pfSense » pfSense Packages

log file from squid.log. There are a few things going on here..

Squid is unable to bind to port 80 for reverse proxy (I think this could be a configuration conflict even tho nothing is running on port 80, maybe anti-lockout rules; have to test further)

squid unable to create PID file
squid unable to initialize the ICMP/v6 pinger

The other errors i'm still investigating: service_req/service_resp is for squidclamav(i have it working) then the normal squidguard error i've seen over the years.. There is a lib that is missing for squidGuard but i will open another ticket for that.


2015/01/11 22:01:55 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.0...
2015/01/11 22:01:55 kid1| commBind: Cannot bind socket FD 35 to 192.168.0.70:80: (13) Permission denied
2015/01/11 22:01:55 kid1| commBind: Cannot bind socket FD 36 to 192.168.120.128:80: (13) Permission denied
2015/01/11 22:01:55 kid1| /var/run/squid/squid.pid: (1) Operation not permitted
2015/01/11 22:01:55 kid1| WARNING: Could not write pid file
2015/01/11 22:01:55 kid1| ERROR: Unknown adaptation service or group name: 'service_req'
2015/01/11 22:01:55 kid1| ERROR: Unknown adaptation service or group name: 'service_resp'
2015/01/11 22:01:55| pinger: Initialising ICMP pinger ...
2015/01/11 22:01:55| icmp_sock: (1) Operation not permitted
2015/01/11 22:01:55| pinger: Unable to start ICMP pinger.
2015/01/11 22:01:55| icmp_sock: (1) Operation not permitted
2015/01/11 22:01:55| pinger: Unable to start ICMPv6 pinger.
2015/01/11 22:01:55| FATAL: pinger: Unable to open any ICMP sockets.
2015-01-11 22:01:55 [17339] /usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard.log
2015-01-11 22:01:55 [17339] INFO: New setting: logdir: /var/squidGuard/log
2015-01-11 22:01:55 [17339] INFO: New setting: dbhome: /var/db/squidGuard
2015-01-11 22:01:55 [17339] init domainlist /var/db/squidGuard/blk_BL_adv/domains
2015-01-11 22:01:55 [17339] INFO: loading dbfile /var/db/squidGuard/blk_BL_adv/domains.db
2015-01-11 22:01:55 [17836] /usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard.log
2015-01-11 22:01:55 [17836] INFO: New setting: logdir: /var/squidGuard/log
2015-01-11 22:01:55 [17836] INFO: New setting: dbhome: /var/db/squidGuard
2015-01-11 22:01:55 [17836] init domainlist /var/db/squidGuard/blk_BL_adv/domains
2015-01-11 22:01:55 [17836] INFO: loading dbfile /var/db/squidGuard/blk_BL_adv/domains.db
2015-01-11 22:01:55 [17196] /usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard.log
2015-01-11 22:01:55 [17196] INFO: New setting: logdir: /var/squidGuard/log
2015-01-11 22:01:55 [17196] INFO: New setting: dbhome: /var/db/squidGuard
2015-01-11 22:01:55 [17196] init domainlist /var/db/squidGuard/blk_BL_adv/domains
2015-01-11 22:01:55 [17196] INFO: loading dbfile /var/db/squidGuard/blk_BL_adv/domains.db


/var/run/squid will be fixed on next package update. This fixes squid -k reconfigure calls returning "no running copy"

the port permission maybe related to non root users low port bind.
https://www.freebsd.org/doc/handbook/mac-policies.html
May need a kernel option include to workaround it using sysctl.

Marcello Silva Coutinho wrote:

/var/run/squid will be fixed on next package update. This fixes squid -k reconfigure calls returning "no running copy"

the port permission maybe related to non root users low port bind.
https://www.freebsd.org/doc/handbook/mac-policies.html
May need a kernel option include to workaround it using sysctl.

or setting this

sysctl net.inet.ip.portrange.reservedhigh=0

thanks Marcello.

For those wanting to bind it to something < 1024, they'll have to configure net.inet.ip.portrange.reservedhigh accordingly in tunables under System>Advanced. It generally shouldn't run on a low port.

Thanks Marcello! I'll have keep note of this in-case it's brought up on the forums again.. I've always used a higher port so wouldn't have noticed if I wasn't testing for another forum member

This may fix most issues with squid package on 2.2
https://github.com/pfsense/pfsense-packages/pull/786

I've included a config option check on squid.xml to warn sysadmin about net.inet.ip.portrange.reservedhigh tunables under System>Advanced.

looking good. squid is able to start. I installed the package on a fresh amd64 install. After package install it auto started squid and the pid error popped up. I manually stop the service. Re-saved the squid config, and error went away. I check /var/run/squid and the pid was created. Re-saved config and squid was able to reconfigure. Will see tonight if logs rotate. There is still the pinger error if left enabled


2015/01/14 08:29:41 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.0...
2015/01/14 08:29:43| pinger: Initialising ICMP pinger ...
2015/01/14 08:29:43| icmp_sock: (1) Operation not permitted
2015/01/14 08:29:43| pinger: Unable to start ICMP pinger.
2015/01/14 08:29:43| icmp_sock: (1) Operation not permitted
2015/01/14 08:29:43| pinger: Unable to start ICMPv6 pinger.
2015/01/14 08:29:43| FATAL: pinger: Unable to open any ICMP sockets.
2015/01/14 09:16:42| pinger: Initialising ICMP pinger ...
2015/01/14 09:16:42| icmp_sock: (1) Operation not permitted
2015/01/14 09:16:42| pinger: Unable to start ICMP pinger.
2015/01/14 09:16:42| icmp_sock: (1) Operation not permitted
2015/01/14 09:16:42| pinger: Unable to start ICMPv6 pinger.
2015/01/14 09:16:42| FATAL: pinger: Unable to open any ICMP sockets.
2015/01/14 09:16:46| pinger: Initialising ICMP pinger ...
2015/01/14 09:16:46| icmp_sock: (1) Operation not permitted
2015/01/14 09:16:46| pinger: Unable to start ICMP pinger.
2015/01/14 09:16:46| icmp_sock: (1) Operation not permitted
2015/01/14 09:16:46| pinger: Unable to start ICMPv6 pinger.
2015/01/14 09:16:46| FATAL: pinger: Unable to open any ICMP sockets.


thanks again!