Installing squid3 on pfSense 2.0 (amd64) results in a bunch of errors:
php: /pkg_edit.php: The command '/usr/local/sbin/squid -D' returned exit code '1', the output was '2011/02/24 10:30:04| WARNING: -D command-line option is obsolete. 2011/02/24 10:30:04| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2011/02/24 10:30:04| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2011/02/24 10:30:04| WARNING: For now we will assume you meant to write /27 2011/02/24 10:30:04| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2011/02/24 10:30:04| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2011/02/24 10:30:04| WARNING: For now we will assume you meant to write /8 2011/02/24 10:30:04| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2011/02/24 10:30:04| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2011/02/24 10:30:04| WARNING: You should probably remove '::/0' from the ACL named 'all' 2011/02/24 10:30:04| aclParseAclL
So i decided to look at the squid.inc and made the following changes:
first change is to get rid of the "wrong" netmask: squid wants CDIR.
second change is the change from the acl-netmasks to CDIR too.
third change is the removing of the reply_body_max_size, because the squid manpage says
Configuration Format is:
reply_body_max_size SIZE UNITS [acl ...]
reply_body_max_size 10 MB
and at the same time
reply_body_max_size SIZE [acl acl...]
So i tested with "reply_body_max_size 0 deny all" and with "reply_body_max_size 0 KB deny all". Tested with other values greater 0, but all time same result.
If anybody has an explanation to this strange behaviour, please feel free to tell me.
And at last i removed the "-d" from the starting-script.
Output of diff:
> $mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2);
< acl all src 0.0.0.0/0.0.0.0
< acl localhost src 127.0.0.1/255.255.255.255
> acl all src all
> acl localhost src 127.0.0.1/32
< $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny all\n";
> // $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny all\n";
< mwexec("/usr/local/sbin/squid -D");
Now squid3 starts without any errror, squidguard starts too and its working as expected:
Feb 24 13:25:39 check_reload_status: syncing firewall
Feb 24 13:25:38 check_reload_status: reloading filter
Feb 24 13:25:38 squid: Squid Parent: child process 43989 started
Feb 24 13:25:38 php: /pkg_edit.php: Starting Squid