Netgate SG-1000 microFirewall

Author Topic: Squid, SquidGuard, Lightsquid status on 2.3  (Read 26937 times)

0 Members and 1 Guest are viewing this topic.

Offline maverick_slo

  • Hero Member
  • *****
  • Posts: 820
  • Karma: +38/-2
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #15 on: January 21, 2016, 07:18:58 am »
And I was just going to ask this :)

Offline whitexp

  • Full Member
  • ***
  • Posts: 137
  • Karma: +2/-2
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #16 on: January 21, 2016, 08:51:43 am »
I fixed some more issues in squid today and have a few notes for those who may be upgrading from 2.2.x or earlier to 2.3 and having problems:

1. Make sure that the most current version of the squid package is loaded (>= 0.4.12)

2. Clean up leftover PBI messes:

Code: [Select]
find / -type l -print0 | xargs -0 ls -l | egrep '(squid|perl|pbi)'
Remove any symlinks still pointing to PBI dirs, especially things like perl, lightsquid, perl5, etc.

For example:
Code: [Select]
lrwxr-xr-x  1 root   wheel  39 May  7  2015 /usr/bin/perl -> /usr/pbi/lightsquid-i386/local/bin/perl
lrwxr-xr-x  1 root   wheel  45 May  7  2015 /usr/local/etc/lightsquid -> /usr/pbi/lightsquid-i386/local/etc/lightsquid
lrwxr-xr-x  1 root   wheel  40 May  7  2015 /usr/local/lib/perl5 -> /usr/pbi/lightsquid-i386/local/lib/perl5
lrwxr-xr-x  1 root   wheel  45 Nov  5 10:32 /usr/local/www/lightsquid -> /usr/pbi/lightsquid-i386/local/www/lightsquid

3. Blow away the cache:

Code: [Select]
mv /var/squid/cache /var/squid/cache.old
squid -z
rm -rf /var/squid/cache.old

Code: [Select]
/pkg_edit.php: The command '/usr/local/sbin/squid -z -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'FATAL: getpwnam failed to find userid for effective user 'squid' Squid Cache (Version 3.5.12): Terminated abnormally. CPU Usage: 0.018 seconds = 0.018 user + 0.000 sys Maximum Resident Size: 50000 KB Page faults with physical i/o: 0'

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21494
  • Karma: +1458/-26
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #17 on: January 21, 2016, 09:01:08 am »
That's a new one. Uninstall the package and install it again. The pkg code adds that user on install, or it's supposed to anyhow
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline brianc69

  • Full Member
  • ***
  • Posts: 150
  • Karma: +4/-0
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #18 on: January 21, 2016, 09:14:46 am »
It mostly worked for me. I was able to install freeradius but squid returned an error. Did you catch it in my other post?

Offline whitexp

  • Full Member
  • ***
  • Posts: 137
  • Karma: +2/-2
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #19 on: January 21, 2016, 09:59:26 am »
That's a new one. Uninstall the package and install it again. The pkg code adds that user on install, or it's supposed to anyhow

work

Offline whitexp

  • Full Member
  • ***
  • Posts: 137
  • Karma: +2/-2
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #20 on: January 21, 2016, 10:05:27 am »
squidguard error warning on instalation


Code: [Select]
>>> Installing pfSense-pkg-squidGuard...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
pfSense-pkg-squidGuard: 1.12 [pfSense]
squidGuard: 1.4_15 [pfSense]
db5: 5.3.28_3 [pfSense]

The process will require 15 MiB more space.
1 MiB to be downloaded.
Fetching pfSense-pkg-squidGuard-1.12.txz: ..... done
Fetching squidGuard-1.4_15.txz: .... done
Fetching db5-5.3.28_3.txz: .......... done
Checking integrity... done (0 conflicting)
[1/3] Installing db5-5.3.28_3...
[1/3] Extracting db5-5.3.28_3: .......... done
[2/3] Installing squidGuard-1.4_15...
[2/3] Extracting squidGuard-1.4_15: ..... done
[3/3] Installing pfSense-pkg-squidGuard-1.12...
[3/3] Extracting pfSense-pkg-squidGuard-1.12: .......... done
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...

Warning: file_put_contents(/usr/local/etc/squidGuard/squidguard_conf.xml): failed to open stream: No such file or directory in /usr/local/pkg/squidguard.inc on line 1045

Call Stack:
    0.0004     228704   1. {main}() /etc/rc.packages:0
    0.1839   10561792   2. install_package_xml() /etc/rc.packages:77
    0.4223   11047992   3. require_once('/usr/local/pkg/squidguard.inc') /etc/inc/pkg-utils.inc:702
    0.4543   12883648   4. convert_pfxml_to_sgxml() /usr/local/pkg/squidguard.inc:100
    0.4574   12913928   5. file_put_contents() /usr/local/pkg/squidguard.inc:1045

Custom commands...
Executing custom_php_install_command()...done.
Executing custom_php_resync_config_command()...done.
Menu items... done.
Services... done.
Writing configuration... done.
Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.Message from squidGuard-1.4_15:
===================================================================
 In order to activate squidGuard you have to edit squid.conf
 To the contain "url_rewrite_program /usr/local/bin/squidGuard"
 and create a configuration file for squidGuard.

 Sample blacklists have been installed in /usr/local/share/examples/squidGuard.

 A sample configuration file has beeen installed in
 /usr/local/etc/squid/squidGuard.conf.sample.

 You need to edit the configuration and compile the blacklist
 you choose to use with:
 squidGuard -d -C all

 Please bear in mind that this is just a sample configuration file
 and for any real world usage you need to download or create your
 own updated blacklists and create your own configuration file.

 Check documentation here:

 http://www.squidguard.org/Doc/

 To activate the changes do a /usr/local/sbin/squid -k reconfigure
===================================================================
Message from pfSense-pkg-squidGuard-1.12:
Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://forum.pfsense.org/index.php?topic=94312.0 for details.
>>> Cleaning up cache... done.
Success

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21494
  • Karma: +1458/-26
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #21 on: January 21, 2016, 10:16:05 am »
squidguard error warning on instalation

I'll push a fix for that, looks easy enough to correct.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline whitexp

  • Full Member
  • ***
  • Posts: 137
  • Karma: +2/-2
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #22 on: January 21, 2016, 12:55:42 pm »
error on lightsquid

Code: [Select]
Jan 21 16:31:22 php-fpm 28398 /rc.start_packages: [lightsquid] Error: Could not load default '/usr/local/etc/lightsquid/lightsquid.cfg.dist' configuration file.
Jan 21 16:31:22 php-fpm 28398 /rc.start_packages: [lightsquid] Error: Could not create '/usr/local/etc/lightsquid/lightsquid.cfg' configuration file.
Jan 21 16:31:22 php-fpm 28398 /rc.start_packages: [lightsquid] Removing old cronjobs...

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21494
  • Karma: +1458/-26
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #23 on: January 21, 2016, 12:57:05 pm »
Lightsquid is broken in many ways (see the earlier posts in the thread) -- no hope of it working util we fix up nginx for CGI.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline Pakken

  • Jr. Member
  • **
  • Posts: 45
  • Karma: +0/-0
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #24 on: January 22, 2016, 07:39:48 am »
Fired up a test vm with a clean 2.3 install, squid appears to be working as long as I disable clamav and c-icap.
I seriously lack time lately, after a (really) quick check it doesn't seem to build the .sock file and it probably misses something else.
I think you guys are well-aware of it but I'll be happy to provide more info as soon as I can if needed.

Thank you once again for the awesome job you keep doing.
See ya!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21494
  • Karma: +1458/-26
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #25 on: January 22, 2016, 09:57:11 am »
We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline seanelias

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #26 on: January 23, 2016, 09:59:41 am »
When ever i turn on Transparent HTTP Proxy  i couldn't browse any website , but there is no problem if i use explicit  proxy  .

Any one have the same issue ???

Offline brianc69

  • Full Member
  • ***
  • Posts: 150
  • Karma: +4/-0
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #27 on: January 24, 2016, 12:39:48 am »
I can't use transparent or adding it to my system direct. They both fail. Looks like a few of us having the problem but no cause or solution yet to my knowledge.

Offline brianc69

  • Full Member
  • ***
  • Posts: 150
  • Karma: +4/-0
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #28 on: February 03, 2016, 12:14:56 pm »
Clean install, restore configs, problem remains.

Offline Valex

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
Re: Squid, SquidGuard, Lightsquid status on 2.3
« Reply #29 on: February 04, 2016, 03:33:52 am »
Lightsquid is broken in many ways (see the earlier posts in the thread) -- no hope of it working util we fix up nginx for CGI.
We've made no attempt to test or work on clamav or c-icap, just the base functions of the forward proxy currently.

What does this mean? It's fixed in 2.3 final right?
« Last Edit: February 04, 2016, 03:52:35 am by Valex »