OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of echo_123 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - echo_123

Pages: [1]
1
Intrusion Detection and Prevention / Re: Just ran out of space in queue - Suricata Crash
« on: September 30, 2020, 06:08:16 pm »
Hi everyone,

the same issue here:
2020-09-28T21:43:16   suricata[80031]   [100112] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue.  Fatal Error.  Exiting.  Please file a bug report on this
2020-09-28T21:35:15   suricata[42527]   [100265] <Notice> -- This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
2020-09-28T19:45:03   suricata[39423]   [100184] <Critical> -- [ERRCODE: SC_ERR_AHO_CORASICK(174)] - Just ran out of space in the queue.  Fatal Error.  Exiting.  Please file a bug report on this

Any hints that could lead to the solution or workaround? Thank you!

2
Web Proxy Filtering and Caching / Re: Squid unreachable, daemon ports in CLOSED state, suid errors on cache.log
« on: August 11, 2020, 05:26:06 pm »
Resolved the issue by applying a configuration backup taken from before the upgrade. Restore config for ALL system. Squid is up and running. Cannot tell what caused the issue. Thank you.

3
Web Proxy Filtering and Caching / Squid unreachable, daemon ports in CLOSED state, suid errors on cache.log
« on: August 11, 2020, 05:00:39 pm »
Squid unreachable, daemon ports in CLOSED state, suid errors on cache.log

hey everyone,

I am unable to use Squid (apparently after the upgrade OPNsense 20.7). I do only use the Squid Proxy as a simple caching proxy for some development systems, two days ago I've noticed it was not working.

I also have explicit firewall rules to allow all clients on network 10.1.0.0/24 to access the proxy ports (3128/tcp and 2121/tcp) on OPNsense. ACLs are also present on squid configuration to allow 10.1.0.0/24 to access the proxy.

Upon checking its service status on OPNsense console, I have (something new to me, never seen before!): both the http port 3128 and ftp proxy port 2121 have its state listed as 'CLOSED'

On OPNsense GUI the squid service can be started and stopped normally.

----
[root@OPNsense ~]# netstat -la4n -ptcp
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp4       0      0 10.1.0.1.443           10.1.0.149.59862       ESTABLISHED
tcp4       0      0 10.1.0.1.2121          *.*                    CLOSED
tcp4       0      0 10.1.0.1.3128          *.*                    CLOSED
----

Restarting the daemon works (apparently fine, config is ok)

Manually setting the 'debug_options ALL,3' directly in the file '/usr/local/etc/squid/squid.conf' also produces debug output that hints on problems with suid (setuid ?):

----
2020/08/11 14:20:52.610 kid1| 21,3| tools.cc(577) enter_suid: enter_suid: PID 32115 taking root privileges
2020/08/11 14:20:52.610 kid1| 21,3| tools.cc(581) enter_suid: enter_suid: setresuid failed: (1) Operation not permitted
----

Are there maybe any kind of rights problems, with the user squid not being allowed to setuid or maybe being unable a necessary folder/path as squid?

The squid.conf is attached.

Many thanks for any pointers on how to solve this!

Regards
J.

--

Additional Info:

fstat produces the following output

----

[root@OPNsense ~]# fstat|grep squid
squid    unlinkd    90178 text /        5062157 -r-xr-xr-x  106376  r
squid    unlinkd    90178   wd /        3934321 drwxr-x---    1024  r
squid    unlinkd    90178 root /             2 drwxr-xr-x     512  r
squid    unlinkd    90178    0* pipe fffff80003bf7be0 <-> fffff80003bf7d48      0 rw
squid    unlinkd    90178    1* pipe fffff80003bf7460 <-> fffff80003bf72f8      0 rw
squid    unlinkd    90178    2 /dev         43 crw-rw-rw-    null rw
squid    squid      32115 text /        4976135 -r-xr-xr-x  7576448  r
squid    squid      32115   wd /        3934321 drwxr-x---    1024  r
squid    squid      32115 root /             2 drwxr-xr-x     512  r
squid    squid      32115    0 /dev         43 crw-rw-rw-    null rw
squid    squid      32115    1 /dev         43 crw-rw-rw-    null rw
squid    squid      32115    2 /dev         43 crw-rw-rw-    null rw
squid    squid      32115    3 /        3772252 -rw-r--r--  2458600 rw
squid    squid      32115    4 /dev         43 crw-rw-rw-    null rw
squid    squid      32115    5* internet6 dgram udp fffff800a5301b70
squid    squid      32115    6
squid    squid      32115    7 /        3772252 -rw-r--r--  2458600 rw
squid    squid      32115    8* internet dgram udp fffff800a53015b8
squid    squid      32115    9 -        3772219 -rw-r--r--       0  w
squid    squid      32115   10* pipe fffff80003bf72f8 <-> fffff80003bf7460      0 rw
squid    squid      32115   11* pipe fffff80003bf7460 <-> fffff80003bf72f8      0 rw
squid    squid      32115   12* pipe fffff80003bf7be0 <-> fffff80003bf7d48      0 rw
squid    squid      32115   13* pipe fffff80003bf7d48 <-> fffff80003bf7be0      0 rw
squid    squid      32115   14 -        3772275 -rw-r--r--       0  w
squid    squid      32115   15 -        3934065 -rwxr-x---      72  w
squid    squid      32115   16* internet stream tcp fffff800a874e000
squid    squid      32115   17* internet stream tcp fffff800139df7a0
squid    squid      32115   18* internet6 dgram udp fffff80013924d58
squid    squid      32115   19* internet6 dgram udp fffff80013922b70
squid    squid       3466 text /        4976135 -r-xr-xr-x  7576448  r
squid    squid       3466   wd /        3772526 drwxrwx---     512  r
squid    squid       3466 root /             2 drwxr-xr-x     512  r
squid    squid       3466    0 /dev         43 crw-rw-rw-    null rw
squid    squid       3466    1 /dev         43 crw-rw-rw-    null rw
squid    squid       3466    2 /dev         43 crw-rw-rw-    null rw
squid    squid       3466    3 /        3772252 -rw-r--r--  2458600 rw
squid    squid       3466    4 /dev         43 crw-rw-rw-    null rw
squid    squid       3466    5 /var/run/squid/cf__metadata.shm -rw-------       8 rw
squid    squid       3466    6 /var/run/squid/cf__queues.shm -rw-------    8216 rw
squid    squid       3466    7 /var/run/squid/cf__readers.shm -rw-------      36 rw

----

sockstat produces the following output


----
[root@OPNsense ~]# sockstat -l4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
squid    squid      32115 5  udp46  *:50331               *:*
squid    squid      32115 8  udp4   *:52387               *:*
squid    squid      32115 16 tcp4   10.1.0.1:3128         *:*
squid    squid      32115 17 tcp4   10.1.0.1:2121         *:*
[..]
----


a section of cache.log

----
2020/08/11 14:20:52.610 kid1| 16,3| cache_manager.cc(66) registerProfile: registered profile: events
2020/08/11 14:20:52.610 kid1| 80,2| wccp.cc(113) wccpConnectionOpen: WCCPv1 disabled.
2020/08/11 14:20:52.610 kid1| 80,2| wccp2.cc(961) wccp2ConnectionOpen: WCCPv2 Disabled. No IPv4 Router(s) configured.
2020/08/11 14:20:52.610 kid1| 33,2| AsyncCall.cc(26) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x4a998678a0 [call4]
2020/08/11 14:20:52.610 kid1| 21,3| tools.cc(577) enter_suid: enter_suid: PID 32115 taking root privileges
2020/08/11 14:20:52.610 kid1| 21,3| tools.cc(581) enter_suid: enter_suid: setresuid failed: (1) Operation not permitted
2020/08/11 14:20:52.610 kid1| 50,3| comm.cc(350) comm_openex: comm_openex: Attempt open socket for: 10.1.0.1:3128
2020/08/11 14:20:52.610 kid1| 50,3| comm.cc(393) comm_openex: comm_openex: Opened socket local=10.1.0.1:3128 remote=[::] FD 16 flags=1 : family=2, type=1, protocol=6
2020/08/11 14:20:52.610 kid1| 51,3| fd.cc(198) fd_open: fd_open() FD 16 HTTP Socket
2020/08/11 14:20:52.610 kid1| 21,3| tools.cc(506) leave_suid: leave_suid: PID 32115 called
2020/08/11 14:20:52.610 kid1| 54,3| StartListening.cc(58) StartListening: opened listen local=10.1.0.1:3128 remote=[::] FD 16 flags=9
2020/08/11 14:20:52.610 kid1| 33,2| AsyncCall.cc(93) ScheduleCall: StartListening.cc(59) will call clientListenerConnectionOpened(local=10.1.0.1:3128 remote=[::] FD 16 flags=9, err=0, HTTP Socket port=0x4a99867900) [call4]
2020/08/11 14:20:52.610 kid1| 33,2| AsyncCall.cc(26) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x4a99867940 [call6]
2020/08/11 14:20:52.610 kid1| 21,3| tools.cc(577) enter_suid: enter_suid: PID 32115 taking root privileges
2020/08/11 14:20:52.610 kid1| 21,3| tools.cc(581) enter_suid: enter_suid: setresuid failed: (1) Operation not permitted
2020/08/11 14:20:52.610 kid1| 50,3| comm.cc(350) comm_openex: comm_openex: Attempt open socket for: 10.1.0.1:2121
2020/08/11 14:20:52.610 kid1| 50,3| comm.cc(393) comm_openex: comm_openex: Opened socket local=10.1.0.1:2121 remote=[::] FD 17 flags=1 : family=2, type=1, protocol=6
2020/08/11 14:20:52.610 kid1| 51,3| fd.cc(198) fd_open: fd_open() FD 17 FTP Socket
2020/08/11 14:20:52.610 kid1| 21,3| tools.cc(506) leave_suid: leave_suid: PID 32115 called
2020/08/11 14:20:52.610 kid1| 54,3| StartListening.cc(58) StartListening: opened listen local=10.1.0.1:2121 remote=[::] FD 17 flags=9
2020/08/11 14:20:52.610 kid1| 33,2| AsyncCall.cc(93) ScheduleCall: StartListening.cc(59) will call clientListenerConnectionOpened(local=10.1.0.1:2121 remote=[::] FD 17 flags=9, err=0, FTP Socket port=0x4a998679a0) [call6]
2020/08/11 14:20:52.610 kid1| HTCP Disabled.
2020/08/11 14:20:52.610 kid1| 50,3| comm.cc(350) comm_openex: comm_openex: Attempt open socket for: [::1]
2020/08/11 14:20:52.610 kid1| 50,3| comm.cc(393) comm_openex: comm_openex: Opened socket local=[::1] remote=[::] FD 18 flags=1 : family=28, type=2, protocol=0
2020/08/11 14:20:52.610 kid1| 51,3| fd.cc(198) fd_open: fd_open() FD 18 Pinger Socket
2020/08/11 14:20:52.610 kid1| 50,3| comm.cc(350) comm_openex: comm_openex: Attempt open socket for: [::1]
2020/08/11 14:20:52.610 kid1| 50,3| comm.cc(393) comm_openex: comm_openex: Opened socket local=[::1] remote=[::] FD 19 flags=1 : family=28, type=2, protocol=0
2020/08/11 14:20:52.610 kid1| 51,3| fd.cc(198) fd_open: fd_open() FD 19 Pinger Socket
2020/08/11 14:20:52.610 kid1| 54,3| ipc.cc(204) ipcCreate: ipcCreate: prfd FD 19
2020/08/11 14:20:52.610 kid1| 54,3| ipc.cc(205) ipcCreate: ipcCreate: pwfd FD 19
2020/08/11 14:20:52.610 kid1| 54,3| ipc.cc(206) ipcCreate: ipcCreate: crfd FD 18
2020/08/11 14:20:52.610 kid1| 54,3| ipc.cc(207) ipcCreate: ipcCreate: cwfd FD 18
2020/08/11 14:20:52.610 kid1| 54,3| ipc.cc(221) ipcCreate: ipcCreate: FD 19 sockaddr [::1]:60912
2020/08/11 14:20:52.610 kid1| 54,3| ipc.cc(238) ipcCreate: ipcCreate: FD 18 sockaddr [::1]:40241
2020/08/11 14:20:52.613 kid1| 5,3| comm.cc(859) _comm_close: comm_close: start closing FD 18
2020/08/11 14:20:52.613 kid1| 5,3| comm.cc(546) commUnsetFdTimeout: Remove timeout for FD 18
2020/08/11 14:20:52.613 kid1| 21,3| tools.cc(506) leave_suid: leave_suid: PID 93164 called
2020/08/11 14:20:52.613 kid1| 21,3| tools.cc(606) no_suid: no_suid: PID 93164 giving up root privileges forever
2020/08/11 14:20:52.613 kid1| sendto FD 18: (13) Permission denied
2020/08/11 14:20:52.613 kid1| ipcCreate: CHILD: hello write test failed
----
[/font]


4
Web Proxy Filtering and Caching / Re: Pf blocks Squid listening port
« on: June 16, 2020, 06:57:28 pm »
Hi Wallachia,

apparently you have to create a firewall to allow the LAN clients to access the SQUID Proxy on default port 3128.

Action: Pass
Interface: LAN
Direction: in
TCP/IP Version: IPv4
Source: LAN net
Destination: This Firewall
Dest Port Range: 3128 - 3128
Category/Description: HTTP Proxy Access

That's how I made it work. Cheers

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2