SquidGurad service stop issue



  • Hi,

    Whenever I reboot the pfsense Machine then squidGuard service stop and lot of time i tried to start the service of SquidGuard but not get any success.

    So please can someone help me ho i can start the squidGuard service. (Screen shot attached)

    Thanks,
    Sjain






  • squidGuard can appear to not be started since it gets called on-demand.  The real question is, is it doing its job?



  • When I reboot the machine then squidguard service not starting  and then when I am trying to start the service so it is showing me stopped, which i have drop the screen shot in my last message.

    Thanks,
    Sjain



  • Yes yes I understand you perfectly but you didn't answer my question.  When you go to a blocked page, does the page get blocked?  In other words, does squidGuard work regardless of whether it shows as being started or not?



  • when I tried to open the any website it show me page not found and squidguard stopped showing.



  • Do you have blacklists enabled?  If so, have you downloaded and expanded the list?  Is there anything in the System log?  Is there anything in /var/squidGuard/logs/squidGuard.log?  Does squid work by itself without squidGuard?



  • 1. Yes I enabled blacklists option.

    2. Yes I downloaded list and expanded from this link (http://www.shallalist.de/Downloads/shallalist.tar.gz )

    3. I have checked the system logs and found error which mentioned below

    pfSense php-fpm[12157]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/local/etc/squid/squid.conf' returned exit code '1', the output was 'squid: ERROR: No running copy'

    4. Yes Squid is working without squidGuard.

    Kindly help me from this issue.

    Thanks,
    Sjain



  • When was the last time you rebooted the box?  I have seen numerous cases where squid/squidGuard is misbehaving and a reboot fixes it right up.  Which version of pfSense are you using?  If it's the 2.2 branch then I can't help you since I suspect that one or more squid/squidGuard packages are broken.



  • today when I have open the ticket on this form and I am using Pfsense version 2.2.

    So please can  you tell me which version are the stable in PfSense.

    Thanks,
    Sjain



  • I have squid3 3.1.20 pkg 2.1.2 and squidGuard-squid3 1.4_4 pkg v.1.9.6 working like a charm under pfSense 2.1.5.



  • It is possible to install squid3 3.1.20 pkg 2.1.2 and squidGuard-squid3 1.4_4 pkg v.1.9.6 in pfsense 2.2

    Thanks,
    Sjain



  • Nope.  The packages are specific to the base version.



  • Thanks I have move in pfsense 2.1.5 version and it is working fine

    appreciate of your help  :)

    I have two issue

    1. I am not able to block the facebook already enable the socialnet in blocking categories and user able to access the facebook
    (Screenshot Attached- File name Blocking_Categoried_1 & Blocking_Categoried_2)

    So please help me how i can block the facebook and other https websites.

    2. second issue related Blocking message. I want the customized the blocking message. 
    (Screenshot attached- File Name blocking_Messages_Screen_Shot)

    So please help me how i can customized the blocking message.

    Thanks,
    Sjain



  • Thanks I have move in pfsense 2.1.5 version and it is working fine

    appreciate of your help  :)

    I have two issue

    1. I am not able to block the facebook already enable the socialnet in blocking categories and user able to access the facebook
    (Screenshot Attached- File name Blocking_Categoried_1 & Blocking_Categoried_2)

    So please help me how i can block the facebook and other https websites.

    2. second issue related Blocking message. I want the customized the blocking message. 
    (Screenshot attached- File Name blocking_Messages_Screen_Shot)

    So please help me how i can customized the blocking message.

    Thanks,
    Sjain








  • 1.  Blocking of Facebook works for me using the Socialnet category.  Are you running in explicit mode or transparent mode?

    2.  Read this -> https://forum.pfsense.org/index.php?topic=93097.0



  • 1. I am running Squid as a Transparent mode (Configuration Screen shot attached)

    2. How i can access the  sgerror.php and pfsense directory /usr/local/www/, Please guide me….

    3. One more query that I am giving the internet access on user mobile & laptop also, so please guide how i can configure the mac address filter in pfsense. ( I don't want configure the mac filter in wifi Access point).

    Thanks,
    Sjain








  • 2. How i can access the  sgerror.php and pfsense directory /usr/local/www/, Please guide me

    Either Enable Secure Shell in System - Advanced - Admin Access - Secure Shell and then use SCP to copy files over or install the File Manager package and use that to copy files to & from.



  • facebook will be only block http not https unless you run explicit mode which then you need to configure WPAD.



  • facebook will be only block http not https unless you run explicit mode which then you need to configure WPAD.

    You can block HTTPS in Transparent mode, but you need to install a pfSense server certificate on every client that will use the proxy, which is a massive pain in the ass.



  • Hi Kom,

    As per your steps I am trying to access the scp but it is giving the error (screen shot attached).

    Kindly suggest..

    Thanks,
    Sjain




  • Assuming WinSCP, you have the File Protocol set to SCP and not SFTP?



  • I have choose scp.(screen shot attached).

    Thanks,
    Sjain




  • Sorry, I forgot that the pfSense startup menu confuses WinSCP login.

    Just install the File Manager package and do it that way with a web interface.



  • As per your steps I have installed the file Manager in pfsense and you have provide the link for the changing the block message https://forum.pfsense.org/index.php?topic=93097.0

    but I have tried to find out the file sgerror.php and pfsense directory in /usr/local/www, i can't find out

    (Screen Shot attached)

    So please can you tell me the current location of pfsense directory and file sgerror.php in pfsense 2.1.5

    Thanks,
    Sjain






  • Hi KOM,

    I am using the pfsense with squid & squidguard in my company to give the access internet in users mobiles.

    It is not possible to install the pfSense server certificate in all users mobiles so please can you give other option to block the https websites.

    Thanks,
    Sjain



  • You were in the right place, but you need to use your mouse wheel or the scroll button to go down the list past the folders to the files.  It's in alphabetical order, with folders listed first and then files, sort of like how every computer in the world shows folders and files.  This is basic computer stuff.  If you don't know your way around a file system then I'm not sure how you think you're going to configure a routing firewall with proxy support.

    If you want to avoid installing certs, use squid in explicit mode and then configure WPAD to allow your clients to auto-detect the proxy.



  • You can block HTTPS in Transparent mode, but you need to install a pfSense server certificate on every client that will use the proxy, which is a massive pain in the ass.

    haha i love that "pain in the ass" so true  ;D

    Also @sjain WPAD will work but there's some androids that wont work. As chris4916 pointed out to me that you would need Drony to install on the androids, which may not work in your situation. Tell you truth if you don't mind just showing a blank error page on block sites use pfBlockerNG it gets the job done maybe not as neat but usually people enter www.facebook.com it comes up at HTTP (which squidGuard will show the nice blocked page) but if they Google search Facebook it comes up at HTTPS pfBlockerNG will not let it connect.