pfSense » pfSense Packages

package build options are updated and pbi rebuild.

Just tested the new package, still transparent proxy does not work. In the logs I get "TAG_NONE/400" and the client gets "invalid URL".
Tested with both transparent checked on the web interface and with a manual redirect rule in the NAT section.
May have something to do with PfSense build, I'm on Fri Dec 12 12:10:38 CST 2014 build.

Cheers.

Pfsense: 2.2-RC (amd64) built on Sat Jan 10 03:54:06 CST 2015
Squid: 3.4.10_2 pkg 0.2.2

Issue with transparent proxy still persist for me too, client gets invalid url.

(cpu load of .pbirun process is also really high even after disabling transparent proxy)

If I can provide any additional logging information that may help, please just contact me.

I'm sorry, it seems there are still numerous issues with this package:

- Transparent proxy still doesn't work. "TAG_NONE/400" and "invalid URL".
- FATAL: pinger: Unable to open any ICMP sockets.
- kid1| commBind: Cannot bind socket FD 29 to 127.0.0.1:3128: (48) Address already in use

Sadly it has gone from bad to worse, we're nearly three months without Squid now.
Any pointers on how to troubleshoot this will be appreciated.

Cheers.

Arthur Undisclosed wrote:

I'm sorry, it seems there are still numerous issues with this package:

- Transparent proxy still doesn't work. "TAG_NONE/400" and "invalid URL".
- FATAL: pinger: Unable to open any ICMP sockets.
- kid1| commBind: Cannot bind socket FD 29 to 127.0.0.1:3128: (48) Address already in use

Sadly it has gone from bad to worse, we're nearly three months without Squid now.
Any pointers on how to troubleshoot this will be appreciated.

Cheers.

This problem can be present at the wrong setting squid
If you in Proxy interface(s) selected loopback interface this problem may appears

Confirmed working now. (phew!)
Latest package 0.2.4 transparent proxy is OK.
ICMP pinger disabled in GUI to avoid errors.
I've removed Squid from the loopback interface.

As for manual redirect rules:
I couldn't find any information why we need actually TWO nat rules?
The first one states "NO RDR to localnets" and the second rule does the actual redirect to port 3128.
I found it by accident in the rules.debug when I locked myself out of the GUI...

Let's close this one, a huge thankyou for all your work.
Cheers.

Please do not close.
I know the original bug was opened on amd64 but I have been following this avidly as it also effects i386.
Coming from a working config on 2.1.5 and upgrading the Squid package when upgrading to 2.2 does not work. There has been improvements: it now lets you access websites when the Transparent Proxy is enabled (and the Service does appear to run without error), but it is not caching anything nor is Squid logging any attempts.

Process:
working config from 2.1.5 > Upgrade to 2.2 latest.
Update to latest Squid Package.
Resave all configs (even though previous working setup is shown in GUI, inc no loopback interface selected)
restart Router (and therefore service also).
File downloads continue to come from WAN interface where previously would show as coming from SSD Cache (proven via interface status graph as squid log not showing any activity)

PfSense: 2.2-RC (amd64) built on Thu Jan 15 12:12:32 CST 2015
Squid: 3.4.10_2 pkg 0.2.4

Confirmed, Package is working now for me too, but interestingly only after a reboot of the router after the package installation. (invalid url error appeared again directly after package installation.)

Loopback interface was never selected on my side.

Issue definitely not "fixed" if you are upgrading from a working config - maybe if you install fresh or use some workarounds(?)

No point opening a bug for i386 as obviously closed so they can a rush 2.2RELEASE

the issue covered by this ticket is fixed, there might be other issues but those are separate and have no relation to 2.2. Please post info on whatever issue you have to the forum.