Hi,
I come to ask for help on a freshly installed vyos (and the webproxy service)
Version: VyOS 1.3.2
Release train: equuleus
Built by: Sentrium S.L.
Built on: Mon 05 Sep 2022 09:23 UTC
Build UUID: 1ceaab3a-4f4e-4692-b551-7c05e1da0a77
Build commit ID: 7ce86511888635
Architecture: x86_64
Boot via: installed image
System type: VMware guest
Hardware vendor: VMware, Inc.
Hardware model: VMware Virtual Platform
Hardware S/N: VMware-42 29 a8 50 31 92 f7 9e-b0 ad a1 55 bc be 6d 8e
Hardware UUID: 50a82942-9231-9ef7-b0ad-a155bcbe6d8e
Copyright: VyOS maintainers and contributors
The idea is to test the webproxy service in a production environment.
Here is my config
set interfaces ethernet eth0 address 'xxx.xxx.3.2/25'
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:30'
set interfaces loopback lo
set protocols static route xxx.xxx.0.0/0 next-hop xxx.xxx.3.1
set service ssh
set service webproxy cache-size '100'
set service webproxy default-port '3128'
set service webproxy domain-block 'monip.org'
set service webproxy listen-address xxx.xxx.3.2 disable-transparent
set service webproxy url-filtering squidguard block-category 'adult'
set service webproxy url-filtering squidguard block-category 'ads'
set service webproxy url-filtering squidguard block-category 'porn'
set service webproxy url-filtering squidguard block-category 'gambling'
set service webproxy url-filtering squidguard block-category 'games'
set service webproxy url-filtering squidguard block-category 'malware'
set service webproxy url-filtering squidguard default-action 'block'
set service webproxy url-filtering squidguard local-block 'monip.org'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication plaintext-password xxxxxx
set system name-server 'xxx.xxx.0.98'
set system name-server 'xxx.xxx.0.99'
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
set system time-zone 'Europe/Paris'
I’ve multiples problems :
- I’ve this error message each time than i make a modification in url-filtering
vyos@myvyos# set service webproxy url-filtering squidguard block-category 'malware'
ls: cannot access '/opt/vyatta/etc/config/url-filtering/squidguard/db//*': Permission denied
Nevertheless, the parameter seems to pass
I’m not sur than squidguard is correctly started. I’ve this message at each squidguard restart
`2022-11-18 12:12:02 [17690] init urllist /opt/vyatta/etc/config/url-filtering/squidguard/db/gambling/urls
2022-11-18 12:12:02 [17690] init domainlist /opt/vyatta/etc/config/url-filtering/squidguard/db/games/domains
2022-11-18 12:12:02 [17690] init urllist /opt/vyatta/etc/config/url-filtering/squidguard/db/games/urls
2022-11-18 12:12:03 [17690] init domainlist /opt/vyatta/etc/config/url-filtering/squidguard/db/malware/domains
2022-11-18 12:12:04 [17690] init urllist /opt/vyatta/etc/config/url-filtering/squidguard/db/malware/urls
2022-11-18 12:12:04 [17690] init expressionlist /opt/vyatta/etc/config/url-filtering/squidguard/db/malware/expressions
2022-11-18 12:12:04 [17690] (squidGuard): FATAL: ACL destination local-ok-default is not defined in configfile /etc/squidguard/squidGuard.conf
2022-11-18 12:12:04 [17690] ERROR: Going into emergency mode
2022-11-18 12:13:12 [17727] FATAL: sgDbLoadTextFile: put: Input/output error
2022-11-18 12:13:12 [17727] ERROR: Going into emergency mode
2022-11-18 12:13:12 [17726] FATAL: sgDbLoadTextFile: put: Input/output error
2022-11-18 12:13:12 [17726] ERROR: Going into emergency mode
2022-11-18 12:21:44 [17726] ERROR: Ending emergency mode, stdin empty
2022-11-18 12:21:44 [17727] ERROR: Ending emergency mode, stdin empty
2022-11-18 12:21:44 [17690] ERROR: Ending emergency mode, stdin empty`
I precise than after each restart of webproxy service, i could not use it for a few minutes (a curl is waiting for response and show empty response)
You can see than i try to block monip.org domain. But, a curl monip.org works.
have you encountered the same problems ?