Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3 / squidguard problems

    Scheduled Pinned Locked Moved Cache/Proxy
    13 Posts 3 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fraglord
      last edited by

      Hello guys,
      just did a fresh install of my pfsense box with just basic internet connectivity and OpenVPN client set up. So pretty simple.
      Next I configured squid3 and squidguard according to this guide to remove ads with minior modificiations due to the updated version.
      Unfortunately there is a huge decrease in performance: websites take 5-10 seconds to open, sometimes even timeout. So far i tried to increase the memory cache size and hard disk cache size without any success.
      Or is this considered to be "normal"? But neither cpu load nor memory usage indicate that the router is maxed out, they are pretty much idle. What's wrong here?

      pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Shell in and run

        squidclient -h LAN_IP -p 3128 mgr:info
        

        Check the Median Service Times section and look for anything that seems out of place, like a long DNS count.

        1 Reply Last reply Reply Quote 0
        • F
          fraglord
          last edited by

          I cannot even get that far as the access is denied

          Sending HTTP request … done.
          HTTP/1.1 403 Forbidden
          Server: squid
          Mime-Version: 1.0
          Date: Sat, 16 May 2015 00:16:23 GMT
          Content-Type: text/html
          Content-Length: 3091
          X-Squid-Error: ERR_ACCESS_DENIED 0
          Vary: Accept-Language
          Content-Language: en
          X-Cache: MISS from localhost
          X-Cache-Lookup: NONE from localhost:3128
          Via: 1.1 localhost (squid)
          Connection: close
          ....
          ....

          I also tried to add a user and also to add my lan subnet in the ACLs tab but not help as well. Tho that is not even neccessary according to the guide above.What's wrong here?  :P

          pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

          1 Reply Last reply Reply Quote 0
          • F
            fraglord
            last edited by

            And if I enable squidguard, the whole machine becomes un responsive and locks up after a while. Console is filled with errors:

            Enter an option: swap_pager: indefinite wait buffer: bufobj: 0, blkno: 54203, size: 4096
            swap_pager: indefinite wait buffer: bufobj: 0, blkno: 54075, size: 4096
            swap_pager: indefinite wait buffer: bufobj: 0, blkno: 460, size: 45056
            swap_pager: indefinite wait buffer: bufobj: 0, blkno: 482, size: 4096
            swap_pager: indefinite wait buffer: bufobj: 0, blkno: 484, size: 8192
            swap_pager: out of swap space
            swap_pager_getswapspace(16): failed
            swap_pager_getswapspace(16): failed
            swap_pager_getswapspace(16): failed
            swap_pager_getswapspace(16): failed
            swap_pager_getswapspace(12): failed

            There is a swap partition but it seems no used as it shows permanently 0% usage  :o

            swapinfo
            Device          1K-blocks    Used    Avail Capacity
            /dev/label/swap0  1048572        0  1048572    0%

            pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              I cannot even get that far as the access is denied

              I meant go to the console and pick option 8 for shell, then run the command I gave you above.

              swap_pager_getswapspace(16): failed

              Something seems to be consuming your swap space in a short amount of time, perhaps due to a memory leak.  Did you modify your squid hard disk cache and memory cache settings from default?

              1 Reply Last reply Reply Quote 0
              • F
                fraglord
                last edited by

                Yes that is the output already from console / shell.

                Well I started with the default settings of squid and then later on increased some cache settings. But there is no difference if I use default settings or not, as soon as I enable squidguard the machine becomes unreachable within a very short time while swap usage remeins at 0%.

                pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  I don't know what else to look for.  I haven't seen that error before.

                  1 Reply Last reply Reply Quote 0
                  • K
                    killmasta93
                    last edited by

                    well…right now squid3 has its good days and bad days but if I were you just wait for pfBlockerNG 2.0 it has DNSBL which blocks ads,malware and more. So far its working great.  ;D

                    Tutorials:

                    https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                    1 Reply Last reply Reply Quote 0
                    • F
                      fraglord
                      last edited by

                      Yes I checked for pfBlockerNG 2.0 already but unfortunately it is not available yet so I decided to give squid a try but with the result above…

                      pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

                      1 Reply Last reply Reply Quote 0
                      • K
                        killmasta93
                        last edited by

                        pfBlockerNG 2.0 might come out next month.  :o

                        Tutorials:

                        https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                        1 Reply Last reply Reply Quote 0
                        • F
                          fraglord
                          last edited by

                          I read that somewhere in february too  ;D
                          Meanwhile I am reviewing my setup and that raises a question which interface(s) are the right ones to select in the general section and the transparent proxy section? There is my "normal" WAN internet connection, two OpenVPN connections to my VPN provider and as usual LAN and localhost.
                          If I select "LAN" for both sections and enable transparent mode, as the howto suggests, I find that all my firewall rules for pbr are ignored and ALL connections use the default gateway that is set under system -> gateways although different machines supposed to be a different gateway to go online. If squid is disabled this works fine but when enabled not anymore..

                          pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

                          1 Reply Last reply Reply Quote 0
                          • K
                            killmasta93
                            last edited by

                            hmm…Allright lets troubleshoot...Have you tried first installing squid3 reboot, then configure it. After that Install squidGuard configure it click save then apply make sure the services are running. Dont install anything else just those two maybe start again fresh to see if the problem persists. Im running right now Squid3,squidGuard,Sarge,PfblockerNG dev. But In that order i installed them too and its working great.

                            Tutorials:

                            https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                            1 Reply Last reply Reply Quote 0
                            • F
                              fraglord
                              last edited by

                              Thanks for your reply. I came across various other posts that describe the same problem as mentioned above: squid uses always th systems default gateway in a multi-WAN setup. This is an ongoing issue since pfsense 2.0 and not certain if it is even adressed and will be fixed :(
                              I will try my luck then in the multi-WAN section of this forum.
                              BTW since you using squidguard and pfblockerNG2 what would you recommend in terms of an effective ad blocking solution?

                              pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.