Jump to content
inittux

squid/dansguardian problem

Recommended Posts

I'm trying to setup a squid proxy server in combination with dansguardian internet filter on my pc. I used this guide and I am able to

configure it all. Only problem I'm having is as soon as I change the IP tables(see below) I'm don't have internet access anymore.

 

iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT

iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080

iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080

iptables-save > /etc/sysconfig/iptables

 

I am able to restore it using the iptables.old file. I setup the whole configuration and all works without prolems.

So I have a feeling it has to do with the iptables. I can't find anything strange in the squid logs or the dansguardian logs.

Will continue to play around with it, hopefully I'll figure it out.

Share this post


Link to post
Share on other sites

Firstly... do you have a webserver running on the same machine? That may hog port 80, causing issues for a transparent proxy.

 

(I don't know about Dansguardian, but I use squid extensively.)

Share this post


Link to post
Share on other sites

Firstly... do you have a webserver running on the same machine? That may hog port 80, causing issues for a transparent proxy.

 

(I don't know about Dansguardian, but I use squid extensively.)

 

I don't have a webserver running on the same machine. I'm using squid as a proxy and wanting to use dansguarding as a webfilter.

I read that squidguard is also an option but that it can only block urls. I just want to filter my web content and not have to block every

url. But on the other hand it may be possible to use squid/squidguard using a worldwide blacklist. But my main reason for wanting is that

I want to filter out porn websites.

Share this post


Link to post
Share on other sites

Try getting squid working on its own first - then adding dansguardian etc.

 

I do URL filtering to block adverts and banners on my squid server, but don't use another plugin - I just use this list

Share this post


Link to post
Share on other sites

Try getting squid working on its own first - then adding dansguardian etc.

 

I do URL filtering to block adverts and banners on my squid server, but don't use another plugin - I just use this list

 

good idea, logical thinking. Need to improve myself on that :P btw is it smarter to run a virtual machine and have a proxy/webfilter running on there rather than my actual desktop?

Share this post


Link to post
Share on other sites

Try getting squid working on its own first - then adding dansguardian etc.

 

I do URL filtering to block adverts and banners on my squid server, but don't use another plugin - I just use this list

 

good idea, logical thinking. Need to improve myself on that tongue.png btw is it smarter to run a virtual machine and have a proxy/webfilter running on there rather than my actual desktop?

 

Wouldn't have thought so since you'll need to fire up the VM then squid to act as a filter, rather than have squid running locally as a service.

Share this post


Link to post
Share on other sites

Yeah true. Do you know if it is possible, is once I have it setup like that I can. Use my pc as proxy/filter, and make all my internet traffic go through my pc first.

So that all traffic goes through the proxy and all connections are filtered?

Share this post


Link to post
Share on other sites

I got squid working now and tried to add that list as a blacklist using acl but my log gives the same error for every single weblink in that list.

 

2011/10/30 14:54:04| WARNING: 'zmedia.com' is a subdomain of 'zmedia.com'

2011/10/30 14:54:04| WARNING: because of this 'zmedia.com' is ignored to keep splay tree searching predictable

2011/10/30 14:54:04| WARNING: You should probably remove 'zmedia.com' from the ACL named 'blacklist'

 

At least I got squid working. I did make progress in the matter smile.png Only have to figure out this error.

 

I also tried some of the domains on the list and some are blocked by squid and some I just get access to.

I also tried adding a few domains myself, but they aren't blocked by squid either.

 

 

I found the answer to the error:

" This can also appear when a domain name is listed in a src or dst ACL.

Squid will find all the IP addresses of that domain and list them in the

ACL. If any single IP appears more than once this warning shows."

Share this post


Link to post
Share on other sites

It depends upon how you add them. What are you specifying in your ACLs to deny traffic to those sites?

Share this post


Link to post
Share on other sites

It depends upon how you add them. What are you specifying in your ACLs to deny traffic to those sites?

 

Yeah I was trying to deny traffic to those sites. But I tried one more time doing the whole setup with dansguardian.

And it's working now. It even blocked this topic cuz it had the word porn in it. Had to whitelist it before I could see

it lmao. Using a blacklist I found here Now have to figure out why my laptop can't reach this pc where the proxy/filter is running. It's on the same

network though. But I got further smile.png

Share this post


Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...