# Need help with Squid in FreeBSD 8.2 RC2



## paulfxh (Jan 25, 2011)

I have 8.2 RC2 running well on a Dell E520.
However, I've been trying to get Squid working in this OS with no success yet.
I installed squid from ports and chose the pf option in the compilation. In my latest attempt to get it to function, I used the squid.conf file from herethis BSD guide and I made no changes whatsoever to the file as given (other than to correct a small syntax error in line 4).
However, after configuring Firefox to connect to proxy.mydomain.conf:3128, it is unable to open http://www.google.com and continues trying to connect for ever.
In the Midori browser, similarly configured, it quickly errors out when seeking the same website and gives the message that it's unable to connect to proxy.yourdomain.com.
All of the entries in the access.log are TCP_MISS/200 errors.
Here's a typical entry:

```
1295910162.896    246 127.0.0.1 TCP_MISS/200 164842 GET http://safebrowsing-
cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAAYwe0BIIDwATItwXYAAP____v___d93____vf7_f___v_7__________________________8A - 
DIRECT/74.125.79.101 application/vnd.google.safebrowsing-chunk
```
Interestingly, the very same error is highlighted in the second comment to the BSD guide (linked above) from where I took the squid.conf file. However, no solution was offered.
Can anybody suggest how to overcome this?


----------



## DutchDaemon (Jan 25, 2011)

In five years, squid.conf syntax has changed, and Squid 3.x is very different from Squid 2.x (which may be what's in that write-up). Look at squid.conf.default and squid.conf.documented in /usr/local/etc/squid for syntax changes. Try copying squid.conf.default and filling in your own data.

Moreover: you mention PF, that document doesn't. Seeing that you run Squid on localhost, maybe you're trying to set up a transparent proxy. This requires a different setting in squid.conf -> http://www.google.com/search?q=transparent+squid+freebsd


----------



## paulfxh (Jan 25, 2011)

Thank you for the reply.

The version of Squid that I installed from ports is 2.7 Stable 9 so I don't know if the "syntax change" comment that you made still holds.

Also, my reason for trying squid is very simple in that I just want to speed up browser page rendering as detailed here for Linux. Certainly, as outlined in the link, the pdnsd daemon works very well for me in FreeBSD as it dramatically speeds up name resolution.

However, despite numerous attempts, I cannot get squid to function at all for me in any of the browsers that I've tried (Firefox, Midori). Nevertheless, I don't believe the PF option in the squid build nor a transparent proxy are of relevance to what I'm trying to achieve. They are simply there as remnants of the various failed attempts that I've made.

However, today, I deinstalled Squid and reinstalled it using the Largefile option in the build as specified in the guide I am now trying. Indeed, this time I followed all of the suggestions in the guide. However, I still am unable to get a connection to http://www.google.com. In the case of both browsers, a time-out error occurrs. Strangely, nothing whatsoever shows up in /var/log/squid/access.log.

If I type [cmd=]tail -f /var/log/squid/access.log[/file] nothing is printed but the operation does not close until I suspend it with Ctrl-z. You mentioned using /usr/local/etc/squid/squid.conf.default. Well, for someone with my lack of experience, that is a daunting task.

Are there any less painful alternatives given that my immediate objective is quite modest?


----------



## DutchDaemon (Jan 25, 2011)

There are dozens of Squid topics on this forum, so I suggest using the 'search' function near the top.


----------



## paulfxh (Jan 26, 2011)

Thanks again. Yes, I had actually done quite a bit of trawling through the forums before I posted. Nevertheless, I searched again and, although I still haven't reached to where I want, I believe I have made some progress.

By using the command

```
/usr/local/sbin/squid -NCd1
```
to start squid (after ensuring it was already shutdown as detailed in this thread), I was able to spot and eliminate some problems. The modified squid.conf that I am now using is attached (squid.conf.txt). Now, squid starts without errors (see attachment terminal_output.txt) and seems to be running fine. However, I am still unable to get Firefox to connect to http://www.google.com using the manual proxy setting as shown in attachment (connection.jpg).

In all cases the connection just times out. However, for reasons I do not understand, the file /var/log/squid/access.log remains empty. Any clues where I might be slipping up?


----------



## DutchDaemon (Jan 26, 2011)

Hard to say. Can you try this from inside your network (but not on the proxy):


```
telnet hostname.of.proxy 3128 [enter]
HEAD http://www.google.com/ HTTP/1.0 [enter][enter]
```

This should produce output similar to:


```
HTTP/1.0 302 Moved Temporarily
Location: http://www.google.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=a12e1655a4469281:FF=0:TM=1296060267:LM=1296060267:S=OM_WDpFei6ztk3ib; expires=Fri, 25-Jan-2013 16:44:27 GMT; path=/; 
domain=.google.com
Set-Cookie: NID=43=e6S1_z_Fj_bjGuXjy29pD7zqODnbN2nojvOmMrYp2fKlXNEpz5R9LBqxLksD7ZVGoaWAbvbUrgxzfH6suU55zig4yRWjd5S9iNCheyny2RdTjmP-
7SdqUO6LPgXEyhPa; expires=Thu, 28-Jul-2011 16:44:27 GMT; path=/; domain=.google.com; HttpOnly
Date: Wed, 26 Jan 2011 16:44:27 GMT
Server: gws
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-Cache: MISS from hostname.of.proxy
Via: 1.0 hostname.of.proxy (squid/3.1.10)
Connection: close

Connection closed by foreign host.
```

And it should show up in the  access.log as:


```
1296060267.921     36 [B]192.168.0.102[/B] TCP_MISS/302 732 HEAD http://www.google.com/ - DIRECT/66.102.13.99 text/html
```

Note that the connection should not be from *127.0.0.1* as in your first post. One of your LAN addresses should be in there.


----------



## DutchDaemon (Jan 26, 2011)

P.S.: is /var/log/squid/ owned by squid:squid? If not, run [cmd=]chown -R squid:squid /var/log/squid/[/cmd]


----------



## paulfxh (Jan 27, 2011)

Thank you for both replies.
Yes, /var/log/squid is owned by squid:squid.
I tried the telnet command you suggested on another computer (MacBook) on the same LAN by typing:

```
telnet proxy.mydomain.com 3128
```
where proxy.mydomain.com is the visible hostname that I used in squid.conf.
However, the only output I got was

```
Trying 216.34.94.184...
telnet: connect to address 216.34.94.184: Operation timed out
telnet: Unable to connect to remote host
```
I made just a small change to the access_log item in squid.conf.
Initially, I had this as

```
cache_access_log /var/log/squid/access.log
```
and now changed it to

```
access_log /var/log/squid/access.log squid
```
However, a more significant change I made was to the proxy settings for both Firefox and Midori.
Before, I had set the proxy name and port as proxy.mydomain.com:3128 in both browsers and I could never get any browser connection.
Now I changed the proxy server name to 127.0.0.1:3128 and everything worked in both browsers.
Additionally, access.log now has a content which it didn't have before.
Unfortunately, I do not fully understand why using the visible hostname as the proxy server name in the browser connection configuration doesn't work for me.


----------



## DutchDaemon (Jan 27, 2011)

Unless your browsers are actually running *on* the proxy server, I see no way (weird local port-forwardings aside) to reach an external server using localhost.

I do see that the proxy's hostname resolves to a public IP address (in your telnet test), which may or may not be accessible from inside your LAN (which may have RFC1918 addresses and no suitable NAT, for example).

It usually helps to make a network diagram for stuff like this.


----------

