -v"

'--disable-ipf-transparent' '--disable-ipfw-transparent' '--enable-pf-transparent'

This is the same as before…  :(

Although I was offered an upgrade I now realise the version hasn't actually changed. Should I have expected this for the recompiled version?

It does appear to be of the correct vintage though:

: ls -lL `which squid`
-rwxr-xr-x  1 proxy  proxy  8514 Feb  9 17:39 /usr/local/sbin/squid

Steve

Visseroth

@Cino:

@Visseroth:

Squid3 is working with transparent but you need to disable the antivirus and configure it to get squid to fire.

For the antivirus, did you following the checks that displayed to correct the config files?

No I did not, I have not had a chance to go through it as of yet. But for a quick fix this will get squid to fire.

marcelloc

@Steve:

This is the same as before…  :(

try to remove the package, check if squid binary is gone and then install it again. The compile options were fixed a while ago and if it still missing transparent mode, I'll report on redmine.

Steve Evans

Yes, I'd done that.

Thanks,

Steve

agismaniax

i still have this problem also. any workarround to enable transparent proxy?

[2.2.2-RELEASE][root@xxx]/root: pbi_info
lightsquid-1.8_2-i386
squid-3.4.10_2-i386

[2.2.2-RELEASE][root@xxx]/root: /usr/local/sbin/squid -v
Squid Cache: Version 3.4.10
configure options:  '–with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache' '--enable-auth' '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation' '--disable-arch-native' '--enable-eui' '--enable-cache-digests' '--enable-delay-pools' '--enable-ecap' '--disable-esi' '--enable-follow-x-forwarded-for' '--enable-htcp' '--enable-icap-client' '--enable-icmp' '--enable-ident-lookups' '--enable-ipv6' '--enable-kqueue' '--with-large-files' '--enable-http-violations' '--without-nettle' '--enable-snmp' '--enable-ssl' '--enable-ssl-crtd' '--disable-stacktraces' '–disable-ipf-transparent' '--disable-ipfw-transparent' '--enable-pf-transparent' '–with-nat-devpf' '--disable-forw-via-db' '--enable-wccp' '--enable-wccpv2' '--enable-auth-basic=DB MSNT MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam LDAP NIS' '--enable-auth-digest=file' '--enable-external-acl-helpers=file_userip time_quota unix_group LDAP_group' '--enable-auth-negotiate=kerberos wrapper' '--enable-auth-ntlm=fake smb_lm' '--enable-storeio=ufs aufs diskd' '--enable-disk-io=AIO Blocking IpcIo Mmapped DiskThreads DiskDaemon' '--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-storeid-rewrite-helpers=file' '--with-openssl=/usr' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd10.1' 'build_alias=i386-portbld-freebsd10.1' 'CC=cc' 'CFLAGS=-O2 -pipe  -I/usr/local/include -I/usr/local/include -I/usr/include -fstack-protector -DLDAP_DEPRECATED -fno-strict-aliasing' 'LDFLAGS= -L/usr/local/lib -L/usr/local/lib -pthread -Wl,-rpath,/usr/lib:/usr/local/lib -L/usr/lib -fstack-protector' 'LIBS=' 'CPPFLAGS=' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include -I/usr/include -fstack-protector -DLDAP_DEPRECATED -fno-strict-aliasing  -Wno-unused-private-field' 'CPP=cpp' 'PKG_CONFIG=pkgconf' --enable-ltdl-convenience

Steve Evans

I've gone back to 2.1.5. Working great after wasting too much time on this.

Steve

carloscaro

Hello Steve,

I read all your detailed comments about this issue and I realize that the problem was not only with version pfsense 2.2.2 i386 (32bits), but also with pfsense 2.2.2 amd64 (64bits) version. It was working great under 64 bits arquitecture, I mean redirection from port 80 to 8080 (dansguardian on lan:8080 and then squid on loopback:3128) on a similar scenario as yours, but after I changed a value in a queue from the traffic shaper, for some reason, the NAT rule stop working so I had to configure manually on every desktop.

Installed Packages: dansguardian-2.12.0.3_2 and squid-2.7.9_4

I don't think I will have a change to get back to 2.1.5 but certainly, I will be wating for a new realease that fixes this problem!

Thank you for your information!

Carlos.

KOM

so I had to configure manually on every desktop.

WPAD might have saved you a lot of time.