Hi Scott and all,
I don't experience Squid dying in pfsense yet. But, I
did experience this in the past when Squid core dumps
in my custom FreeBSD box.
The possibility of Squid dying or terminating (for
whatever reason) is not remote and with the rdr rules
for transparent proxying still in effect, this could
effectively block http traffic.
A solution could be to use a script (See the RunCache
script for squid as reference) to periodically check
if squid is still running and when it's not, the
script should set the filter dirty flag to reload the
filters.
With this solution, the /etc/inc/filter.inc should
also be modified to allow removal of the rdr rule for
transparent proxying only when squid has died or
terminated.
...
if (is_package_installed("squid") == 1)
if(is_process_running("squid")) {
//insert rule for transp proxy
}
else {
//remove rdr rule for transp proxy
}
...
I hope this makes my point clear.
Miles
--- Scott Ullrich <[EMAIL PROTECTED]> wrote:
> SQUID should not be dying. If it is then I need to
> deactivate the
> package until a new one is released on the freebsd
> site.
>
> Scott
>
>
> On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]>
> wrote:
> > No need to file a ticket. Thanks for the swift
> action.
> > I'll wait till next release then.
> >
> > Also, I am concerned of the Squid process dying
> for
> > any reason and the rdr rule for transparent
> proxying
> > is still in effect. This will block http traffic
> to
> > the internet. Any solution for this?
> >
> > Thanks again.
> >
> > Miles
> >
> > --- Scott Ullrich <[EMAIL PROTECTED]> wrote:
> >
> > > The solution here is to set the filter dirty
> flag in
> > > the squid startup
> > > script. This will force the rules to be
> reloaded
> > > and then squid will
> > > be running.
> > >
> > > I'll take care of it shortly.
> > >
> > > Scott
> > >
> > >
> > > On 8/16/05, Bill Marquette
> > > <[EMAIL PROTECTED]> wrote:
> > > > Albert, can you file a ticket on this at
> > > http://cvstrac.pfsense.com/ ?
> > > > I'd rather not delay boot until squid is up,
> but I
> > > suppose that's open
> > > > for debate. Without looking at the code, I'm
> > > wondering if we're even
> > > > starting up squid before the filter.
> > > > Can you insert a sleep(); statement before the
> > > is_process_running
> > > > statement and tell us how long you have to
> sleep
> > > for to get reliable
> > > > results? Also, what speed hardware is this on?
> > > Thanks
> > > >
> > > > --Bill
> > > >
> > > > On 8/16/05, Albert Miles Enabe
> <[EMAIL PROTECTED]>
> > > wrote:
> > > > > I think it is actually a BUG in the script
> > > > > /etc/inc/filter.inc that checks for the
> squid
> > > process
> > > > > at boot time which will return FALSE because
> no
> > > > > package is loaded during this time yet. See
> the
> > > > > /etc/rc script for the loading sequence.
> > > > >
> > > > > The /etc/rc.bootup script that initializes
> the
> > > pf
> > > > > rules is called before executing rc.d items.
> > > Please
> > > > > see the /etc/rc script.
> > > > >
> > > > > As a solution, the
> > > "if(is_process_running("squid"))"
> > > > > at line no. 1134 of the file
> /etc/inc/filter.inc
> > > must
> > > > > be commented out.
> > > > >
> > > > > Cheers!
> > > > >
> > > > >
> > > > > --- Bachman Kharazmi <[EMAIL PROTECTED]>
> wrote:
> > > > >
> > > > > > When the squid package has installed
> properly
> > > > > > without any errors type:
> > > > > > # pfctl -sr | grep rdr
> > > > > > if that returns a rule and trans.proxy
> still
> > > doesn't
> > > > > > work (make sure
> > > > > > the squid process is running) then I would
> > > suggest
> > > > > > you read the squid
> > > > > > logs to findout why it doesn't cache.
> > > > > >
> > > > > > /bkw
> > > > > >
> > > > > >
> > > > > > On 8/16/05, Albert Miles Enabe
> > > <[EMAIL PROTECTED]>
> > > > > > wrote:
> > > > > > > Hi!
> > > > > > >
> > > > > > > The rdr (nat) rule for squid transparent
> > > proxy is
> > > > > > > missing on pfsense 0.76.2 which causes
> > > transparent
> > > > > > > proxying NOT to function properly. The
> > > > > > corresponding
> > > > > > > pass rules are present however.
> > > > > > >
> > > > > > > The problem is corrected by commenting
> out
> > > line#
> > > > > > 1134
> > > > > > > of /etc/inc/filter.inc:
> > > > > > >
> > > > > > > if
> (is_package_installed("squid") ==
> > > 1)
> > > > > > > //if
> > > (is_process_running("squid"))
> > > > > > >
> > > > > > > Could it be because this function was
> called
> > > at
> > > > > > the
> > > > > > > time when squid has not fully loaded
> itself?
> > > If
> > > > > > this
> > > > > > > is the case, then it would be better if
> the
> > > rc
> > > > > > loader
> > > > > > > for squid be given enough time to
> "sleep"
> > > for a
> > > > > > while
> > > > > > > before exiting.
> > > > > > >
> > > > > > > Thanks.
> > > > > > >
> > > > > > > Miles
> > > > > > >
> > > > > > >
> > >
> __________________________________________________
> > > > > > > Do You Yahoo!?
> > > > > > > Tired of spam? Yahoo! Mail has the best
> > > spam
> > > > > > protection around
> > > > > > > http://mail.yahoo.com
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > >
> >
>
---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail:
> > > > > > [EMAIL PROTECTED]
> > > > > > > For additional commands, e-mail:
> > > > > > [EMAIL PROTECTED]
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > ######################
> > > > > > BKW - Bachman Kharazmi
> > > > > > bahkha AT gmail DOT com
> > > > > > uin: #24089491
> > > > > > SWEDEN
> > > > > > ######################
> > > > > >
> > > > > >
> > > > >
> > >
> >
>
---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
> > > > > > [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail:
> > > > > > [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > >
> > > > >
>
=== message truncated ===
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
