Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
When the squid package has installed properly without any errors type:
# pfctl -sr | grep rdr
if that returns a rule and trans.proxy still doesn't work (make sure
the squid process is running) then I would suggest you read the squid
logs to findout why it doesn't cache.
/bkw
On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]> wrote:
> Hi!
>
> The rdr (nat) rule for squid transparent proxy is
> missing on pfsense 0.76.2 which causes transparent
> proxying NOT to function properly. The corresponding
> pass rules are present however.
>
> The problem is corrected by commenting out line# 1134
> of /etc/inc/filter.inc:
>
> if (is_package_installed("squid") == 1)
> //if (is_process_running("squid"))
>
> Could it be because this function was called at the
> time when squid has not fully loaded itself? If this
> is the case, then it would be better if the rc loader
> for squid be given enough time to "sleep" for a while
> before exiting.
>
> Thanks.
>
> Miles
>
> __
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
I think it is actually a BUG in the script
/etc/inc/filter.inc that checks for the squid process
at boot time which will return FALSE because no
package is loaded during this time yet. See the
/etc/rc script for the loading sequence.
The /etc/rc.bootup script that initializes the pf
rules is called before executing rc.d items. Please
see the /etc/rc script.
As a solution, the "if(is_process_running("squid"))"
at line no. 1134 of the file /etc/inc/filter.inc must
be commented out.
Cheers!
--- Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> When the squid package has installed properly
> without any errors type:
> # pfctl -sr | grep rdr
> if that returns a rule and trans.proxy still doesn't
> work (make sure
> the squid process is running) then I would suggest
> you read the squid
> logs to findout why it doesn't cache.
>
> /bkw
>
>
> On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]>
> wrote:
> > Hi!
> >
> > The rdr (nat) rule for squid transparent proxy is
> > missing on pfsense 0.76.2 which causes transparent
> > proxying NOT to function properly. The
> corresponding
> > pass rules are present however.
> >
> > The problem is corrected by commenting out line#
> 1134
> > of /etc/inc/filter.inc:
> >
> > if (is_package_installed("squid") == 1)
> > //if (is_process_running("squid"))
> >
> > Could it be because this function was called at
> the
> > time when squid has not fully loaded itself? If
> this
> > is the case, then it would be better if the rc
> loader
> > for squid be given enough time to "sleep" for a
> while
> > before exiting.
> >
> > Thanks.
> >
> > Miles
> >
> > __
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> >
> >
>
-
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
>
>
> --
> ##
> BKW - Bachman Kharazmi
> bahkha AT gmail DOT com
> uin: #24089491
> SWEDEN
> ##
>
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
Albert, can you file a ticket on this at http://cvstrac.pfsense.com/ ?
I'd rather not delay boot until squid is up, but I suppose that's open
for debate. Without looking at the code, I'm wondering if we're even
starting up squid before the filter.
Can you insert a sleep(); statement before the is_process_running
statement and tell us how long you have to sleep for to get reliable
results? Also, what speed hardware is this on? Thanks
--Bill
On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]> wrote:
> I think it is actually a BUG in the script
> /etc/inc/filter.inc that checks for the squid process
> at boot time which will return FALSE because no
> package is loaded during this time yet. See the
> /etc/rc script for the loading sequence.
>
> The /etc/rc.bootup script that initializes the pf
> rules is called before executing rc.d items. Please
> see the /etc/rc script.
>
> As a solution, the "if(is_process_running("squid"))"
> at line no. 1134 of the file /etc/inc/filter.inc must
> be commented out.
>
> Cheers!
>
>
> --- Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
>
> > When the squid package has installed properly
> > without any errors type:
> > # pfctl -sr | grep rdr
> > if that returns a rule and trans.proxy still doesn't
> > work (make sure
> > the squid process is running) then I would suggest
> > you read the squid
> > logs to findout why it doesn't cache.
> >
> > /bkw
> >
> >
> > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]>
> > wrote:
> > > Hi!
> > >
> > > The rdr (nat) rule for squid transparent proxy is
> > > missing on pfsense 0.76.2 which causes transparent
> > > proxying NOT to function properly. The
> > corresponding
> > > pass rules are present however.
> > >
> > > The problem is corrected by commenting out line#
> > 1134
> > > of /etc/inc/filter.inc:
> > >
> > > if (is_package_installed("squid") == 1)
> > > //if (is_process_running("squid"))
> > >
> > > Could it be because this function was called at
> > the
> > > time when squid has not fully loaded itself? If
> > this
> > > is the case, then it would be better if the rc
> > loader
> > > for squid be given enough time to "sleep" for a
> > while
> > > before exiting.
> > >
> > > Thanks.
> > >
> > > Miles
> > >
> > > __
> > > Do You Yahoo!?
> > > Tired of spam? Yahoo! Mail has the best spam
> > protection around
> > > http://mail.yahoo.com
> > >
> > >
> >
> -
> > > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > >
> > >
> >
> >
> > --
> > ##
> > BKW - Bachman Kharazmi
> > bahkha AT gmail DOT com
> > uin: #24089491
> > SWEDEN
> > ##
> >
> >
> -
> > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> >
> >
>
>
>
>
>
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
The solution here is to set the filter dirty flag in the squid startup
script. This will force the rules to be reloaded and then squid will
be running.
I'll take care of it shortly.
Scott
On 8/16/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> Albert, can you file a ticket on this at http://cvstrac.pfsense.com/ ?
> I'd rather not delay boot until squid is up, but I suppose that's open
> for debate. Without looking at the code, I'm wondering if we're even
> starting up squid before the filter.
> Can you insert a sleep(); statement before the is_process_running
> statement and tell us how long you have to sleep for to get reliable
> results? Also, what speed hardware is this on? Thanks
>
> --Bill
>
> On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]> wrote:
> > I think it is actually a BUG in the script
> > /etc/inc/filter.inc that checks for the squid process
> > at boot time which will return FALSE because no
> > package is loaded during this time yet. See the
> > /etc/rc script for the loading sequence.
> >
> > The /etc/rc.bootup script that initializes the pf
> > rules is called before executing rc.d items. Please
> > see the /etc/rc script.
> >
> > As a solution, the "if(is_process_running("squid"))"
> > at line no. 1134 of the file /etc/inc/filter.inc must
> > be commented out.
> >
> > Cheers!
> >
> >
> > --- Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> >
> > > When the squid package has installed properly
> > > without any errors type:
> > > # pfctl -sr | grep rdr
> > > if that returns a rule and trans.proxy still doesn't
> > > work (make sure
> > > the squid process is running) then I would suggest
> > > you read the squid
> > > logs to findout why it doesn't cache.
> > >
> > > /bkw
> > >
> > >
> > > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]>
> > > wrote:
> > > > Hi!
> > > >
> > > > The rdr (nat) rule for squid transparent proxy is
> > > > missing on pfsense 0.76.2 which causes transparent
> > > > proxying NOT to function properly. The
> > > corresponding
> > > > pass rules are present however.
> > > >
> > > > The problem is corrected by commenting out line#
> > > 1134
> > > > of /etc/inc/filter.inc:
> > > >
> > > > if (is_package_installed("squid") == 1)
> > > > //if (is_process_running("squid"))
> > > >
> > > > Could it be because this function was called at
> > > the
> > > > time when squid has not fully loaded itself? If
> > > this
> > > > is the case, then it would be better if the rc
> > > loader
> > > > for squid be given enough time to "sleep" for a
> > > while
> > > > before exiting.
> > > >
> > > > Thanks.
> > > >
> > > > Miles
> > > >
> > > > __
> > > > Do You Yahoo!?
> > > > Tired of spam? Yahoo! Mail has the best spam
> > > protection around
> > > > http://mail.yahoo.com
> > > >
> > > >
> > >
> > -
> > > > To unsubscribe, e-mail:
> > > [EMAIL PROTECTED]
> > > > For additional commands, e-mail:
> > > [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> > > --
> > > ##
> > > BKW - Bachman Kharazmi
> > > bahkha AT gmail DOT com
> > > uin: #24089491
> > > SWEDEN
> > > ##
> > >
> > >
> > -
> > > To unsubscribe, e-mail:
> > > [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> > > [EMAIL PROTECTED]
> > >
> > >
> >
> >
> >
> >
> >
> > Start your day with Yahoo! - make it your home page
> > http://www.yahoo.com/r/hs
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
No need to file a ticket. Thanks for the swift action.
I'll wait till next release then.
Also, I am concerned of the Squid process dying for
any reason and the rdr rule for transparent proxying
is still in effect. This will block http traffic to
the internet. Any solution for this?
Thanks again.
Miles
--- Scott Ullrich <[EMAIL PROTECTED]> wrote:
> The solution here is to set the filter dirty flag in
> the squid startup
> script. This will force the rules to be reloaded
> and then squid will
> be running.
>
> I'll take care of it shortly.
>
> Scott
>
>
> On 8/16/05, Bill Marquette
> <[EMAIL PROTECTED]> wrote:
> > Albert, can you file a ticket on this at
> http://cvstrac.pfsense.com/ ?
> > I'd rather not delay boot until squid is up, but I
> suppose that's open
> > for debate. Without looking at the code, I'm
> wondering if we're even
> > starting up squid before the filter.
> > Can you insert a sleep(); statement before the
> is_process_running
> > statement and tell us how long you have to sleep
> for to get reliable
> > results? Also, what speed hardware is this on?
> Thanks
> >
> > --Bill
> >
> > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]>
> wrote:
> > > I think it is actually a BUG in the script
> > > /etc/inc/filter.inc that checks for the squid
> process
> > > at boot time which will return FALSE because no
> > > package is loaded during this time yet. See the
> > > /etc/rc script for the loading sequence.
> > >
> > > The /etc/rc.bootup script that initializes the
> pf
> > > rules is called before executing rc.d items.
> Please
> > > see the /etc/rc script.
> > >
> > > As a solution, the
> "if(is_process_running("squid"))"
> > > at line no. 1134 of the file /etc/inc/filter.inc
> must
> > > be commented out.
> > >
> > > Cheers!
> > >
> > >
> > > --- Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> > >
> > > > When the squid package has installed properly
> > > > without any errors type:
> > > > # pfctl -sr | grep rdr
> > > > if that returns a rule and trans.proxy still
> doesn't
> > > > work (make sure
> > > > the squid process is running) then I would
> suggest
> > > > you read the squid
> > > > logs to findout why it doesn't cache.
> > > >
> > > > /bkw
> > > >
> > > >
> > > > On 8/16/05, Albert Miles Enabe
> <[EMAIL PROTECTED]>
> > > > wrote:
> > > > > Hi!
> > > > >
> > > > > The rdr (nat) rule for squid transparent
> proxy is
> > > > > missing on pfsense 0.76.2 which causes
> transparent
> > > > > proxying NOT to function properly. The
> > > > corresponding
> > > > > pass rules are present however.
> > > > >
> > > > > The problem is corrected by commenting out
> line#
> > > > 1134
> > > > > of /etc/inc/filter.inc:
> > > > >
> > > > > if (is_package_installed("squid") ==
> 1)
> > > > > //if
> (is_process_running("squid"))
> > > > >
> > > > > Could it be because this function was called
> at
> > > > the
> > > > > time when squid has not fully loaded itself?
> If
> > > > this
> > > > > is the case, then it would be better if the
> rc
> > > > loader
> > > > > for squid be given enough time to "sleep"
> for a
> > > > while
> > > > > before exiting.
> > > > >
> > > > > Thanks.
> > > > >
> > > > > Miles
> > > > >
> > > > >
> __
> > > > > Do You Yahoo!?
> > > > > Tired of spam? Yahoo! Mail has the best
> spam
> > > > protection around
> > > > > http://mail.yahoo.com
> > > > >
> > > > >
> > > >
> > >
>
-
> > > > > To unsubscribe, e-mail:
> > > > [EMAIL PROTECTED]
> > > > > For additional commands, e-mail:
> > > > [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > ##
> > > > BKW - Bachman Kharazmi
> > > > bahkha AT gmail DOT com
> > > > uin: #24089491
> > > > SWEDEN
> > > > ##
> > > >
> > > >
> > >
>
-
> > > > To unsubscribe, e-mail:
> > > > [EMAIL PROTECTED]
> > > > For additional commands, e-mail:
> > > > [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
>
> > > Start your day with Yahoo! - make it your home
> page
> > > http://www.yahoo.com/r/hs
> > >
> > >
> > >
>
-
> > > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > >
> > >
> >
> >
>
-
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
>
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTE
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
SQUID should not be dying. If it is then I need to deactivate the
package until a new one is released on the freebsd site.
Scott
On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]> wrote:
> No need to file a ticket. Thanks for the swift action.
> I'll wait till next release then.
>
> Also, I am concerned of the Squid process dying for
> any reason and the rdr rule for transparent proxying
> is still in effect. This will block http traffic to
> the internet. Any solution for this?
>
> Thanks again.
>
> Miles
>
> --- Scott Ullrich <[EMAIL PROTECTED]> wrote:
>
> > The solution here is to set the filter dirty flag in
> > the squid startup
> > script. This will force the rules to be reloaded
> > and then squid will
> > be running.
> >
> > I'll take care of it shortly.
> >
> > Scott
> >
> >
> > On 8/16/05, Bill Marquette
> > <[EMAIL PROTECTED]> wrote:
> > > Albert, can you file a ticket on this at
> > http://cvstrac.pfsense.com/ ?
> > > I'd rather not delay boot until squid is up, but I
> > suppose that's open
> > > for debate. Without looking at the code, I'm
> > wondering if we're even
> > > starting up squid before the filter.
> > > Can you insert a sleep(); statement before the
> > is_process_running
> > > statement and tell us how long you have to sleep
> > for to get reliable
> > > results? Also, what speed hardware is this on?
> > Thanks
> > >
> > > --Bill
> > >
> > > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]>
> > wrote:
> > > > I think it is actually a BUG in the script
> > > > /etc/inc/filter.inc that checks for the squid
> > process
> > > > at boot time which will return FALSE because no
> > > > package is loaded during this time yet. See the
> > > > /etc/rc script for the loading sequence.
> > > >
> > > > The /etc/rc.bootup script that initializes the
> > pf
> > > > rules is called before executing rc.d items.
> > Please
> > > > see the /etc/rc script.
> > > >
> > > > As a solution, the
> > "if(is_process_running("squid"))"
> > > > at line no. 1134 of the file /etc/inc/filter.inc
> > must
> > > > be commented out.
> > > >
> > > > Cheers!
> > > >
> > > >
> > > > --- Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > When the squid package has installed properly
> > > > > without any errors type:
> > > > > # pfctl -sr | grep rdr
> > > > > if that returns a rule and trans.proxy still
> > doesn't
> > > > > work (make sure
> > > > > the squid process is running) then I would
> > suggest
> > > > > you read the squid
> > > > > logs to findout why it doesn't cache.
> > > > >
> > > > > /bkw
> > > > >
> > > > >
> > > > > On 8/16/05, Albert Miles Enabe
> > <[EMAIL PROTECTED]>
> > > > > wrote:
> > > > > > Hi!
> > > > > >
> > > > > > The rdr (nat) rule for squid transparent
> > proxy is
> > > > > > missing on pfsense 0.76.2 which causes
> > transparent
> > > > > > proxying NOT to function properly. The
> > > > > corresponding
> > > > > > pass rules are present however.
> > > > > >
> > > > > > The problem is corrected by commenting out
> > line#
> > > > > 1134
> > > > > > of /etc/inc/filter.inc:
> > > > > >
> > > > > > if (is_package_installed("squid") ==
> > 1)
> > > > > > //if
> > (is_process_running("squid"))
> > > > > >
> > > > > > Could it be because this function was called
> > at
> > > > > the
> > > > > > time when squid has not fully loaded itself?
> > If
> > > > > this
> > > > > > is the case, then it would be better if the
> > rc
> > > > > loader
> > > > > > for squid be given enough time to "sleep"
> > for a
> > > > > while
> > > > > > before exiting.
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > > Miles
> > > > > >
> > > > > >
> > __
> > > > > > Do You Yahoo!?
> > > > > > Tired of spam? Yahoo! Mail has the best
> > spam
> > > > > protection around
> > > > > > http://mail.yahoo.com
> > > > > >
> > > > > >
> > > > >
> > > >
> >
> -
> > > > > > To unsubscribe, e-mail:
> > > > > [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail:
> > > > > [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > ##
> > > > > BKW - Bachman Kharazmi
> > > > > bahkha AT gmail DOT com
> > > > > uin: #24089491
> > > > > SWEDEN
> > > > > ##
> > > > >
> > > > >
> > > >
> >
> -
> > > > > To unsubscribe, e-mail:
> > > > > [EMAIL PROTECTED]
> > > > > For additional commands, e-mail:
> > > > > [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> >
> > > > Start your day with Yahoo! - make it your home
> > page
> > > > http://www.yahoo.com/r/hs
> > > >
> > > >
> > > >
> >
> -
> > > > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > > > For additional commands, e-mail:
>
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
I've now tried squid. I works well for me running 0.76.4
The installation succeeds and the squid process starts in right order.
The rdr rules 'DOES' exist in my rules.debug and has been enabled.
I've read all squid logs and it does transperant caching out of the box.
Now I'll leave the process running for a few hours while using inet
and see what happens...
/bkw
On 8/17/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> SQUID should not be dying. If it is then I need to deactivate the
> package until a new one is released on the freebsd site.
>
> Scott
>
>
> On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]> wrote:
> > No need to file a ticket. Thanks for the swift action.
> > I'll wait till next release then.
> >
> > Also, I am concerned of the Squid process dying for
> > any reason and the rdr rule for transparent proxying
> > is still in effect. This will block http traffic to
> > the internet. Any solution for this?
> >
> > Thanks again.
> >
> > Miles
> >
> > --- Scott Ullrich <[EMAIL PROTECTED]> wrote:
> >
> > > The solution here is to set the filter dirty flag in
> > > the squid startup
> > > script. This will force the rules to be reloaded
> > > and then squid will
> > > be running.
> > >
> > > I'll take care of it shortly.
> > >
> > > Scott
> > >
> > >
> > > On 8/16/05, Bill Marquette
> > > <[EMAIL PROTECTED]> wrote:
> > > > Albert, can you file a ticket on this at
> > > http://cvstrac.pfsense.com/ ?
> > > > I'd rather not delay boot until squid is up, but I
> > > suppose that's open
> > > > for debate. Without looking at the code, I'm
> > > wondering if we're even
> > > > starting up squid before the filter.
> > > > Can you insert a sleep(); statement before the
> > > is_process_running
> > > > statement and tell us how long you have to sleep
> > > for to get reliable
> > > > results? Also, what speed hardware is this on?
> > > Thanks
> > > >
> > > > --Bill
> > > >
> > > > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]>
> > > wrote:
> > > > > I think it is actually a BUG in the script
> > > > > /etc/inc/filter.inc that checks for the squid
> > > process
> > > > > at boot time which will return FALSE because no
> > > > > package is loaded during this time yet. See the
> > > > > /etc/rc script for the loading sequence.
> > > > >
> > > > > The /etc/rc.bootup script that initializes the
> > > pf
> > > > > rules is called before executing rc.d items.
> > > Please
> > > > > see the /etc/rc script.
> > > > >
> > > > > As a solution, the
> > > "if(is_process_running("squid"))"
> > > > > at line no. 1134 of the file /etc/inc/filter.inc
> > > must
> > > > > be commented out.
> > > > >
> > > > > Cheers!
> > > > >
> > > > >
> > > > > --- Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > > When the squid package has installed properly
> > > > > > without any errors type:
> > > > > > # pfctl -sr | grep rdr
> > > > > > if that returns a rule and trans.proxy still
> > > doesn't
> > > > > > work (make sure
> > > > > > the squid process is running) then I would
> > > suggest
> > > > > > you read the squid
> > > > > > logs to findout why it doesn't cache.
> > > > > >
> > > > > > /bkw
> > > > > >
> > > > > >
> > > > > > On 8/16/05, Albert Miles Enabe
> > > <[EMAIL PROTECTED]>
> > > > > > wrote:
> > > > > > > Hi!
> > > > > > >
> > > > > > > The rdr (nat) rule for squid transparent
> > > proxy is
> > > > > > > missing on pfsense 0.76.2 which causes
> > > transparent
> > > > > > > proxying NOT to function properly. The
> > > > > > corresponding
> > > > > > > pass rules are present however.
> > > > > > >
> > > > > > > The problem is corrected by commenting out
> > > line#
> > > > > > 1134
> > > > > > > of /etc/inc/filter.inc:
> > > > > > >
> > > > > > > if (is_package_installed("squid") ==
> > > 1)
> > > > > > > //if
> > > (is_process_running("squid"))
> > > > > > >
> > > > > > > Could it be because this function was called
> > > at
> > > > > > the
> > > > > > > time when squid has not fully loaded itself?
> > > If
> > > > > > this
> > > > > > > is the case, then it would be better if the
> > > rc
> > > > > > loader
> > > > > > > for squid be given enough time to "sleep"
> > > for a
> > > > > > while
> > > > > > > before exiting.
> > > > > > >
> > > > > > > Thanks.
> > > > > > >
> > > > > > > Miles
> > > > > > >
> > > > > > >
> > > __
> > > > > > > Do You Yahoo!?
> > > > > > > Tired of spam? Yahoo! Mail has the best
> > > spam
> > > > > > protection around
> > > > > > > http://mail.yahoo.com
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > >
> > -
> > > > > > > To unsubscribe, e-mail:
> > > > > > [EMAIL PROTECTED]
> > > > > > > For additional commands, e-mail:
> > > > > > [EMAIL PROTECTED]
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > ##
> > > > > > BKW - Bachman Kharazmi
> > > > > > bahkha AT gmail D
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
BKW,
Any chance of doing some type of automated web browsing from a machine
and let it run overnight? IE: the client machine would keep randomly
surfing to sites..
Scott
On 8/17/05, Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> I've now tried squid. I works well for me running 0.76.4
> The installation succeeds and the squid process starts in right order.
> The rdr rules 'DOES' exist in my rules.debug and has been enabled.
>
> I've read all squid logs and it does transperant caching out of the box.
>
> Now I'll leave the process running for a few hours while using inet
> and see what happens...
>
> /bkw
>
> On 8/17/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > SQUID should not be dying. If it is then I need to deactivate the
> > package until a new one is released on the freebsd site.
> >
> > Scott
> >
> >
> > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]> wrote:
> > > No need to file a ticket. Thanks for the swift action.
> > > I'll wait till next release then.
> > >
> > > Also, I am concerned of the Squid process dying for
> > > any reason and the rdr rule for transparent proxying
> > > is still in effect. This will block http traffic to
> > > the internet. Any solution for this?
> > >
> > > Thanks again.
> > >
> > > Miles
> > >
> > > --- Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > >
> > > > The solution here is to set the filter dirty flag in
> > > > the squid startup
> > > > script. This will force the rules to be reloaded
> > > > and then squid will
> > > > be running.
> > > >
> > > > I'll take care of it shortly.
> > > >
> > > > Scott
> > > >
> > > >
> > > > On 8/16/05, Bill Marquette
> > > > <[EMAIL PROTECTED]> wrote:
> > > > > Albert, can you file a ticket on this at
> > > > http://cvstrac.pfsense.com/ ?
> > > > > I'd rather not delay boot until squid is up, but I
> > > > suppose that's open
> > > > > for debate. Without looking at the code, I'm
> > > > wondering if we're even
> > > > > starting up squid before the filter.
> > > > > Can you insert a sleep(); statement before the
> > > > is_process_running
> > > > > statement and tell us how long you have to sleep
> > > > for to get reliable
> > > > > results? Also, what speed hardware is this on?
> > > > Thanks
> > > > >
> > > > > --Bill
> > > > >
> > > > > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]>
> > > > wrote:
> > > > > > I think it is actually a BUG in the script
> > > > > > /etc/inc/filter.inc that checks for the squid
> > > > process
> > > > > > at boot time which will return FALSE because no
> > > > > > package is loaded during this time yet. See the
> > > > > > /etc/rc script for the loading sequence.
> > > > > >
> > > > > > The /etc/rc.bootup script that initializes the
> > > > pf
> > > > > > rules is called before executing rc.d items.
> > > > Please
> > > > > > see the /etc/rc script.
> > > > > >
> > > > > > As a solution, the
> > > > "if(is_process_running("squid"))"
> > > > > > at line no. 1134 of the file /etc/inc/filter.inc
> > > > must
> > > > > > be commented out.
> > > > > >
> > > > > > Cheers!
> > > > > >
> > > > > >
> > > > > > --- Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> > > > > >
> > > > > > > When the squid package has installed properly
> > > > > > > without any errors type:
> > > > > > > # pfctl -sr | grep rdr
> > > > > > > if that returns a rule and trans.proxy still
> > > > doesn't
> > > > > > > work (make sure
> > > > > > > the squid process is running) then I would
> > > > suggest
> > > > > > > you read the squid
> > > > > > > logs to findout why it doesn't cache.
> > > > > > >
> > > > > > > /bkw
> > > > > > >
> > > > > > >
> > > > > > > On 8/16/05, Albert Miles Enabe
> > > > <[EMAIL PROTECTED]>
> > > > > > > wrote:
> > > > > > > > Hi!
> > > > > > > >
> > > > > > > > The rdr (nat) rule for squid transparent
> > > > proxy is
> > > > > > > > missing on pfsense 0.76.2 which causes
> > > > transparent
> > > > > > > > proxying NOT to function properly. The
> > > > > > > corresponding
> > > > > > > > pass rules are present however.
> > > > > > > >
> > > > > > > > The problem is corrected by commenting out
> > > > line#
> > > > > > > 1134
> > > > > > > > of /etc/inc/filter.inc:
> > > > > > > >
> > > > > > > > if (is_package_installed("squid") ==
> > > > 1)
> > > > > > > > //if
> > > > (is_process_running("squid"))
> > > > > > > >
> > > > > > > > Could it be because this function was called
> > > > at
> > > > > > > the
> > > > > > > > time when squid has not fully loaded itself?
> > > > If
> > > > > > > this
> > > > > > > > is the case, then it would be better if the
> > > > rc
> > > > > > > loader
> > > > > > > > for squid be given enough time to "sleep"
> > > > for a
> > > > > > > while
> > > > > > > > before exiting.
> > > > > > > >
> > > > > > > > Thanks.
> > > > > > > >
> > > > > > > > Miles
> > > > > > > >
> > > > > > > >
> > > > __
> > > > > > > > Do You Yahoo!?
> > > > > > > > Tired of spam? Yahoo! Mail has the b
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
sounds fun and useful atm.
I'll search and see what I can find, I'am pretty sure there are tools for that..
/bkw
On 8/17/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> BKW,
>
> Any chance of doing some type of automated web browsing from a machine
> and let it run overnight? IE: the client machine would keep randomly
> surfing to sites..
>
> Scott
>
>
> On 8/17/05, Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> > I've now tried squid. I works well for me running 0.76.4
> > The installation succeeds and the squid process starts in right order.
> > The rdr rules 'DOES' exist in my rules.debug and has been enabled.
> >
> > I've read all squid logs and it does transperant caching out of the box.
> >
> > Now I'll leave the process running for a few hours while using inet
> > and see what happens...
> >
> > /bkw
> >
> > On 8/17/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > > SQUID should not be dying. If it is then I need to deactivate the
> > > package until a new one is released on the freebsd site.
> > >
> > > Scott
> > >
> > >
> > > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]> wrote:
> > > > No need to file a ticket. Thanks for the swift action.
> > > > I'll wait till next release then.
> > > >
> > > > Also, I am concerned of the Squid process dying for
> > > > any reason and the rdr rule for transparent proxying
> > > > is still in effect. This will block http traffic to
> > > > the internet. Any solution for this?
> > > >
> > > > Thanks again.
> > > >
> > > > Miles
> > > >
> > > > --- Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > The solution here is to set the filter dirty flag in
> > > > > the squid startup
> > > > > script. This will force the rules to be reloaded
> > > > > and then squid will
> > > > > be running.
> > > > >
> > > > > I'll take care of it shortly.
> > > > >
> > > > > Scott
> > > > >
> > > > >
> > > > > On 8/16/05, Bill Marquette
> > > > > <[EMAIL PROTECTED]> wrote:
> > > > > > Albert, can you file a ticket on this at
> > > > > http://cvstrac.pfsense.com/ ?
> > > > > > I'd rather not delay boot until squid is up, but I
> > > > > suppose that's open
> > > > > > for debate. Without looking at the code, I'm
> > > > > wondering if we're even
> > > > > > starting up squid before the filter.
> > > > > > Can you insert a sleep(); statement before the
> > > > > is_process_running
> > > > > > statement and tell us how long you have to sleep
> > > > > for to get reliable
> > > > > > results? Also, what speed hardware is this on?
> > > > > Thanks
> > > > > >
> > > > > > --Bill
> > > > > >
> > > > > > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]>
> > > > > wrote:
> > > > > > > I think it is actually a BUG in the script
> > > > > > > /etc/inc/filter.inc that checks for the squid
> > > > > process
> > > > > > > at boot time which will return FALSE because no
> > > > > > > package is loaded during this time yet. See the
> > > > > > > /etc/rc script for the loading sequence.
> > > > > > >
> > > > > > > The /etc/rc.bootup script that initializes the
> > > > > pf
> > > > > > > rules is called before executing rc.d items.
> > > > > Please
> > > > > > > see the /etc/rc script.
> > > > > > >
> > > > > > > As a solution, the
> > > > > "if(is_process_running("squid"))"
> > > > > > > at line no. 1134 of the file /etc/inc/filter.inc
> > > > > must
> > > > > > > be commented out.
> > > > > > >
> > > > > > > Cheers!
> > > > > > >
> > > > > > >
> > > > > > > --- Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> > > > > > >
> > > > > > > > When the squid package has installed properly
> > > > > > > > without any errors type:
> > > > > > > > # pfctl -sr | grep rdr
> > > > > > > > if that returns a rule and trans.proxy still
> > > > > doesn't
> > > > > > > > work (make sure
> > > > > > > > the squid process is running) then I would
> > > > > suggest
> > > > > > > > you read the squid
> > > > > > > > logs to findout why it doesn't cache.
> > > > > > > >
> > > > > > > > /bkw
> > > > > > > >
> > > > > > > >
> > > > > > > > On 8/16/05, Albert Miles Enabe
> > > > > <[EMAIL PROTECTED]>
> > > > > > > > wrote:
> > > > > > > > > Hi!
> > > > > > > > >
> > > > > > > > > The rdr (nat) rule for squid transparent
> > > > > proxy is
> > > > > > > > > missing on pfsense 0.76.2 which causes
> > > > > transparent
> > > > > > > > > proxying NOT to function properly. The
> > > > > > > > corresponding
> > > > > > > > > pass rules are present however.
> > > > > > > > >
> > > > > > > > > The problem is corrected by commenting out
> > > > > line#
> > > > > > > > 1134
> > > > > > > > > of /etc/inc/filter.inc:
> > > > > > > > >
> > > > > > > > > if (is_package_installed("squid") ==
> > > > > 1)
> > > > > > > > > //if
> > > > > (is_process_running("squid"))
> > > > > > > > >
> > > > > > > > > Could it be because this function was called
> > > > > at
> > > > > > > > the
> > > > > > > > > time when squid has not fully loaded itself?
> > > > > If
> > > > > > > > this
> > > > > > > > > is th
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
Thanks!
On 8/17/05, Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> sounds fun and useful atm.
>
> I'll search and see what I can find, I'am pretty sure there are tools for
> that..
> /bkw
>
> On 8/17/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > BKW,
> >
> > Any chance of doing some type of automated web browsing from a machine
> > and let it run overnight? IE: the client machine would keep randomly
> > surfing to sites..
> >
> > Scott
> >
> >
> > On 8/17/05, Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> > > I've now tried squid. I works well for me running 0.76.4
> > > The installation succeeds and the squid process starts in right order.
> > > The rdr rules 'DOES' exist in my rules.debug and has been enabled.
> > >
> > > I've read all squid logs and it does transperant caching out of the box.
> > >
> > > Now I'll leave the process running for a few hours while using inet
> > > and see what happens...
> > >
> > > /bkw
> > >
> > > On 8/17/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > > > SQUID should not be dying. If it is then I need to deactivate the
> > > > package until a new one is released on the freebsd site.
> > > >
> > > > Scott
> > > >
> > > >
> > > > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]> wrote:
> > > > > No need to file a ticket. Thanks for the swift action.
> > > > > I'll wait till next release then.
> > > > >
> > > > > Also, I am concerned of the Squid process dying for
> > > > > any reason and the rdr rule for transparent proxying
> > > > > is still in effect. This will block http traffic to
> > > > > the internet. Any solution for this?
> > > > >
> > > > > Thanks again.
> > > > >
> > > > > Miles
> > > > >
> > > > > --- Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > > The solution here is to set the filter dirty flag in
> > > > > > the squid startup
> > > > > > script. This will force the rules to be reloaded
> > > > > > and then squid will
> > > > > > be running.
> > > > > >
> > > > > > I'll take care of it shortly.
> > > > > >
> > > > > > Scott
> > > > > >
> > > > > >
> > > > > > On 8/16/05, Bill Marquette
> > > > > > <[EMAIL PROTECTED]> wrote:
> > > > > > > Albert, can you file a ticket on this at
> > > > > > http://cvstrac.pfsense.com/ ?
> > > > > > > I'd rather not delay boot until squid is up, but I
> > > > > > suppose that's open
> > > > > > > for debate. Without looking at the code, I'm
> > > > > > wondering if we're even
> > > > > > > starting up squid before the filter.
> > > > > > > Can you insert a sleep(); statement before the
> > > > > > is_process_running
> > > > > > > statement and tell us how long you have to sleep
> > > > > > for to get reliable
> > > > > > > results? Also, what speed hardware is this on?
> > > > > > Thanks
> > > > > > >
> > > > > > > --Bill
> > > > > > >
> > > > > > > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]>
> > > > > > wrote:
> > > > > > > > I think it is actually a BUG in the script
> > > > > > > > /etc/inc/filter.inc that checks for the squid
> > > > > > process
> > > > > > > > at boot time which will return FALSE because no
> > > > > > > > package is loaded during this time yet. See the
> > > > > > > > /etc/rc script for the loading sequence.
> > > > > > > >
> > > > > > > > The /etc/rc.bootup script that initializes the
> > > > > > pf
> > > > > > > > rules is called before executing rc.d items.
> > > > > > Please
> > > > > > > > see the /etc/rc script.
> > > > > > > >
> > > > > > > > As a solution, the
> > > > > > "if(is_process_running("squid"))"
> > > > > > > > at line no. 1134 of the file /etc/inc/filter.inc
> > > > > > must
> > > > > > > > be commented out.
> > > > > > > >
> > > > > > > > Cheers!
> > > > > > > >
> > > > > > > >
> > > > > > > > --- Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> > > > > > > >
> > > > > > > > > When the squid package has installed properly
> > > > > > > > > without any errors type:
> > > > > > > > > # pfctl -sr | grep rdr
> > > > > > > > > if that returns a rule and trans.proxy still
> > > > > > doesn't
> > > > > > > > > work (make sure
> > > > > > > > > the squid process is running) then I would
> > > > > > suggest
> > > > > > > > > you read the squid
> > > > > > > > > logs to findout why it doesn't cache.
> > > > > > > > >
> > > > > > > > > /bkw
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On 8/16/05, Albert Miles Enabe
> > > > > > <[EMAIL PROTECTED]>
> > > > > > > > > wrote:
> > > > > > > > > > Hi!
> > > > > > > > > >
> > > > > > > > > > The rdr (nat) rule for squid transparent
> > > > > > proxy is
> > > > > > > > > > missing on pfsense 0.76.2 which causes
> > > > > > transparent
> > > > > > > > > > proxying NOT to function properly. The
> > > > > > > > > corresponding
> > > > > > > > > > pass rules are present however.
> > > > > > > > > >
> > > > > > > > > > The problem is corrected by commenting out
> > > > > > line#
> > > > > > > > > 1134
> > > > > > > > > > of /etc/inc/filter.inc:
> > > > > > > > > >
> > > > > > > > > > if (is_package_installed(
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
http://bkw.lindesign.se/tmp/squid.jpg I consider transperant squid as working.
the robot's have visting enough now.
/bkw
On 8/17/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> Thanks!
>
> On 8/17/05, Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> > sounds fun and useful atm.
> >
> > I'll search and see what I can find, I'am pretty sure there are tools for
> > that..
> > /bkw
> >
> > On 8/17/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > > BKW,
> > >
> > > Any chance of doing some type of automated web browsing from a machine
> > > and let it run overnight? IE: the client machine would keep randomly
> > > surfing to sites..
> > >
> > > Scott
> > >
> > >
> > > On 8/17/05, Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> > > > I've now tried squid. I works well for me running 0.76.4
> > > > The installation succeeds and the squid process starts in right order.
> > > > The rdr rules 'DOES' exist in my rules.debug and has been enabled.
> > > >
> > > > I've read all squid logs and it does transperant caching out of the box.
> > > >
> > > > Now I'll leave the process running for a few hours while using inet
> > > > and see what happens...
> > > >
> > > > /bkw
> > > >
> > > > On 8/17/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > > > > SQUID should not be dying. If it is then I need to deactivate the
> > > > > package until a new one is released on the freebsd site.
> > > > >
> > > > > Scott
> > > > >
> > > > >
> > > > > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]> wrote:
> > > > > > No need to file a ticket. Thanks for the swift action.
> > > > > > I'll wait till next release then.
> > > > > >
> > > > > > Also, I am concerned of the Squid process dying for
> > > > > > any reason and the rdr rule for transparent proxying
> > > > > > is still in effect. This will block http traffic to
> > > > > > the internet. Any solution for this?
> > > > > >
> > > > > > Thanks again.
> > > > > >
> > > > > > Miles
> > > > > >
> > > > > > --- Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > > > > >
> > > > > > > The solution here is to set the filter dirty flag in
> > > > > > > the squid startup
> > > > > > > script. This will force the rules to be reloaded
> > > > > > > and then squid will
> > > > > > > be running.
> > > > > > >
> > > > > > > I'll take care of it shortly.
> > > > > > >
> > > > > > > Scott
> > > > > > >
> > > > > > >
> > > > > > > On 8/16/05, Bill Marquette
> > > > > > > <[EMAIL PROTECTED]> wrote:
> > > > > > > > Albert, can you file a ticket on this at
> > > > > > > http://cvstrac.pfsense.com/ ?
> > > > > > > > I'd rather not delay boot until squid is up, but I
> > > > > > > suppose that's open
> > > > > > > > for debate. Without looking at the code, I'm
> > > > > > > wondering if we're even
> > > > > > > > starting up squid before the filter.
> > > > > > > > Can you insert a sleep(); statement before the
> > > > > > > is_process_running
> > > > > > > > statement and tell us how long you have to sleep
> > > > > > > for to get reliable
> > > > > > > > results? Also, what speed hardware is this on?
> > > > > > > Thanks
> > > > > > > >
> > > > > > > > --Bill
> > > > > > > >
> > > > > > > > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]>
> > > > > > > wrote:
> > > > > > > > > I think it is actually a BUG in the script
> > > > > > > > > /etc/inc/filter.inc that checks for the squid
> > > > > > > process
> > > > > > > > > at boot time which will return FALSE because no
> > > > > > > > > package is loaded during this time yet. See the
> > > > > > > > > /etc/rc script for the loading sequence.
> > > > > > > > >
> > > > > > > > > The /etc/rc.bootup script that initializes the
> > > > > > > pf
> > > > > > > > > rules is called before executing rc.d items.
> > > > > > > Please
> > > > > > > > > see the /etc/rc script.
> > > > > > > > >
> > > > > > > > > As a solution, the
> > > > > > > "if(is_process_running("squid"))"
> > > > > > > > > at line no. 1134 of the file /etc/inc/filter.inc
> > > > > > > must
> > > > > > > > > be commented out.
> > > > > > > > >
> > > > > > > > > Cheers!
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --- Bachman Kharazmi <[EMAIL PROTECTED]> wrote:
> > > > > > > > >
> > > > > > > > > > When the squid package has installed properly
> > > > > > > > > > without any errors type:
> > > > > > > > > > # pfctl -sr | grep rdr
> > > > > > > > > > if that returns a rule and trans.proxy still
> > > > > > > doesn't
> > > > > > > > > > work (make sure
> > > > > > > > > > the squid process is running) then I would
> > > > > > > suggest
> > > > > > > > > > you read the squid
> > > > > > > > > > logs to findout why it doesn't cache.
> > > > > > > > > >
> > > > > > > > > > /bkw
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > On 8/16/05, Albert Miles Enabe
> > > > > > > <[EMAIL PROTECTED]>
> > > > > > > > > > wrote:
> > > > > > > > > > > Hi!
> > > > > > > > > > >
> > > > > > > > > > > The rdr (nat) rule for squid transparent
> > > > > > > proxy is
> > > > > > > > > > > missing on pf
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
Hi Scott and all,
I don't experience Squid dying in pfsense yet. But, I
did experience this in the past when Squid core dumps
in my custom FreeBSD box.
The possibility of Squid dying or terminating (for
whatever reason) is not remote and with the rdr rules
for transparent proxying still in effect, this could
effectively block http traffic.
A solution could be to use a script (See the RunCache
script for squid as reference) to periodically check
if squid is still running and when it's not, the
script should set the filter dirty flag to reload the
filters.
With this solution, the /etc/inc/filter.inc should
also be modified to allow removal of the rdr rule for
transparent proxying only when squid has died or
terminated.
...
if (is_package_installed("squid") == 1)
if(is_process_running("squid")) {
//insert rule for transp proxy
}
else {
//remove rdr rule for transp proxy
}
...
I hope this makes my point clear.
Miles
--- Scott Ullrich <[EMAIL PROTECTED]> wrote:
> SQUID should not be dying. If it is then I need to
> deactivate the
> package until a new one is released on the freebsd
> site.
>
> Scott
>
>
> On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]>
> wrote:
> > No need to file a ticket. Thanks for the swift
> action.
> > I'll wait till next release then.
> >
> > Also, I am concerned of the Squid process dying
> for
> > any reason and the rdr rule for transparent
> proxying
> > is still in effect. This will block http traffic
> to
> > the internet. Any solution for this?
> >
> > Thanks again.
> >
> > Miles
> >
> > --- Scott Ullrich <[EMAIL PROTECTED]> wrote:
> >
> > > The solution here is to set the filter dirty
> flag in
> > > the squid startup
> > > script. This will force the rules to be
> reloaded
> > > and then squid will
> > > be running.
> > >
> > > I'll take care of it shortly.
> > >
> > > Scott
> > >
> > >
> > > On 8/16/05, Bill Marquette
> > > <[EMAIL PROTECTED]> wrote:
> > > > Albert, can you file a ticket on this at
> > > http://cvstrac.pfsense.com/ ?
> > > > I'd rather not delay boot until squid is up,
> but I
> > > suppose that's open
> > > > for debate. Without looking at the code, I'm
> > > wondering if we're even
> > > > starting up squid before the filter.
> > > > Can you insert a sleep(); statement before the
> > > is_process_running
> > > > statement and tell us how long you have to
> sleep
> > > for to get reliable
> > > > results? Also, what speed hardware is this on?
> > > Thanks
> > > >
> > > > --Bill
> > > >
> > > > On 8/16/05, Albert Miles Enabe
> <[EMAIL PROTECTED]>
> > > wrote:
> > > > > I think it is actually a BUG in the script
> > > > > /etc/inc/filter.inc that checks for the
> squid
> > > process
> > > > > at boot time which will return FALSE because
> no
> > > > > package is loaded during this time yet. See
> the
> > > > > /etc/rc script for the loading sequence.
> > > > >
> > > > > The /etc/rc.bootup script that initializes
> the
> > > pf
> > > > > rules is called before executing rc.d items.
> > > Please
> > > > > see the /etc/rc script.
> > > > >
> > > > > As a solution, the
> > > "if(is_process_running("squid"))"
> > > > > at line no. 1134 of the file
> /etc/inc/filter.inc
> > > must
> > > > > be commented out.
> > > > >
> > > > > Cheers!
> > > > >
> > > > >
> > > > > --- Bachman Kharazmi <[EMAIL PROTECTED]>
> wrote:
> > > > >
> > > > > > When the squid package has installed
> properly
> > > > > > without any errors type:
> > > > > > # pfctl -sr | grep rdr
> > > > > > if that returns a rule and trans.proxy
> still
> > > doesn't
> > > > > > work (make sure
> > > > > > the squid process is running) then I would
> > > suggest
> > > > > > you read the squid
> > > > > > logs to findout why it doesn't cache.
> > > > > >
> > > > > > /bkw
> > > > > >
> > > > > >
> > > > > > On 8/16/05, Albert Miles Enabe
> > > <[EMAIL PROTECTED]>
> > > > > > wrote:
> > > > > > > Hi!
> > > > > > >
> > > > > > > The rdr (nat) rule for squid transparent
> > > proxy is
> > > > > > > missing on pfsense 0.76.2 which causes
> > > transparent
> > > > > > > proxying NOT to function properly. The
> > > > > > corresponding
> > > > > > > pass rules are present however.
> > > > > > >
> > > > > > > The problem is corrected by commenting
> out
> > > line#
> > > > > > 1134
> > > > > > > of /etc/inc/filter.inc:
> > > > > > >
> > > > > > > if
> (is_package_installed("squid") ==
> > > 1)
> > > > > > > //if
> > > (is_process_running("squid"))
> > > > > > >
> > > > > > > Could it be because this function was
> called
> > > at
> > > > > > the
> > > > > > > time when squid has not fully loaded
> itself?
> > > If
> > > > > > this
> > > > > > > is the case, then it would be better if
> the
> > > rc
> > > > > > loader
> > > > > > > for squid be given enough time to
> "sleep"
> > > for a
> > > > > > while
> > > > > > > before exiting.
> > > > > > >
