Squid3 / squidguard problems



  • Hello guys,
    just did a fresh install of my pfsense box with just basic internet connectivity and OpenVPN client set up. So pretty simple.
    Next I configured squid3 and squidguard according to this guide to remove ads with minior modificiations due to the updated version.
    Unfortunately there is a huge decrease in performance: websites take 5-10 seconds to open, sometimes even timeout. So far i tried to increase the memory cache size and hard disk cache size without any success.
    Or is this considered to be "normal"? But neither cpu load nor memory usage indicate that the router is maxed out, they are pretty much idle. What's wrong here?



  • Shell in and run

    squidclient -h LAN_IP -p 3128 mgr:info
    

    Check the Median Service Times section and look for anything that seems out of place, like a long DNS count.



  • I cannot even get that far as the access is denied

    Sending HTTP request … done.
    HTTP/1.1 403 Forbidden
    Server: squid
    Mime-Version: 1.0
    Date: Sat, 16 May 2015 00:16:23 GMT
    Content-Type: text/html
    Content-Length: 3091
    X-Squid-Error: ERR_ACCESS_DENIED 0
    Vary: Accept-Language
    Content-Language: en
    X-Cache: MISS from localhost
    X-Cache-Lookup: NONE from localhost:3128
    Via: 1.1 localhost (squid)
    Connection: close
    ....
    ....

    I also tried to add a user and also to add my lan subnet in the ACLs tab but not help as well. Tho that is not even neccessary according to the guide above.What's wrong here?  :P



  • And if I enable squidguard, the whole machine becomes un responsive and locks up after a while. Console is filled with errors:

    Enter an option: swap_pager: indefinite wait buffer: bufobj: 0, blkno: 54203, size: 4096
    swap_pager: indefinite wait buffer: bufobj: 0, blkno: 54075, size: 4096
    swap_pager: indefinite wait buffer: bufobj: 0, blkno: 460, size: 45056
    swap_pager: indefinite wait buffer: bufobj: 0, blkno: 482, size: 4096
    swap_pager: indefinite wait buffer: bufobj: 0, blkno: 484, size: 8192
    swap_pager: out of swap space
    swap_pager_getswapspace(16): failed
    swap_pager_getswapspace(16): failed
    swap_pager_getswapspace(16): failed
    swap_pager_getswapspace(16): failed
    swap_pager_getswapspace(12): failed

    There is a swap partition but it seems no used as it shows permanently 0% usage  :o

    swapinfo
    Device          1K-blocks    Used    Avail Capacity
    /dev/label/swap0  1048572        0  1048572    0%



  • I cannot even get that far as the access is denied

    I meant go to the console and pick option 8 for shell, then run the command I gave you above.

    swap_pager_getswapspace(16): failed

    Something seems to be consuming your swap space in a short amount of time, perhaps due to a memory leak.  Did you modify your squid hard disk cache and memory cache settings from default?



  • Yes that is the output already from console / shell.

    Well I started with the default settings of squid and then later on increased some cache settings. But there is no difference if I use default settings or not, as soon as I enable squidguard the machine becomes unreachable within a very short time while swap usage remeins at 0%.



  • I don't know what else to look for.  I haven't seen that error before.



  • well…right now squid3 has its good days and bad days but if I were you just wait for pfBlockerNG 2.0 it has DNSBL which blocks ads,malware and more. So far its working great.  ;D



  • Yes I checked for pfBlockerNG 2.0 already but unfortunately it is not available yet so I decided to give squid a try but with the result above…



  • pfBlockerNG 2.0 might come out next month.  :o



  • I read that somewhere in february too  ;D
    Meanwhile I am reviewing my setup and that raises a question which interface(s) are the right ones to select in the general section and the transparent proxy section? There is my "normal" WAN internet connection, two OpenVPN connections to my VPN provider and as usual LAN and localhost.
    If I select "LAN" for both sections and enable transparent mode, as the howto suggests, I find that all my firewall rules for pbr are ignored and ALL connections use the default gateway that is set under system -> gateways although different machines supposed to be a different gateway to go online. If squid is disabled this works fine but when enabled not anymore..



  • hmm…Allright lets troubleshoot...Have you tried first installing squid3 reboot, then configure it. After that Install squidGuard configure it click save then apply make sure the services are running. Dont install anything else just those two maybe start again fresh to see if the problem persists. Im running right now Squid3,squidGuard,Sarge,PfblockerNG dev. But In that order i installed them too and its working great.



  • Thanks for your reply. I came across various other posts that describe the same problem as mentioned above: squid uses always th systems default gateway in a multi-WAN setup. This is an ongoing issue since pfsense 2.0 and not certain if it is even adressed and will be fixed :(
    I will try my luck then in the multi-WAN section of this forum.
    BTW since you using squidguard and pfblockerNG2 what would you recommend in terms of an effective ad blocking solution?