Squid - No access to uncached Sites



  • Hello together,

    I am new to pfSense and tried to use squid (use of squidGuard planed).
    I´ve configured squid in the way of those HowTow tutorials, already tried different configurations.

    But as soon as squid is enabled I can not access any Website, but when I disable "allow users on Interface" and also do not enter anything to "allowed subnets" squid works. Those websites are accessible when I recheck "allow users on Interface", but "new websites" still are not.

    Being a newbie, the situation is a little bit hopeless for me, since I do not know how to do "deeper" troubleshooting.
    I would really appreciate some advise. If any further Information is needed, please let me know.

    pfSense-Version: 2.2.6-RELEASE
    squid-Version: 4.3.10
    Host: HP proliant Microserver G7 (not in VM)
    WAN goes to fritz.box
    LAN goes to switch and APs

    regards
    Marcus



  • Did you restart squid or reboot pfSense after installing squid?



  • Yes, several times, and after changeing settings too.



  • Use the console option 8 and check /var/squid/logs/cache.log and access.log.  Post screens of your squid config General page.



  • Here are my logs:
    access.log:

    1455305829.973      0 192.168.10.54 TCP_DENIED/400 1943 GET NONE:// - NONE/- text/html
    1455305830.370      0 192.168.10.54 TCP_DENIED/400 1889 GET NONE:// - NONE/- text/html
    1455305867.658      0 192.168.10.54 TCP_DENIED/400 1969 GET NONE:// - NONE/- text/html
    1455305867.905      0 192.168.10.54 TCP_DENIED/400 1889 GET NONE:// - NONE/- text/html
    
    

    cache.log:

    016/02/12 21:01:46| Reconfiguring Squid Cache (version 2.7.STABLE9)...
    2016/02/12 21:01:46| FD 16 Closing HTTP connection
    2016/02/12 21:01:46| FD 17 Closing HTTP connection
    2016/02/12 21:01:46| FD 19 Closing HTCP socket
    2016/02/12 21:01:46| FD 20 Closing SNMP socket
    2016/02/12 21:01:46| logfileClose: closing log /var/squid/logs/access.log
    2016/02/12 21:01:46| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
    2016/02/12 21:01:46| Cache dir '/var/squid/cache' size remains unchanged at 10485760 KB
    2016/02/12 21:01:46| Initialising SSL.
    2016/02/12 21:01:46| logfileOpen: opening log /var/squid/logs/access.log
    2016/02/12 21:01:46| Store logging disabled
    2016/02/12 21:01:46| Referer logging is disabled.
    2016/02/12 21:01:46| DNS Socket created at 0.0.0.0, port 6093, FD 13
    2016/02/12 21:01:46| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2016/02/12 21:01:46| Adding nameserver 8.8.8.8 from /etc/resolv.conf
    2016/02/12 21:01:46| Adding nameserver 8.8.4.4 from /etc/resolv.conf
    2016/02/12 21:01:46| Adding nameserver 192.168.0.1 from /etc/resolv.conf
    2016/02/12 21:01:46| Accepting proxy HTTP connections at 192.168.10.1, port 3128, FD 16.
    2016/02/12 21:01:46| Accepting transparently proxied HTTP connections at 127.0.0.1, port 3128, FD 17.
    2016/02/12 21:01:46| Accepting HTCP messages on port 4827, FD 19.
    2016/02/12 21:01:46| Accepting SNMP messages on port 3401, FD 20.
    2016/02/12 21:01:46| WCCP Disabled.
    2016/02/12 21:01:46| Loaded Icons.
    2016/02/12 21:01:46| Ready to serve requests.
    2016/02/12 21:01:46| Reconfiguring Squid Cache (version 2.7.STABLE9)...
    2016/02/12 21:01:46| FD 16 Closing HTTP connection
    2016/02/12 21:01:46| FD 17 Closing HTTP connection
    2016/02/12 21:01:46| FD 19 Closing HTCP socket
    2016/02/12 21:01:46| FD 20 Closing SNMP socket
    2016/02/12 21:01:46| logfileClose: closing log /var/squid/logs/access.log
    2016/02/12 21:01:46| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
    2016/02/12 21:01:46| Cache dir '/var/squid/cache' size remains unchanged at 10485760 KB
    2016/02/12 21:01:46| Initialising SSL.
    2016/02/12 21:01:46| logfileOpen: opening log /var/squid/logs/access.log
    2016/02/12 21:01:46| Store logging disabled
    2016/02/12 21:01:46| Referer logging is disabled.
    2016/02/12 21:01:46| DNS Socket created at 0.0.0.0, port 36502, FD 13
    2016/02/12 21:01:46| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2016/02/12 21:01:46| Adding nameserver 8.8.8.8 from /etc/resolv.conf
    2016/02/12 21:01:46| Adding nameserver 8.8.4.4 from /etc/resolv.conf
    2016/02/12 21:01:46| Adding nameserver 192.168.0.1 from /etc/resolv.conf
    2016/02/12 21:01:46| Accepting proxy HTTP connections at 192.168.10.1, port 3128, FD 16.
    2016/02/12 21:01:46| Accepting transparently proxied HTTP connections at 127.0.0.1, port 3128, FD 17.
    2016/02/12 21:01:46| Accepting HTCP messages on port 4827, FD 19.
    2016/02/12 21:01:46| Accepting SNMP messages on port 3401, FD 20.
    2016/02/12 21:01:46| WCCP Disabled.
    2016/02/12 21:01:46| Loaded Icons.
    2016/02/12 21:01:46| Ready to serve requests.
    
    

    What do you mean with console option 8???

    Pics attached






  • Console option 8 is the pfSense console… what you see on your monitor for your pfsense PC or appliance, not the WebGUI.

    It looks like it's running ok.  You have to allow users on the interface or nothing will work.  Which squid did you install?  Your interface looks a bit different from mine, which makes me wonder if you installed ancient squid instead of squid3.



  • I installed the squid Package from the Package-Installer inside pfSense, see attached pic.




  • OK, get rid of that and install the squid3 package.  That's your problem.  That package is for squid2 which is ancient and I'm not even sure it works properly.  Your eperiences seem to confirm that something weird is going on.  The squid3 package is the only one really being maintained moving forward, so you should use that one.


Log in to reply