Re: [squid-users] squid with squidguard issue
Well you could use squids built in blacklist capabilities instead of
adding complexity by trying to us squidGard or DansGuardian,
particularly if your a noob at squid. Ive taken a look at them and
decided that its too much effort to try and implement, Rather, this is
how ive done it.
Try this instead, its what I do.
created a blacklist file, and place it somewhere, mine is in my squid dir
/etc/squid3/squid-block.acl (u can name it whatever u want of course)
add a few test entries to this file in the following format
.pornsite.com
.unwantedsite.com
.whatevershit.com
.someshitwebsite.com
the . will ensure thatwww.pornsite.com or any subdomain is also blocked.
So next add these lines to your squid.conf
#blacklist by haxradio.com==
acl blacklist dstdomain "/etc/squid3/squid-block.acl"
http_access deny blacklist
#==
then do
squid3 +k reconfigure (assuming that your running squid3.x series)
Voila, you are blocking sites using a black list my friend.
btw, just ignore the stupid warning messages. they do not affect the
functionality of this feature and ive learned
to just ignore them.
Thanks to Amos for helping me to properly do this.
On 03/05/2012 05:19 PM, jeffrey j donovan wrote:
On Mar 5, 2012, at 8:40 AM, Muhammad Yousuf Khan wrote:
can some one plz help. i followed
http://wiki.debian.org/DebianEdu/HowTo/SquidGuard and using lenny
squid 2.7 and squidguard 1.2.0
i write the below line at the end of squid.conf
redirect_program /usr/bin/squidGuard
okay
i denied "ads" in squidGuard.conf and "addme.com" is a domain which i
am sure is in the list of blocklist database.
now when i go to "addme.com" it just open the website (which i dont want though)
here is squidGuard.conf rule.
dest adult {
domainlist ads/domains
# urllist /var/lib/squidguard/db/blacklists/porn/urls
# expressionlist adult/expressions
redirecthttp://google.com
}
you need to supply a source and destination. basically who is allowed to access
squidguard. and then tell squidguard what to do with the clients
request,..allow or deny.
eg;
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log
#
# SOURCE ADDRESSES:
src admin {
ip 10.1.1.1
}
src fooclients {
ip 10.132.0.0/16 10.155.0.0/16
}
src freedomzone {
ip 10.154.1.0/24 10.154.2.0/24
}
# DESTINATION CLASSES:
#
dest whitelist {
domainlist whitelist/domains
}
dest education {
domainlist education/schools/domains
urllist education/schools/urls
}
dest denied {
domainlist denied/domains
urllist denied/urls
redirecthttp://10.0.2.3/surfb1.html
log deniedaccess.log
}
acl {
admin {
pass any
}
fooclients {
passwhitelist education !denied any
} else {
pass any
}
freedomzone {
passwhitelist education !pornexp !porn any
redirect http://staff2.beth.k12.pa.us/index.html
} else {
pass any
}
default {
pass none
redirect http://10.0.2.3/index.html
}
}
here is squidguard log. /var/log/squid/squidGuard.log
2012-03-05 08:06:53 [4180] squidGuard 1.2.0 started (1330952813.099)
2012-03-05 08:06:53 [4180] recalculating alarm in 30187 seconds
2012-03-05 08:06:53 [4180] squidGuard ready for requests (1330952813.101)
2012-03-05 08:06:53 [4182] destblock good missing active content, set inactive
2012-03-05 08:06:53 [4182] destblock local missing active content, set inactive
2012-03-05 08:06:53 [4182] init domainlist /var/lib/squidguard/db/ads/domains
2012-03-05 08:06:53 [4182] loading dbfile /var/lib/squidguard/db/ads/domains.db
2012-03-05 08:06:53 [4182] squidGuard 1.2.0 started (1330952813.107)
2012-03-05 08:06:53 [4182] recalculating alarm in 30187 seconds
2012-03-05 08:06:53 [4182] squidGuard ready for requests (1330952813.108)
here is access.log.the thing which is making me confuse that redirect
tag is not present which suppose to be there. however i can not find
any redirect tag in default 2.7 squid.conf file. can u please tell me
what is going on and how can i redirect or can solve the issue
1330953994.304640 10.51.100.240 TCP_CLIENT_REFRESH_MISS/200 1910
GET http://www.addme.com/favicon.ico - DIRECT/69.43.161.4 image/x-icon
Thanks,
Re: [squid-users] squid with squidguard issue
On Mar 5, 2012, at 8:40 AM, Muhammad Yousuf Khan wrote:
> can some one plz help. i followed
> http://wiki.debian.org/DebianEdu/HowTo/SquidGuard and using lenny
> squid 2.7 and squidguard 1.2.0
>
> i write the below line at the end of squid.conf
> redirect_program /usr/bin/squidGuard
okay
>
> i denied "ads" in squidGuard.conf and "addme.com" is a domain which i
> am sure is in the list of blocklist database.
> now when i go to "addme.com" it just open the website (which i dont want
> though)
>
> here is squidGuard.conf rule.
>
> dest adult {
>domainlist ads/domains
> # urllist /var/lib/squidguard/db/blacklists/porn/urls
> # expressionlist adult/expressions
>redirecthttp://google.com
>
> }
you need to supply a source and destination. basically who is allowed to access
squidguard. and then tell squidguard what to do with the clients
request,..allow or deny.
eg;
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log
#
# SOURCE ADDRESSES:
src admin {
ip 10.1.1.1
}
src fooclients {
ip 10.132.0.0/16 10.155.0.0/16
}
src freedomzone {
ip 10.154.1.0/24 10.154.2.0/24
}
# DESTINATION CLASSES:
#
dest whitelist {
domainlist whitelist/domains
}
dest education {
domainlist education/schools/domains
urllist education/schools/urls
}
dest denied {
domainlist denied/domains
urllist denied/urls
redirecthttp://10.0.2.3/surfb1.html
log deniedaccess.log
}
acl {
admin {
pass any
}
fooclients {
passwhitelist education !denied any
} else {
pass any
}
freedomzone {
passwhitelist education !pornexp !porn any
redirect http://staff2.beth.k12.pa.us/index.html
} else {
pass any
}
default {
pass none
redirect http://10.0.2.3/index.html
}
}
>
> here is squidguard log. /var/log/squid/squidGuard.log
>
> 2012-03-05 08:06:53 [4180] squidGuard 1.2.0 started (1330952813.099)
> 2012-03-05 08:06:53 [4180] recalculating alarm in 30187 seconds
> 2012-03-05 08:06:53 [4180] squidGuard ready for requests (1330952813.101)
> 2012-03-05 08:06:53 [4182] destblock good missing active content, set inactive
> 2012-03-05 08:06:53 [4182] destblock local missing active content, set
> inactive
> 2012-03-05 08:06:53 [4182] init domainlist /var/lib/squidguard/db/ads/domains
> 2012-03-05 08:06:53 [4182] loading dbfile
> /var/lib/squidguard/db/ads/domains.db
> 2012-03-05 08:06:53 [4182] squidGuard 1.2.0 started (1330952813.107)
> 2012-03-05 08:06:53 [4182] recalculating alarm in 30187 seconds
> 2012-03-05 08:06:53 [4182] squidGuard ready for requests (1330952813.108)
>
> here is access.log.the thing which is making me confuse that redirect
> tag is not present which suppose to be there. however i can not find
> any redirect tag in default 2.7 squid.conf file. can u please tell me
> what is going on and how can i redirect or can solve the issue
>
> 1330953994.304640 10.51.100.240 TCP_CLIENT_REFRESH_MISS/200 1910
> GET http://www.addme.com/favicon.ico - DIRECT/69.43.161.4 image/x-icon
>
>
> Thanks,
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: >> - Try the online test again : >> >> root # /usr/sbin/squid >> >> OK ? >> >> M. >> >> Yeah That still works fine. Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
> Actually No. (groan...) > > 2006/01/26 22:00:56| helperOpenServers: Starting 5 'squidGuard' processes > 2006/01/26 22:00:56| WARNING: Cannot run > '/usr/local/squidguard/bin/squidGuard' process. > 2006/01/26 22:00:56| WARNING: Cannot run > '/usr/local/squidguard/bin/squidGuard' process. > 2006/01/26 22:00:56| WARNING: Cannot run > '/usr/local/squidguard/bin/squidGuard' process. > 2006/01/26 22:00:56| WARNING: Cannot run > '/usr/local/squidguard/bin/squidGuard' process. > 2006/01/26 22:00:56| WARNING: Cannot run > '/usr/local/squidguard/bin/squidGuard' process. > > (From cache.log after reboot with "/usr/sbin/squid" in rc.local) > > Sigh... > - Try the online test again : root # /usr/sbin/squid OK ? M.
RE: [squid-users] Squid with SquidGuard
> Actually No. (groan...) > > 2006/01/26 22:00:56| helperOpenServers: Starting 5 'squidGuard' > processes 2006/01/26 22:00:56| WARNING: Cannot run > '/usr/local/squidguard/bin/squidGuard' process. 2006/01/26 22:00:56| > WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. > 2006/01/26 22:00:56| WARNING: Cannot run > '/usr/local/squidguard/bin/squidGuard' process. 2006/01/26 22:00:56| > WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. > 2006/01/26 22:00:56| WARNING: Cannot run > '/usr/local/squidguard/bin/squidGuard' process. > > (From cache.log after reboot with "/usr/sbin/squid" in rc.local) > > Sigh... > > Mark Can you also try it with your service squid start or whatever init script you have available? Brian
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: >>What now? >> >> >> > >Same test , but now, from /etc/rc.d/rc.local. >(involves system restart) > >Should work too now. > > > > Actually No. (groan...) 2006/01/26 22:00:56| helperOpenServers: Starting 5 'squidGuard' processes 2006/01/26 22:00:56| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. 2006/01/26 22:00:56| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. 2006/01/26 22:00:56| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. 2006/01/26 22:00:56| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. 2006/01/26 22:00:56| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. (From cache.log after reboot with "/usr/sbin/squid" in rc.local) Sigh... Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
> [EMAIL PROTECTED] mark]# whereis squid > squid: /usr/sbin/squid /etc/squid /usr/lib/squid /usr/share/squid > /usr/share/man /man8/squid.8.gz > [EMAIL PROTECTED] mark]# /usr/sbin/squid > [EMAIL PROTECTED] mark]# ps -ef | grep squid > [EMAIL PROTECTED] mark]# ps -ef | grep squid > root 6017 5105 0 20:46 pts/300:00:00 su - squid > squid 6018 6017 0 20:46 pts/300:00:00 -bash > root 6195 1 0 21:11 ?00:00:00 /usr/sbin/squid > squid 6197 6195 0 21:11 ?00:00:00 (squid) > squid 6198 6197 0 21:11 ?00:00:00 (squidGuard) -c > /etc/squidguard.conf > squid 6199 6197 0 21:11 ?00:00:00 (squidGuard) -c > /etc/squidguard.conf > squid 6200 6197 0 21:11 ?00:00:00 (squidGuard) -c > /etc/squidguard.conf > squid 6201 6197 0 21:11 ?00:00:00 (squidGuard) -c > /etc/squidguard.conf > squid 6202 6197 0 21:11 ?00:00:00 (squidGuard) -c > /etc/squidguard.conf > squid 6203 6197 0 21:11 ?00:00:00 (unlinkd) > root 6209 5055 0 21:12 pts/200:00:00 grep squid > [EMAIL PROTECTED] mark]# > > Looking good... > > Logs (both /var/log/squid/cache.log & > /var/log/squidguard/squidGuard.log) also show squid + squidGuard started OK > > What now? > Same test , but now, from /etc/rc.d/rc.local. (involves system restart) Should work too now. M.
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote:
>>Sorry, My mistake - again.
>>
>>[EMAIL PROTECTED] mark]# su - squid
>>This account is currently not available.
>>
>>hmmm..
>>
>>[EMAIL PROTECTED] mark]# vim /etc/passwd
>> {change squid:x:23:23::/var/spool/squid:/sbin/nologin to
>>squid:x:23:23::/var/spool/squid:/bin/bash}
>>
>>[EMAIL PROTECTED] mark]# su - squid
>>-bash-3.00$ /usr/local/squidguard/bin/squidGuard -d
>>2006-01-26 20:47:29 [6046] squidGuard 1.2.0 started (1138308449.370)
>>2006-01-26 20:47:29 [6046] squidGuard ready for requests (1138308449.372)
>>
>>OK?
>>
>>Thanks (yet) again...
>>
>>
>>
>
> Ok, and now, since the status of the squid account in the pw file
>was changed you should, simply (only) ,try :
>
> root # _path_to_squid/squid
>
>Check whether this works.
>
>M.
>
>
>
[EMAIL PROTECTED] mark]# whereis squid
squid: /usr/sbin/squid /etc/squid /usr/lib/squid /usr/share/squid
/usr/share/man /man8/squid.8.gz
[EMAIL PROTECTED] mark]# /usr/sbin/squid
[EMAIL PROTECTED] mark]# ps -ef | grep squid
[EMAIL PROTECTED] mark]# ps -ef | grep squid
root 6017 5105 0 20:46 pts/300:00:00 su - squid
squid 6018 6017 0 20:46 pts/300:00:00 -bash
root 6195 1 0 21:11 ?00:00:00 /usr/sbin/squid
squid 6197 6195 0 21:11 ?00:00:00 (squid)
squid 6198 6197 0 21:11 ?00:00:00 (squidGuard) -c
/etc/squidguard.conf
squid 6199 6197 0 21:11 ?00:00:00 (squidGuard) -c
/etc/squidguard.conf
squid 6200 6197 0 21:11 ?00:00:00 (squidGuard) -c
/etc/squidguard.conf
squid 6201 6197 0 21:11 ?00:00:00 (squidGuard) -c
/etc/squidguard.conf
squid 6202 6197 0 21:11 ?00:00:00 (squidGuard) -c
/etc/squidguard.conf
squid 6203 6197 0 21:11 ?00:00:00 (unlinkd)
root 6209 5055 0 21:12 pts/200:00:00 grep squid
[EMAIL PROTECTED] mark]#
Looking good...
Logs (both /var/log/squid/cache.log &
/var/log/squidguard/squidGuard.log) also show squid + squidGuard started OK
What now?
Mark
signature.asc
Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
> Sorry, My mistake - again.
>
> [EMAIL PROTECTED] mark]# su - squid
> This account is currently not available.
>
> hmmm..
>
> [EMAIL PROTECTED] mark]# vim /etc/passwd
>{change squid:x:23:23::/var/spool/squid:/sbin/nologin to
> squid:x:23:23::/var/spool/squid:/bin/bash}
>
> [EMAIL PROTECTED] mark]# su - squid
> -bash-3.00$ /usr/local/squidguard/bin/squidGuard -d
> 2006-01-26 20:47:29 [6046] squidGuard 1.2.0 started (1138308449.370)
> 2006-01-26 20:47:29 [6046] squidGuard ready for requests (1138308449.372)
>
> OK?
>
> Thanks (yet) again...
>
Ok, and now, since the status of the squid account in the pw file
was changed you should, simply (only) ,try :
root # _path_to_squid/squid
Check whether this works.
M.
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote:
>>
>>[EMAIL PROTECTED] mark]# sudo -u squid /usr/sbin/squid -NCd 1
>>...
>>
>>
>
> That's not the way to go, and not what I asked.
> You need to make sure that the one who is defined
> as
>
> cache_effective_user
>
> can execute /squidGuard.
> Since the user is apparently called 'squid' you need to,
>
> Either fully login as "squid'' and test this, I advise to test it
> that way *really*.
> If you want to test it from root-originating-shells then,
>
> 1) # su - squid
> 2) squid % _path_to_squidguard/squidGuard
>
>the latter should not give a permission error.
>
>squid.pid contains the process id of the squid process.
>
>Starting as 'squid' using the sudo stuff is bogus, because, indeed,
>then you run into other problems such as the pid file which can not be written,
>e.g. because this file is owned by root.
>
>M.
>
>
>
Sorry, My mistake - again.
[EMAIL PROTECTED] mark]# su - squid
This account is currently not available.
hmmm..
[EMAIL PROTECTED] mark]# vim /etc/passwd
{change squid:x:23:23::/var/spool/squid:/sbin/nologin to
squid:x:23:23::/var/spool/squid:/bin/bash}
[EMAIL PROTECTED] mark]# su - squid
-bash-3.00$ /usr/local/squidguard/bin/squidGuard -d
2006-01-26 20:47:29 [6046] squidGuard 1.2.0 started (1138308449.370)
2006-01-26 20:47:29 [6046] squidGuard ready for requests (1138308449.372)
OK?
Thanks (yet) again...
Mark
signature.asc
Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
> > [EMAIL PROTECTED] mark]# sudo -u squid /usr/sbin/squid -NCd 1 >... That's not the way to go, and not what I asked. You need to make sure that the one who is defined as cache_effective_user can execute /squidGuard. Since the user is apparently called 'squid' you need to, Either fully login as "squid'' and test this, I advise to test it that way *really*. If you want to test it from root-originating-shells then, 1) # su - squid 2) squid % _path_to_squidguard/squidGuard the latter should not give a permission error. squid.pid contains the process id of the squid process. Starting as 'squid' using the sudo stuff is bogus, because, indeed, then you run into other problems such as the pid file which can not be written, e.g. because this file is owned by root. M.
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: > So , are you really sure, that the one user who is defined as : > >cache_effective_user > > in squid.conf, can execute : > > /usr/local/squidguard/bin/squidGuard > > -->> Double verify and again, if needed. > > M. > > > Hmmm. Well I *thought* I could. But see below: [EMAIL PROTECTED] ~]$ su Password: [EMAIL PROTECTED] mark]# cat /etc/squid/squid.conf | grep cache_effective # TAG: cache_effective_user # to UID to "squid". If you define cache_effective_user, but not # cache_effective_group, Squid sets the GID to the effective # cache_effective_user. #cache_effective_user squid cache_effective_user squid # TAG: cache_effective_group #cache_effective_group squid cache_effective_group squid Then: [EMAIL PROTECTED] mark]# sudo -u squid /usr/sbin/squid -NCd 1 2006/01/26 18:47:49| strtokFile: /usr/share/squid/ads not found 2006/01/26 18:47:49| aclParseAclLine: WARNING: empty ACL: acl ad_sites dstdomain "/usr/share/squid/ads" 2006/01/26 18:47:49| Starting Squid Cache version 2.5.STABLE11 for i386-redhat-linux-gnu... 2006/01/26 18:47:49| Process ID 5028 2006/01/26 18:47:49| With 1024 file descriptors available 2006/01/26 18:47:49| Performing DNS Tests... 2006/01/26 18:47:49| Successful DNS name lookup tests... 2006/01/26 18:47:49| DNS Socket created at 0.0.0.0, port 32789, FD 4 2006/01/26 18:47:49| Adding nameserver 192.168.123.254 from /etc/resolv.conf 2006/01/26 18:47:49| helperOpenServers: Starting 5 'squidGuard' processes 2006/01/26 18:47:50| User-Agent logging is disabled. 2006/01/26 18:47:50| Referer logging is disabled. 2006/01/26 18:47:50| Unlinkd pipe opened on FD 14 2006/01/26 18:47:50| Swap maxSize 102400 KB, estimated 7876 objects 2006/01/26 18:47:50| Target number of buckets: 393 2006/01/26 18:47:50| Using 8192 Store buckets 2006/01/26 18:47:50| Max Mem size: 8192 KB 2006/01/26 18:47:50| Max Swap size: 102400 KB 2006/01/26 18:47:50| Rebuilding storage in /var/spool/squid (CLEAN) 2006/01/26 18:47:50| Using Least Load store dir selection 2006/01/26 18:47:50| Set Current Directory to /var/spool/squid 2006/01/26 18:47:50| Loaded Icons. 2006/01/26 18:47:50| Accepting HTTP connections at 0.0.0.0, port 8080, FD 16. 2006/01/26 18:47:50| Accepting ICP messages at 0.0.0.0, port 3130, FD 17. 2006/01/26 18:47:50| WCCP Disabled. 2006/01/26 18:47:50| /var/run/squid.pid: (1) Operation not permitted FATAL: Could not write pid file Wooahhh??? So: [EMAIL PROTECTED] mark]# ls -la /var/run/squi* ls: /var/run/squi*: No such file or directory Hmmm - Strange? [EMAIL PROTECTED] mark]# locate squid.pid /var/run/squid.pid So whatever squid.pid is or does it was there the last time updatedb was run but it's not there now. However, Squid did get past the point at which it launched squidGuard (which seemed OK) before gracefully closing it. See squidGuard.log (+note times): 2006-01-26 18:47:50 [5031] squidGuard 1.2.0 started (1138301270.257) 2006-01-26 18:47:50 [5031] squidGuard ready for requests (1138301270.310) 2006-01-26 18:47:50 [5033] squidGuard 1.2.0 started (1138301270.275) 2006-01-26 18:47:50 [5033] squidGuard ready for requests (1138301270.311) 2006-01-26 18:47:50 [5029] squidGuard 1.2.0 started (1138301270.246) 2006-01-26 18:47:50 [5029] squidGuard ready for requests (1138301270.312) 2006-01-26 18:47:50 [5032] squidGuard 1.2.0 started (1138301270.290) 2006-01-26 18:47:50 [5032] squidGuard ready for requests (1138301270.313) 2006-01-26 18:47:50 [5030] squidGuard 1.2.0 started (1138301270.285) 2006-01-26 18:47:50 [5030] squidGuard ready for requests (1138301270.314) 2006-01-26 18:47:51 [5029] squidGuard stopped (1138301271.198) 2006-01-26 18:47:51 [5030] squidGuard stopped (1138301271.200) 2006-01-26 18:47:51 [5031] squidGuard stopped (1138301271.201) 2006-01-26 18:47:51 [5032] squidGuard stopped (1138301271.203) 2006-01-26 18:47:51 [5033] squidGuard stopped (1138301271.204) Now running "/usr/sbin/squid -NCd 1" as root (*NOT* sudo -u squid) works just fine (I am not posting the output, but I ran it at 19:07) and guess what?: [EMAIL PROTECTED] mark]# ls -la /var/run/squid.pid -rw-r--r-- 1 root squid 5 Jan 26 19:07 /var/run/squid.pid [EMAIL PROTECTED] mark]# I'm *sure* this worked before however but (shrug) nevertheless - what does it tell us? Thanks again for all your help Best regards Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
> I'm running Red Hat Fedora Core 4 on an Intel Celeron (Coppermine) PC. > > [EMAIL PROTECTED] ~]$ uname -a > Linux localhost.localdomain 2.6.14-1.1656_FC4 #1 Thu Jan 5 22:13:22 EST 2006 > i686 i686 i386 GNU/Linux > > Is there anything else you need to know? > > > Please find below a full (Level 1, ALL) log for a reboot with the > "/usr/sbin/squid" line in /etc/rc.d/rc.local. > So , are you really sure, that the one user who is defined as : cache_effective_user in squid.conf, can execute : /usr/local/squidguard/bin/squidGuard -->> Double verify and again, if needed. M.
Re: [squid-users] Squid with SquidGuard
> Well you did ask... Apologies to list for long post but please find below a > full (Level 9, ALL) log for a rebbot with the "/usr/sbin/squid" line in > /etc/rc.d/rc.local. > > > I would like to have the cache.log list with the default debug options set, when SQUID is started from rc.local. Could you also mention, OS/platform/version ? M.
Re: [squid-users] Squid with SquidGuard
> > Nope. > In the working case everything seems just fine: > 2006-01-24 21:32:37 [11225] squidGuard 1.2.0 started (1138138357.409) > 2006-01-24 21:32:37 [11225] squidGuard ready for requests (1138138357.481) > 2006-01-24 21:32:37 [11223] squidGuard 1.2.0 started (1138138357.433) > 2006-01-24 21:32:37 [11223] squidGuard ready for requests (1138138357.482) > 2006-01-24 21:32:37 [11224] squidGuard 1.2.0 started (1138138357.435) > 2006-01-24 21:32:37 [11224] squidGuard ready for requests (1138138357.483) > 2006-01-24 21:32:37 [11221] squidGuard 1.2.0 started (1138138357.506) > 2006-01-24 21:32:37 [11221] squidGuard ready for requests (1138138357.508) > 2006-01-24 21:32:37 [11222] squidGuard 1.2.0 started (1138138357.519) > 2006-01-24 21:32:37 [11222] squidGuard ready for requests (1138138357.521) > 2006-01-24 22:11:05 [11221] squidGuard stopped (1138140665.526) > 2006-01-24 22:11:05 [11222] squidGuard stopped (1138140665.528) > 2006-01-24 22:11:05 [11223] squidGuard stopped (1138140665.530) > 2006-01-24 22:11:05 [11224] squidGuard stopped (1138140665.531) > 2006-01-24 22:11:05 [11225] squidGuard stopped (1138140665.533) > (I started with "/usr/sbin/squid -NCd 1" did some tests and closed with > CTRL-C) > > In the non-working case - cold boot with "/usr/sbin/squid" in rc.local - > you can see the results too (i.e. *nothing at all* written to > squidGuard.log). > - In the command-line case, was SQUID started from the root account ? - What's in cache.log (full log), for the failing case ? M.
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: >> >> >> >>So. To be clear: >>"/usr/sbin/squid -NCd 1" from the command line works just fine; >>"/usr/sbin/squid" in /etc/rc.d/rc.local does not; and produces the same >>error as >>"/sbin/service squid start" from the command line. >> >>Apologies for the confusion. >> >>What next? >> >> >> > >In both cases, the working and the not working case, >can you check : > > squidGuard.log > >anything weird in there ? > >M. > > > Nope. In the working case everything seems just fine: 2006-01-24 21:32:37 [11225] squidGuard 1.2.0 started (1138138357.409) 2006-01-24 21:32:37 [11225] squidGuard ready for requests (1138138357.481) 2006-01-24 21:32:37 [11223] squidGuard 1.2.0 started (1138138357.433) 2006-01-24 21:32:37 [11223] squidGuard ready for requests (1138138357.482) 2006-01-24 21:32:37 [11224] squidGuard 1.2.0 started (1138138357.435) 2006-01-24 21:32:37 [11224] squidGuard ready for requests (1138138357.483) 2006-01-24 21:32:37 [11221] squidGuard 1.2.0 started (1138138357.506) 2006-01-24 21:32:37 [11221] squidGuard ready for requests (1138138357.508) 2006-01-24 21:32:37 [11222] squidGuard 1.2.0 started (1138138357.519) 2006-01-24 21:32:37 [11222] squidGuard ready for requests (1138138357.521) 2006-01-24 22:11:05 [11221] squidGuard stopped (1138140665.526) 2006-01-24 22:11:05 [11222] squidGuard stopped (1138140665.528) 2006-01-24 22:11:05 [11223] squidGuard stopped (1138140665.530) 2006-01-24 22:11:05 [11224] squidGuard stopped (1138140665.531) 2006-01-24 22:11:05 [11225] squidGuard stopped (1138140665.533) (I started with "/usr/sbin/squid -NCd 1" did some tests and closed with CTRL-C) In the non-working case - cold boot with "/usr/sbin/squid" in rc.local - you can see the results too (i.e. *nothing at all* written to squidGuard.log). Hurumph... Thanks again Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
> > > > So. To be clear: > "/usr/sbin/squid -NCd 1" from the command line works just fine; > "/usr/sbin/squid" in /etc/rc.d/rc.local does not; and produces the same > error as > "/sbin/service squid start" from the command line. > > Apologies for the confusion. > > What next? > In both cases, the working and the not working case, can you check : squidGuard.log anything weird in there ? M.
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: >>If I put the command >>/usr/sbin/squid -NC >>in my /etc/rc.d/rc.local file it hangs the system on reboot! >> >> > > You can not use it like that in rc.local, that way of SQUID starting is > ment >to be used from the command line, and intended for problem solving tasks. >Use "squid -h" to understand the meaning of these flags >For rc.local just use : > > _path_to_squid/squid > >afterwards, check cache.log , watchout for FATAL errors, if > > > >>I think it's something to do with the cache (/var/spool/squid). >> >> >Whatever caused it, the only remedy was to power off and reboot with a >rescue disk & comment out the line in /etc/rc.d/rc.local. > > >>Interestingly, if I try the command /usr/sbin/squid on its own with no >>switches, the system starts OK but I get the same old error (WARNING: Cannot >>run '/usr/bin/squidGuard' process.) and squidGuard is not running. >> >>So what on earth is going on? >> >> > > We need to re-iterate ; > > On the command line : > > # squid -NCd 1 > >check whether this works, again. > >Then just put startup command in rc.local the way I explained. >Check cache.log > >M. > > > Hi Mark, Hi List, Sorry, I explained myself badly. I did put "/usr/sbin/squid -NC" in rc.local at first which caused the crash. The next thing I did (after restoring the system) was to read the -h comments (slap myself) and put just the command "/usr/sbin/squid" in rc.local. As I point out above (badly worded): >>Interestingly, if I try the command /usr/sbin/squid on its own with no >>switches, the system starts OK but I >>get the same old error (WARNING: >>Cannot run '/usr/bin/squidGuard' process.) and squidGuard is not running. without the -NC switches the command "/usr/sbin/squid" in rc.local starts OK but does not start squidGuard - and gives exactly the same errors in cache.log as I've been getting all along when starting squid with "/sbin/service squid start". The only thing that gives me hope is the fact that "/usr/sbin/squid -NCd 1" from the command line does in fact work (and I've just tried it again to be sure!). So. To be clear: "/usr/sbin/squid -NCd 1" from the command line works just fine; "/usr/sbin/squid" in /etc/rc.d/rc.local does not; and produces the same error as "/sbin/service squid start" from the command line. Apologies for the confusion. What next? Thanks again (I *really* appreciate your help) Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
> If I put the command > /usr/sbin/squid -NC > in my /etc/rc.d/rc.local file it hangs the system on reboot! You can not use it like that in rc.local, that way of SQUID starting is ment to be used from the command line, and intended for problem solving tasks. Use "squid -h" to understand the meaning of these flags For rc.local just use : _path_to_squid/squid afterwards, check cache.log , watchout for FATAL errors, if >I think it's something to do with the cache (/var/spool/squid). Whatever caused it, the only remedy was to power off and reboot with a rescue disk & comment out the line in /etc/rc.d/rc.local. > > Interestingly, if I try the command /usr/sbin/squid on its own with no > switches, the system starts OK but I get the same old error (WARNING: Cannot > run '/usr/bin/squidGuard' process.) and squidGuard is not running. > > So what on earth is going on? We need to re-iterate ; On the command line : # squid -NCd 1 check whether this works, again. Then just put startup command in rc.local the way I explained. Check cache.log M.
Re: [squid-users] Squid with SquidGuard
> Sorry to take a while to get back to you - I was watching Foyle's War :-) > > Thanks so much! Now I think I'm making progress... > > Thanks again It looks like this surrounding stop-start script has a flaw somewhere. In Redhat I just start script in /etc/rc.d/rc.local and don't use any of the service stop-start features. I'd advise to go that way. M.
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: >>... >> >>Squid is started automatically in runlevel 5. If I start it myself I use >>the command: >>/sbin/service squid start (or stop, or restart) >>as root. >> >> >> > > Try to start it more natively, what does : > > root # path_to_squid/squid -NCd 1 > > gives ? > > Well Now! - *That's Interesting!* It Works! [EMAIL PROTECTED] mark]# /sbin/service squid stop Stopping squid: . [ OK ] [EMAIL PROTECTED] mark]# /usr/sbin/squid -NCd 1 2006/01/22 23:18:30| Starting Squid Cache version 2.5.STABLE11 for i386-redhat-linux-gnu... 2006/01/22 23:18:30| Process ID 3644 2006/01/22 23:18:30| With 1024 file descriptors available 2006/01/22 23:18:30| Performing DNS Tests... 2006/01/22 23:18:30| Successful DNS name lookup tests... 2006/01/22 23:18:30| DNS Socket created at 0.0.0.0, port 32772, FD 4 2006/01/22 23:18:30| Adding nameserver 192.168.123.254 from /etc/resolv.conf 2006/01/22 23:18:30| helperOpenServers: Starting 5 'squidGuard' processes ...etc So what exactly does that tell us? How can I get it so that it works when started automatically? > (You are lucky , the snooker is on a break :-) > > M. > > > Sorry to take a while to get back to you - I was watching Foyle's War :-) Thanks so much! Now I think I'm making progress... Thanks again Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
>... > > Squid is started automatically in runlevel 5. If I start it myself I use > the command: > /sbin/service squid start (or stop, or restart) > as root. > Try to start it more natively, what does : root # path_to_squid/squid -NCd 1 gives ? (You are lucky , the snooker is on a break :-) M.
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: >>I haven't tried restarting yet - but given that "ping localhost" works >>with the firewall(s) in place do you still think that this is my problem? >> >> > > It could still be, so the restarting with all Firewalling off should >still be tried. > > Well I've just tried it with Iptables/Firestarter turned off + cold restart - and still the same thing. I can't work out what to do with my wireless router firewall (to be honest firewalls are a bit of a "black art" as far as I am concerned) but all references to LAN are 192.168.123.xxx as far as I can see. > > >>I still think that the "Permission denied" message is caused by file >>ownership problems - but where? >> >> >> >> > > There shouldn't be if SquidGuard runs under the same user as squid >(defined in squid.conf). > Btw, do you start SQUID as root ? > Even if no privileged port is used for http-receiving, I would still >start as root. I am > not sure whether this inter process communication , which goes via > the loopback interface , may need root privilege to create the socket. > > I am not sure about that. > > M. > > Both cache_effective_user and cache_effective_group in squid.conf are set to "squid". Every file I can think of that is even remotely connected with squidGuard is set to chown squid.squid. Squid is started automatically in runlevel 5. If I start it myself I use the command: /sbin/service squid start (or stop, or restart) as root. Any ideas? signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
> I haven't tried restarting yet - but given that "ping localhost" works > with the firewall(s) in place do you still think that this is my problem? It could still be, so the restarting with all Firewalling off should still be tried. > > I still think that the "Permission denied" message is caused by file > ownership problems - but where? > > There shouldn't be if SquidGuard runs under the same user as squid (defined in squid.conf). Btw, do you start SQUID as root ? Even if no privileged port is used for http-receiving, I would still start as root. I am not sure whether this inter process communication , which goes via the loopback interface , may need root privilege to create the socket. I am not sure about that. M.
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: >That may not be enough in a context where the Firewalling software was >started and then stopped. Residual rules and or states may still affect the >loopback interface. > >Can you, for instance, 'ping localhost' with success ? > > Yup... Even with the firewall up and running: [EMAIL PROTECTED] bin]# ping localhost PING localhost.localdomain (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=0 ttl=64 time=0.339 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=64 time=0.260 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=2 ttl=64 time=0.260 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=3 ttl=64 time=0.261 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=4 ttl=64 time=0.251 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=5 ttl=64 time=0.260 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=6 ttl=64 time=0.252 ms --- localhost.localdomain ping statistics --- 7 packets transmitted, 7 received, 0% packet loss, time 6008ms rtt min/avg/max/mdev = 0.251/0.269/0.339/0.028 ms, pipe 2 > Set the firewalling functions off , wherever this needs to be done, > and *restart* the system. > Check whether you can ping the localhost (itself). > > > I haven't tried restarting yet - but given that "ping localhost" works with the firewall(s) in place do you still think that this is my problem? I still think that the "Permission denied" message is caused by file ownership problems - but where? Thanks Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
> > > Now, after some Googling, I see that this problem (or at least similar > problems) can be caused by a firewall on the loopback interface. Do you > think this is the cause of my problem? (I posted my Iptables output in > an earlier post). > > However, as a test, I temporarily disabled the firewall and > unfortunately still got the same problem. That may not be enough in a context where the Firewalling software was started and then stopped. Residual rules and or states may still affect the loopback interface. Can you, for instance, 'ping localhost' with success ? > That is the firewall on this > FC4 machine... I am connected to the Internet via a wireless connection > which has its own firewall - but surely that should not affect this (or > should it?) > > What should my next step be? > Set the firewalling functions off , wherever this needs to be done, and *restart* the system. Check whether you can ping the localhost (itself). M. > Dying of frustration here. > > Many thanks for your patience... > > Mark > > > >
Re: [squid-users] Squid with SquidGuard
Hello Chaps, I'm still struggling (and still failing) to to squidGuard to work with squid. For those of you who have not been following each gripping instalment of this thread here is a quick recap... I can run squid very happily on my FC4 machine. I have tried installing squidGuard by RPM, by Yum and finally from source. I have (I think) changed all the file ownerships and permissions that I should have done and yet I have always got (and still get) the same error when I include squidGuard as a redirector in squid: 2006/01/14 21:36:07| helperOpenServers: Starting 5 'squidGuard' processes 2006/01/14 21:36:07| comm_open: FD 6 is a new socket 2006/01/14 21:36:07| fd_open FD 6 squidGuard 2006/01/14 21:36:07| comm_open: FD 7 is a new socket 2006/01/14 21:36:07| fd_open FD 7 squidGuard 2006/01/14 21:36:07| ipcCreate: prfd FD 7 2006/01/14 21:36:07| ipcCreate: pwfd FD 7 2006/01/14 21:36:07| ipcCreate: crfd FD 6 2006/01/14 21:36:07| ipcCreate: cwfd FD 6 2006/01/14 21:36:07| ipcCreate: FD 7 sockaddr 127.0.0.1:32990 2006/01/14 21:36:07| ipcCreate: FD 6 sockaddr 127.0.0.1:32989 2006/01/14 21:36:07| ipcCreate: FD 6 listening... 2006/01/14 21:36:07| leave_suid: PID 12881 called 2006/01/14 21:36:07| leave_suid: PID 12881 giving up root priveleges forever 2006/01/14 21:36:07| ipcCreate: calling accept on FD 6 2006/01/14 21:36:07| comm_close: FD 6 2006/01/14 21:36:07| commCallCloseHandlers: FD 6 2006/01/14 21:36:07| fd_close FD 6 squidGuard 2006/01/14 21:36:07| connect FD 7: (13) Permission denied 2006/01/14 21:36:07| comm_close: FD 7 2006/01/14 21:36:07| commCallCloseHandlers: FD 7 2006/01/14 21:36:07| fd_close FD 7 squidGuard 2006/01/14 21:36:07| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. The "Permission denied" message has led me down the file ownership / permissions route; but I am able to run squidGuard from the command line with the "sudo" command: [EMAIL PROTECTED] bin]# sudo -u squid /usr/local/squidguard/bin/squidGuard -d 2006-01-22 18:30:36 [14702] squidGuard 1.2.0 started (1137954636.066) 2006-01-22 18:30:36 [14702] squidGuard ready for requests (1137954636.096) Now, after some Googling, I see that this problem (or at least similar problems) can be caused by a firewall on the loopback interface. Do you think this is the cause of my problem? (I posted my Iptables output in an earlier post). However, as a test, I temporarily disabled the firewall and unfortunately still got the same problem. That is the firewall on this FC4 machine... I am connected to the Internet via a wireless connection which has its own firewall - but surely that should not affect this (or should it?) What should my next step be? Dying of frustration here. Many thanks for your patience... Mark signature.asc Description: OpenPGP digital signature
RE: [squid-users] Squid with SquidGuard
> If I run squidGuard on its own as root it seems to work. Is there any > way I can try to run it as user "squid" from the command line > to see if > I get any more information? Trying "su squid" obviously > didn't work (but > I had to try it anyway). Are you familiar with the sudo command? Whilst root you should be able to do something like: % sudo -u squid squidguard And that will execute the command as squid. Hope that helps, Ben
RE: [squid-users] Squid with SquidGuard
> [EMAIL PROTECTED] mark]# su - squid > This account is currently not available. > [EMAIL PROTECTED] mark]# > Hmmm... *Should* that work? Kind of. It shouldn't work because the system has not given a shell to the user 'squid' (protecting the system against possible security risks.) It should work because "squid" will be used later to run "squidGuard". I start squid in a similar fashion and this is what 'ps -ef' shows us: root 1996 1 0 14:14 ?00:00:00 /usr/sbin/squid -D -sYC proxy 1998 1996 0 14:14 ?00:00:00 (squid) -D -sYC proxy 2008 1998 0 14:14 ?00:00:00 (squidGuard) -c /etc/squid/squid proxy 2009 1998 0 14:14 ?00:00:00 (squidGuard) -c /etc/squid/squid proxy 2010 1998 0 14:14 ?00:00:00 (squidGuard) -c /etc/squid/squid You can see that squid runs as root, but then the parent process is ran as "proxy" (the same user as "squid" on your machine). This same "proxy" user runs squidGuard. (side note: I can 'su - proxy' and get a prompt on my machine. ) That could be why your machine is not allowing squidGuard to start. A way for you to find out would be to give a shell to "squid" and then try and log in again as squid. If you get a prompt such as [EMAIL PROTECTED] ~]$ then you know "squid" has a shell, and you should go back to root user and run your 'service squid start' and see if that removes the error from cache.log. If not, restore your /etc/passwd file to what it was before this test and we'll keep looking for why squidGuard starts with errors. brian
Re: [squid-users] Squid with SquidGuard
Brian Phillips wrote: >'su - squid' > >It COMPLETELY sets you as the squid user. > >Are you starting squid as root? Or are you using the init scripts? Or are >you just running it on the command line as squid/proxy? > > > > If I try as a non-privileged user: [EMAIL PROTECTED] ~]$ su - squid Password: su: incorrect password (Don't know what the squid password is - should I? Can I find out?) If I try as root: [EMAIL PROTECTED] mark]# su - squid /usr/local/squidguard/bin/squidGuard -c /etc/squidguard.conf This account is currently not available. [EMAIL PROTECTED] mark]# [EMAIL PROTECTED] mark]# su - squid This account is currently not available. [EMAIL PROTECTED] mark]# Hmmm... *Should* that work? I start squid either by rebooting or with the command /sbin/service squid restart [or start or stop] (as root). Whichever way, it will start quite happily but will still list the same error in "cache.log" and the proxy will not work. Taking the "redirect_program /usr/local/squidguard/bin/squidGuard -c /etc/squidguard.conf" line out of squid.conf and restarting will allow squid to work properly. I can start squidGuard from the command line (as root) with the command: [EMAIL PROTECTED] mark]# /usr/local/squidguard/bin/squidGuard -d which gives the response: 2006-01-16 21:31:01 [16626] squidGuard 1.2.0 started (1137447061.766) 2006-01-16 21:31:01 [16626] squidGuard ready for requests (1137447061.806) (although I have to CTRL-c to get back to the command line - is that normal?) So - if my reasoning is correct, I can start squidGuard as root, but when squid tries to launch it, it fails because it does not have the right permissions somewhere or other. As you can see above I don't seem to be able to pretend to be squid myself so that I can start it from the command line and see what information I get... Any ideas? Thanks again Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Quoting from my own message... Mark Sansome wrote: >2006/01/14 21:36:07| comm_open: FD 7 is a new socket >2006/01/14 21:36:07| fd_open FD 7 squidGuard >2006/01/14 21:36:07| ipcCreate: prfd FD 7 >2006/01/14 21:36:07| ipcCreate: pwfd FD 7 >2006/01/14 21:36:07| ipcCreate: crfd FD 6 >2006/01/14 21:36:07| ipcCreate: cwfd FD 6 >2006/01/14 21:36:07| ipcCreate: FD 7 sockaddr 127.0.0.1:32990 >2006/01/14 21:36:07| ipcCreate: FD 6 sockaddr 127.0.0.1:32989 >2006/01/14 21:36:07| ipcCreate: FD 6 listening... >2006/01/14 21:36:07| leave_suid: PID 12881 called >2006/01/14 21:36:07| leave_suid: PID 12881 giving up root priveleges >forever >2006/01/14 21:36:07| ipcCreate: calling accept on FD 6 >2006/01/14 21:36:07| comm_close: FD 6 >2006/01/14 21:36:07| commCallCloseHandlers: FD 6 >2006/01/14 21:36:07| fd_close FD 6 squidGuard >2006/01/14 21:36:07| connect FD 7: (13) Permission denied >2006/01/14 21:36:07| comm_close: FD 7 >2006/01/14 21:36:07| commCallCloseHandlers: FD 7 >2006/01/14 21:36:07| fd_close FD 7 squidGuard >2006/01/14 21:36:07| WARNING: Cannot run >'/usr/local/squidguard/bin/squidGuard' process. > I guess the important line here is "connect FD 7: (13) Permission denied" My question is how do I find out *exactly* what is being denied? I have followed every guide I can find, read every HowTo, scanned every FAQ and followed all the instructions on file ownership and permissions. Almost everything to do with squidGuard has file ownerships of squid.squid and still I get this error If I run squidGuard on its own as root it seems to work. Is there any way I can try to run it as user "squid" from the command line to see if I get any more information? Trying "su squid" obviously didn't work (but I had to try it anyway). Is there anything else I can try? Hoping you can help Thanks Mark signature.asc Description: OpenPGP digital signature
RE: [squid-users] Squid with SquidGuard
On Thu, 2006-01-12 at 16:22 -0700, Brian Phillips wrote: > What firewall rules do you have on the lo interface? > > Iptables -L > Brian + Squid List, Sorry to take so long to get back to you... Below is my iptables -L output: Please scroll down also to see the output from debug_options. Sorry for such a large post... [EMAIL PROTECTED] mark]# /sbin/iptables -L Chain FORWARD (policy DROP) target prot opt source destination ACCEPT icmp -- anywhere anywherelimit: avg 10/sec burst 5 TCPMSS tcp -- anywhere anywheretcp flags:SYN,RST/SYN TCPMSS clamp to PMTU OUTBOUND all -- anywhere anywhere ACCEPT tcp -- anywhere 192.168.123.0/24state RELATED,ESTABLISHED ACCEPT udp -- anywhere 192.168.123.0/24state RELATED,ESTABLISHED LOG_FILTER all -- anywhere anywhere LOGall -- anywhere anywhereLOG level info prefix `Unknown Forward' Chain INBOUND (4 references) target prot opt source destination ACCEPT tcp -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT udp -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- 192.168.123.103 anywhere ACCEPT all -- 82-43-146-103.cable.ubr02.newm.blueyonder.co.uk anywhere ACCEPT all -- 192.168.123.100 anywhere ACCEPT all -- webcache-02-02.ld.th.ifl.net anywhere ACCEPT all -- 217.177.220.65 anywhere LSIall -- anywhere anywhere Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- ns1-cro.blueyonder.net anywheretcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- ns1-cro.blueyonder.net anywhere ACCEPT tcp -- 192.168.123.254 anywheretcp flags:! SYN,RST,ACK/SYN ACCEPT udp -- 192.168.123.254 anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywherelimit: avg 10/sec burst 5 DROP all -- anywhere 255.255.255.255 DROP all -- anywhere 192.168.123.255 DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8 DROP all -- 255.255.255.255 anywhere DROP all -- anywhere 0.0.0.0 DROP all -- anywhere anywherestate INVALID LSIall -f anywhere anywherelimit: avg 10/min burst 5 INBOUNDall -- anywhere anywhere INBOUNDall -- anywhere 192.168.123.101 INBOUNDall -- anywhere 192.168.123.101 INBOUNDall -- anywhere 192.168.123.255 LOG_FILTER all -- anywhere anywhere LOGall -- anywhere anywhereLOG level info prefix `Unknown Input' Chain LOG_FILTER (5 references) target prot opt source destination Chain LSI (2 references) target prot opt source destination LOG_FILTER all -- anywhere anywhere LOGtcp -- anywhere anywheretcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP tcp -- anywhere anywheretcp flags:SYN,RST,ACK/SYN LOGtcp -- anywhere anywheretcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP tcp -- anywhere anywheretcp flags:FIN,SYN,RST,ACK/RST LOGicmp -- anywhere anywhereicmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP icmp -- anywhere anywhereicmp echo-request LOGall -- anywhere anywherelimit: avg 5/sec burst 5 LOG level info prefix `Inbound ' DROP all -- anywhere anywhere Chain LSO (0 references) target prot opt source destination LOG_FILTER all -- anywhere anywhere LOGall -- anywhere anywherelimit: avg 5/sec burst 5 LOG level info prefix `Outbound ' REJECT all -- anywhere anywherereject-with icmp-port-unreachable Chain OUTBOUND (3 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT udp -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 192.168.123.101 ns1-cro.blueyonder.net tcp dpt:domain ACCEPT udp -- 192.168.123.101 ns1-cro.blueyonder.net udp dpt:domain ACCEPT
RE: [squid-users] Squid with SquidGuard
Hi Brian,
Suppose you have tried this already, but does squidguard generate its
own log files (the logdir directive in squidGuard.conf)? If not, try to
#touch /path/to/logdir/squidGuard.log
, make sure the logfile has correct permissions (could be 644
squid:squid in your case) and see if it helps.
Regards,
Tuukka
> -Original Message-
> From: Mark Sansome [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 12, 2006 11:51 PM
> To: Brian E. Conklin
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Squid with SquidGuard
>
> Brian E. Conklin wrote:
>
> >>-Original Message-
> >>From: Mark Sansome [mailto:[EMAIL PROTECTED]
> >>Sent: Thursday, January 12, 2006 2:21 PM
> >>To: squid-users@squid-cache.org
> >>Subject: [squid-users] Squid with SquidGuard
> >>
> >>
> >>Hello chaps,
> >>
> >>I know that this is a Squid mailing list and not the
> >>SquidGuard list - by I have exhausted the help of the good
> >>folks on the SquidGuard list...
> >>
> >>I actually have Squid up and running and am very happy with it :)
> >>however, I *do* want to use squidGuard with it too.
> >>
> >>Squid runs on a FC4 machine dealing with the proxy requests
> >>of my small home network.
> >>
> >>I have tried installing squidGuard from RPM, Yum, and by
> >>installing from source. All fail to work with squid.
> >>
> >>I have tried squidGuard with the simplest of SquidGuard.conf files :
> >>
> >>logdir /var/log/squidguard
> >>acl {
> >>default {
> >>pass all
> >>}
> >>}
> >>
> >>and the command:
> >># /usr/bin/squidGuard -d
> >>2006-01-07 23:54:38 [28284] squidGuard 1.2.0 started
(1136678078.397)
> >>2006-01-07 23:54:38 [28284] squidGuard ready for requests
> >>(1136678078.400)
> >>
> >>seems to show that squidGuard is happy...
> >>
> >>However, as soon as I put the line:
> >>redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
> >>into squid.conf everything goes wrong.
> >>
> >>In /var/log/squid/cache.log I find the following:
> >>2006/01/07 23:51:03| helperOpenServers: Starting 5
> >>'squidGuard' processes
> >>2006/01/07 23:51:03| WARNING: Cannot run
> >>'/usr/bin/squidGuard' process.
> >>2006/01/07 23:51:03| WARNING: Cannot run
> >>'/usr/bin/squidGuard' process.
> >>2006/01/07 23:51:03| WARNING: Cannot run
> >>'/usr/bin/squidGuard' process.
> >>2006/01/07 23:51:03| WARNING: Cannot run
> >>'/usr/bin/squidGuard' process.
> >>2006/01/07 23:51:03| WARNING: Cannot run
> >>'/usr/bin/squidGuard' process.
> >>
> >>No matter what I do I cannot seem to get SquidGuard to start
> >>from within
> >>Squid.
> >>
> >>What am I doing wrong?
> >>
> >>Can I get any more detailed output as to *exactly* why Squid
> >>can't run squidGuard?
> >>
> >>Any ideas?
> >>
> >>
> >
> >I found much more help (including a better howto and trouble shooting
> >section) at http://www.maynidea.com/squidguard/
> >
> >Brian E. Conklin, MCP+I, MCSE
> >Director of Information Services
> >voice: 360-427-3423
> >fax: 360-427-9599
> >
> >
> >
> >>Thanks in advance
> >>
> >>Mark
> >>
> >>
> >>
> >>
> >=
> >
> Brian C.
>
> Thanks Brian,
>
> That was one of the many resources I used. I too found it useful and
> when I tried installing from source (last resort) I followed his
> step-by-step guide *exactly* - Still didn't work...
>
> Brian P.
>
> Thanks Brian,
>
> Brian Phillips wrote:
>
> Do:
>
> # ls -l /usr/bin/squidGuard
>
> And tell us what the permissions are (paste em here.)
>
>
> Since I wrote my message (it's an edited form of the one I sent to the
> squidGuard mailing list) I have uninstalled that (RPM) version of
> squidGuard and installed from source. The current version is therefore
> in /usr/local/squidguard/bin/
>
> It gives me:
> [EMAIL PROTECTED] mark]# ls -la /usr/local/squidguard/bin/squidGuard
> -rwxr-xr-x 1 squid squid 731596 Jan 11 14:18
> /usr/local/squidguard/bin/squidGuard
>
> I have tried changing ownerships and permissions of every file I can
> think of and followed every guide I can find...
>
> Any help gratefully received...
>
> Thanks again.
>
> Mark
>
Re: [squid-users] Squid with SquidGuard
Brian E. Conklin wrote:
>>-Original Message-
>>From: Mark Sansome [mailto:[EMAIL PROTECTED]
>>Sent: Thursday, January 12, 2006 2:21 PM
>>To: squid-users@squid-cache.org
>>Subject: [squid-users] Squid with SquidGuard
>>
>>
>>Hello chaps,
>>
>>I know that this is a Squid mailing list and not the
>>SquidGuard list - by I have exhausted the help of the good
>>folks on the SquidGuard list...
>>
>>I actually have Squid up and running and am very happy with it :)
>>however, I *do* want to use squidGuard with it too.
>>
>>Squid runs on a FC4 machine dealing with the proxy requests
>>of my small home network.
>>
>>I have tried installing squidGuard from RPM, Yum, and by
>>installing from source. All fail to work with squid.
>>
>>I have tried squidGuard with the simplest of SquidGuard.conf files :
>>
>>logdir /var/log/squidguard
>>acl {
>>default {
>>pass all
>>}
>>}
>>
>>and the command:
>># /usr/bin/squidGuard -d
>>2006-01-07 23:54:38 [28284] squidGuard 1.2.0 started (1136678078.397)
>>2006-01-07 23:54:38 [28284] squidGuard ready for requests
>>(1136678078.400)
>>
>>seems to show that squidGuard is happy...
>>
>>However, as soon as I put the line:
>>redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
>>into squid.conf everything goes wrong.
>>
>>In /var/log/squid/cache.log I find the following:
>>2006/01/07 23:51:03| helperOpenServers: Starting 5
>>'squidGuard' processes
>>2006/01/07 23:51:03| WARNING: Cannot run
>>'/usr/bin/squidGuard' process.
>>2006/01/07 23:51:03| WARNING: Cannot run
>>'/usr/bin/squidGuard' process.
>>2006/01/07 23:51:03| WARNING: Cannot run
>>'/usr/bin/squidGuard' process.
>>2006/01/07 23:51:03| WARNING: Cannot run
>>'/usr/bin/squidGuard' process.
>>2006/01/07 23:51:03| WARNING: Cannot run
>>'/usr/bin/squidGuard' process.
>>
>>No matter what I do I cannot seem to get SquidGuard to start
>>from within
>>Squid.
>>
>>What am I doing wrong?
>>
>>Can I get any more detailed output as to *exactly* why Squid
>>can't run squidGuard?
>>
>>Any ideas?
>>
>>
>
>I found much more help (including a better howto and trouble shooting
>section) at http://www.maynidea.com/squidguard/
>
>Brian E. Conklin, MCP+I, MCSE
>Director of Information Services
>voice: 360-427-3423
>fax: 360-427-9599
>
>
>
>>Thanks in advance
>>
>>Mark
>>
>>
>>
>>
>=
>
Brian C.
Thanks Brian,
That was one of the many resources I used. I too found it useful and
when I tried installing from source (last resort) I followed his
step-by-step guide *exactly* - Still didn't work...
Brian P.
Thanks Brian,
Brian Phillips wrote:
Do:
# ls -l /usr/bin/squidGuard
And tell us what the permissions are (paste em here.)
Since I wrote my message (it's an edited form of the one I sent to the
squidGuard mailing list) I have uninstalled that (RPM) version of
squidGuard and installed from source. The current version is therefore
in /usr/local/squidguard/bin/
It gives me:
[EMAIL PROTECTED] mark]# ls -la /usr/local/squidguard/bin/squidGuard
-rwxr-xr-x 1 squid squid 731596 Jan 11 14:18
/usr/local/squidguard/bin/squidGuard
I have tried changing ownerships and permissions of every file I can
think of and followed every guide I can find...
Any help gratefully received...
Thanks again.
Mark
signature.asc
Description: OpenPGP digital signature
RE: [squid-users] Squid with SquidGuard
> -Original Message-
> From: Mark Sansome [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 12, 2006 2:21 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Squid with SquidGuard
>
>
> Hello chaps,
>
> I know that this is a Squid mailing list and not the
> SquidGuard list - by I have exhausted the help of the good
> folks on the SquidGuard list...
>
> I actually have Squid up and running and am very happy with it :)
> however, I *do* want to use squidGuard with it too.
>
> Squid runs on a FC4 machine dealing with the proxy requests
> of my small home network.
>
> I have tried installing squidGuard from RPM, Yum, and by
> installing from source. All fail to work with squid.
>
> I have tried squidGuard with the simplest of SquidGuard.conf files :
>
> logdir /var/log/squidguard
> acl {
> default {
> pass all
> }
> }
>
> and the command:
> # /usr/bin/squidGuard -d
> 2006-01-07 23:54:38 [28284] squidGuard 1.2.0 started (1136678078.397)
> 2006-01-07 23:54:38 [28284] squidGuard ready for requests
> (1136678078.400)
>
> seems to show that squidGuard is happy...
>
> However, as soon as I put the line:
> redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
> into squid.conf everything goes wrong.
>
> In /var/log/squid/cache.log I find the following:
> 2006/01/07 23:51:03| helperOpenServers: Starting 5
> 'squidGuard' processes
> 2006/01/07 23:51:03| WARNING: Cannot run
> '/usr/bin/squidGuard' process.
> 2006/01/07 23:51:03| WARNING: Cannot run
> '/usr/bin/squidGuard' process.
> 2006/01/07 23:51:03| WARNING: Cannot run
> '/usr/bin/squidGuard' process.
> 2006/01/07 23:51:03| WARNING: Cannot run
> '/usr/bin/squidGuard' process.
> 2006/01/07 23:51:03| WARNING: Cannot run
> '/usr/bin/squidGuard' process.
>
> No matter what I do I cannot seem to get SquidGuard to start
> from within
> Squid.
>
> What am I doing wrong?
>
> Can I get any more detailed output as to *exactly* why Squid
> can't run squidGuard?
>
> Any ideas?
I found much more help (including a better howto and trouble shooting
section) at http://www.maynidea.com/squidguard/
Brian E. Conklin, MCP+I, MCSE
Director of Information Services
voice: 360-427-3423
fax: 360-427-9599
>
> Thanks in advance
>
> Mark
>
>
=
Mason General Hospital
901 Mt. View Drive
PO Box 1668
Shelton, WA 98584
http://www.masongeneral.com
(360) 426-1611
=
This message is intended for the sole use of the individual and entity
to whom it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you
are not the addressee nor authorized to receive for the addressee, you
are hereby notified that you may not use, copy, disclose or distribute
to anyone this message or any information contained in the message. If
you have received this message in error, please immediately notify the
sender and delete the message.
Replying to this message constitutes consent to electronic monitoring
of this message.
Thank you.
RE: [squid-users] Squid with SquidGuard
Do: # ls -l /usr/bin/squidGuard And tell us what the permissions are (paste em here.) 2006/01/07 23:51:03| WARNING: Cannot run '/usr/bin/squidGuard' process. 2006/01/07 23:51:03| WARNING: Cannot run '/usr/bin/squidGuard' process. 2006/01/07 23:51:03| WARNING: Cannot run '/usr/bin/squidGuard' process. 2006/01/07 23:51:03| WARNING: Cannot run '/usr/bin/squidGuard' process. No matter what I do I cannot seem to get SquidGuard to start from within Squid. What am I doing wrong? Can I get any more detailed output as to *exactly* why Squid can't run squidGuard? Any ideas? Thanks in advance Mark
