Hi Scott and all, I don't experience Squid dying in pfsense yet. But, I did experience this in the past when Squid core dumps in my custom FreeBSD box.
The possibility of Squid dying or terminating (for whatever reason) is not remote and with the rdr rules for transparent proxying still in effect, this could effectively block http traffic. A solution could be to use a script (See the RunCache script for squid as reference) to periodically check if squid is still running and when it's not, the script should set the filter dirty flag to reload the filters. With this solution, the /etc/inc/filter.inc should also be modified to allow removal of the rdr rule for transparent proxying only when squid has died or terminated. ... if (is_package_installed("squid") == 1) if(is_process_running("squid")) { //insert rule for transp proxy } else { //remove rdr rule for transp proxy } ... I hope this makes my point clear. Miles --- Scott Ullrich <[EMAIL PROTECTED]> wrote: > SQUID should not be dying. If it is then I need to > deactivate the > package until a new one is released on the freebsd > site. > > Scott > > > On 8/16/05, Albert Miles Enabe <[EMAIL PROTECTED]> > wrote: > > No need to file a ticket. Thanks for the swift > action. > > I'll wait till next release then. > > > > Also, I am concerned of the Squid process dying > for > > any reason and the rdr rule for transparent > proxying > > is still in effect. This will block http traffic > to > > the internet. Any solution for this? > > > > Thanks again. > > > > Miles > > > > --- Scott Ullrich <[EMAIL PROTECTED]> wrote: > > > > > The solution here is to set the filter dirty > flag in > > > the squid startup > > > script. This will force the rules to be > reloaded > > > and then squid will > > > be running. > > > > > > I'll take care of it shortly. > > > > > > Scott > > > > > > > > > On 8/16/05, Bill Marquette > > > <[EMAIL PROTECTED]> wrote: > > > > Albert, can you file a ticket on this at > > > http://cvstrac.pfsense.com/ ? > > > > I'd rather not delay boot until squid is up, > but I > > > suppose that's open > > > > for debate. Without looking at the code, I'm > > > wondering if we're even > > > > starting up squid before the filter. > > > > Can you insert a sleep(); statement before the > > > is_process_running > > > > statement and tell us how long you have to > sleep > > > for to get reliable > > > > results? Also, what speed hardware is this on? > > > Thanks > > > > > > > > --Bill > > > > > > > > On 8/16/05, Albert Miles Enabe > <[EMAIL PROTECTED]> > > > wrote: > > > > > I think it is actually a BUG in the script > > > > > /etc/inc/filter.inc that checks for the > squid > > > process > > > > > at boot time which will return FALSE because > no > > > > > package is loaded during this time yet. See > the > > > > > /etc/rc script for the loading sequence. > > > > > > > > > > The /etc/rc.bootup script that initializes > the > > > pf > > > > > rules is called before executing rc.d items. > > > Please > > > > > see the /etc/rc script. > > > > > > > > > > As a solution, the > > > "if(is_process_running("squid"))" > > > > > at line no. 1134 of the file > /etc/inc/filter.inc > > > must > > > > > be commented out. > > > > > > > > > > Cheers! > > > > > > > > > > > > > > > --- Bachman Kharazmi <[EMAIL PROTECTED]> > wrote: > > > > > > > > > > > When the squid package has installed > properly > > > > > > without any errors type: > > > > > > # pfctl -sr | grep rdr > > > > > > if that returns a rule and trans.proxy > still > > > doesn't > > > > > > work (make sure > > > > > > the squid process is running) then I would > > > suggest > > > > > > you read the squid > > > > > > logs to findout why it doesn't cache. > > > > > > > > > > > > /bkw > > > > > > > > > > > > > > > > > > On 8/16/05, Albert Miles Enabe > > > <[EMAIL PROTECTED]> > > > > > > wrote: > > > > > > > Hi! > > > > > > > > > > > > > > The rdr (nat) rule for squid transparent > > > proxy is > > > > > > > missing on pfsense 0.76.2 which causes > > > transparent > > > > > > > proxying NOT to function properly. The > > > > > > corresponding > > > > > > > pass rules are present however. > > > > > > > > > > > > > > The problem is corrected by commenting > out > > > line# > > > > > > 1134 > > > > > > > of /etc/inc/filter.inc: > > > > > > > > > > > > > > if > (is_package_installed("squid") == > > > 1) > > > > > > > //if > > > (is_process_running("squid")) > > > > > > > > > > > > > > Could it be because this function was > called > > > at > > > > > > the > > > > > > > time when squid has not fully loaded > itself? > > > If > > > > > > this > > > > > > > is the case, then it would be better if > the > > > rc > > > > > > loader > > > > > > > for squid be given enough time to > "sleep" > > > for a > > > > > > while > > > > > > > before exiting. > > > > > > > > > > > > > > Thanks. > > > > > > > > > > > > > > Miles > > > > > > > > > > > > > > > > > > __________________________________________________ > > > > > > > Do You Yahoo!? > > > > > > > Tired of spam? Yahoo! Mail has the best > > > spam > > > > > > protection around > > > > > > > http://mail.yahoo.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > To unsubscribe, e-mail: > > > > > > [EMAIL PROTECTED] > > > > > > > For additional commands, e-mail: > > > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > ###################### > > > > > > BKW - Bachman Kharazmi > > > > > > bahkha AT gmail DOT com > > > > > > uin: #24089491 > > > > > > SWEDEN > > > > > > ###################### > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: > > > > > > [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: > > > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > === message truncated === ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]