Upgrade 2.2.4 to 2.2.5 - Squid not working.



  • Hi!
    I upgraded from 2.2.4 to 2.2.5 earlier this day, and before that Squid was working flawless.
    Now however, directly after upgrading, it starts to blocking sites, giving me this: "The requested URL could not be retrieved."

    Anyone else having this problem?



  • Mine wouldn't work until I re downloaded Shallalist



  • Same issue here.  Squid just doesn't seem to be working anymore after the upgrade.  I've uninstalled/reinstalled but no luck.  Squidguard wouldn't work either even after the blacklist update.



  • Thanks for posting.

    I just realized after reading your post that also in my setup SquidGuard went to holiday after upgrade to 2.2.5. and no sign to show something is wrong. It needed to download again the Shallalist.

    This pfsense sw firewall is start looking more and more like a long term Fourteen Eyes or a boot-net implementation; after each upgrade with every serviced showed to work but almost nothing working properly, not even the basic function of 30$ firewall.
    https://forum.pfsense.org/index.php?topic=101938.msg569465#msg569465

    whats next ?


  • Banned

    If you people are wondering why you receive zero help, than that's because each one of you miserably failed to provide any debugging info. "T3h noes it no workie, pfSense suxxxxx" should go to /dev/null forum.

    Look at the damn logs available on the 'Real Time' tab and use them! If you want help, post them here. Goddamn it!

    :( >:( >:(

    =====================

    And - one more thing: Squid3 (as in the 3.4 branch package) is working just fine. Before, and after upgrade. When you screw up your box by installing gazillions of other packages that are broken, stop blaming Squid. And stop blaming pfSense - the core OS has nothing to do with this.

    To expand on the above and state of the Squid-related stuff:

    • Squid 2.7 - dead shit. Abandoned upstream years ago, abandoned on FreeBSD years ago, pfSense package is buggy like hell with tens and tens of bugs unfixed that got meanwhile fixed in newer Squid versions. Wouldn't recommend anyone to use it. Won't exist on pfSense 2.3 either. If you try to upgrade this to Squid3 later, you very likely will gets lots of those package bugs carried over via config.xml.

    • Lightsquid is just fine now.

    • Sarg is mostly fine except for some stuff that should just be removed since it's completely bad idea (such as the log rotation stuff) or improved (the cron handling mess), but generally no big deal. Working on it, just not enough time to get it finished.

    • SquidGuard/SquidGuard-devel - this thing is a fucking mess! I seriously never got to even start working on it. There's a PR to get the "define a dummy category before using" note into the GUI and into post-install message which is the most often hit issue with it, caused by PBI idiocy. For the rest of issues there - why's noone fixing it? Presumably because it's been written by a guy who's got very specific coding "style". Among 300+ lines of fscking defines() out of which 1/3 has never been used, 1/3 is no longer used and the remaining 1/3 is circular and based on about 10 generic ones which actually are the only ones needed, I get fscking lost. It causes me severe headache in minutes. Trying to cleanup and fix such code is something I have absolutely NO motivation for, mainly since I have no use for this thing.

    • Dansguardian - dead upstream, dead on pfSense, wait for E2Guardian if you need similar thing.

    Less is more. Don't install unneeded things on your firewalls. Consider working, much more lightweight alternatives such as pfBlockerNG for blocking sites.



  • Say, I had the same problem.  Upgraded from 2.2.4 to 2.25, and my squid install failed.  The upgrade went through the process of installing upgrades itself, but that didn't seem to help.  I did wait until it said it was done doing it's work - the Lock screen came off the top after a while.

    Anyway, long story short - I can't recall the details - I uninstalled the squid packages manually.  Then installed the new squid3 package… and wow, that's a NICE upgrade.  my transparent proxy works MUCH better now, pays attention to my upstream 'parent' proxy as well, which is better behavior than what I had before.

    Now, I found out my squid package was at fault by looking at the pfsense provided logs.  I'd recommend you take a look at the System Logs under Status, there's a lot of stuff in there that can help you, and squid logs are annotated with [squid].  Turns out the problem I was having was noted in there!  Take a look at the logs, that might help you debug your problem on your own ;)



  • Just to be clear: in my case after I read this thread I found that squidGuard is displayed as working ( nothing in logs and no error message ) but in fact it was on holiday after upgrade to 2.2.5 it just needed to download again the Shallalist ( like I already write in my first post )…. yes my mistake I did not double check each package after upgrade and I just trusted the status display when nothing in my config changed.

    The problem with pfsense now is that a lot of things are not working properly as supposed and not only for me it looks like this project is at the point when nobody knows exactly what is working and what is not working ( like all states not cleared at expiration, traffic shaping kill NAT reflection... ). Sometime nothing shows in logs at first look, new bugs are introduced after each update and little from old bugs are corrected even after 1-3 years.
    For a piece of sw that is related to security and is the first defense of a network this is pure slow death. Nobody will trust this sw to protect his network. Only packages that still keep this sw alive now are: OpenVPN, pfblockerng, snort & suricata... ( maybe other people can add other packages if they 101% sure )

    If a package is death or not working then this has to be clear mentioned next to him or better removed from official repo or blocked to be installed on an unsupported version, what's the point to carry a death package after you, just to have the biggest list of packages available ?



  • doktornotor you son of GUN , I like the cut of your Jib



  • I use squid 2.7 and squidguard. After upgrade to 2.2.5, everything ist working fine.

    You won't need to reload blacklist after a reboot if you put at least one entry into "target categories".



  • @doktornotor - I've been using pfSense for a month now, trying out the packages, reading the forums, and testing everything out.  Your information above about those packages is valuable and useful.  But how would a new person coming to this software know any of that?  Most of the useful tidbits of info I've read come from you or a few other dedicated programmers buried in a forum post somewhere.  A few packages are useful and well maintained, but, as you indicated, some are really broken and unmaintained.  Can we get a 'date last updated' added to the package manager?  Or some other indicator of what you have shared?  I like pfSense, but I've been hacking away at it for hours and combing forums for months to learn anything useful….



  • guys
    dont blame PFS!  >:(
    its a great fw.
    if you think its buggy, you shold see versions from 2005.
    most of problems and solutions are on forum, just search.

    delete groups acl, delete target categories, reinstall squidguard.
    make new target category (whitelist something not important)
    downolad blacklist
    enable squidguard
    im almost 100% sure it will work


  • Banned

    @Xeboc:

    @doktornotor - I've been using pfSense for a month now, trying out the packages, reading the forums, and testing everything out.  Your information above about those packages is valuable and useful.  But how would a new person coming to this software know any of that?  Most of the useful tidbits of info I've read come from you or a few other dedicated programmers buried in a forum post somewhere.  A few packages are useful and well maintained, but, as you indicated, some are really broken and unmaintained.  Can we get a 'date last updated' added to the package manager?  Or some other indicator of what you have shared?  I like pfSense, but I've been hacking away at it for hours and combing forums for months to learn anything useful….

    When I tried to mark Squid 2.7 unsupported in the package list, the PR was closed by pfSense devs telling me that Squid 2.7 is one of the few "officially supported" packages. Never mind noone's maintaining and fixing anything there and that package is buggy like hell and abandoned everywhere. There. Don't get me started with that again. The 2.7 zombie thing is gone from pfSense 2.3, thanks god. Dansguardian is gone as well, the E2G did not get anywhere last time I checked and will need bunch of fixes for 2.3 anyway. Squidguard is still there and is still broken and I still get severe headaches when I look at the code, cannot see myself fixing it anytime soon. Rewriting from scratch would probably be easier.

    As for "last updated", you can see that on Github.


Log in to reply