Linux-Noob Forums

Full Version: squid/dansguardian problem
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

I'm trying to setup a squid proxy server in combination with dansguardian internet filter on my pc. I used this guide and I am able to

configure it all. Only problem I'm having is as soon as I change the IP tables(see below) I'm don't have internet access anymore.

 

iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT

iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080

iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080

iptables-save > /etc/sysconfig/iptables

 

I am able to restore it using the iptables.old file. I setup the whole configuration and all works without prolems.

So I have a feeling it has to do with the iptables. I can't find anything strange in the squid logs or the dansguardian logs.

Will continue to play around with it, hopefully I'll figure it out.


Firstly... do you have a webserver running on the same machine? That may hog port 80, causing issues for a transparent proxy.

 

(I don't know about Dansguardian, but I use squid extensively.)


Quote:Firstly... do you have a webserver running on the same machine? That may hog port 80, causing issues for a transparent proxy.

 

(I don't know about Dansguardian, but I use squid extensively.)
 

I don't have a webserver running on the same machine. I'm using squid as a proxy and wanting to use dansguarding as a webfilter.

I read that squidguard is also an option but that it can only block urls. I just want to filter my web content and not have to block every

url. But on the other hand it may be possible to use squid/squidguard using a worldwide blacklist. But my main reason for wanting is that

I want to filter out porn websites.


Try getting squid working on its own first - then adding dansguardian etc.

 

I do URL filtering to block adverts and banners on my squid server, but don't use another plugin - I just use this list


Quote:Try getting squid working on its own first - then adding dansguardian etc.

 

I do URL filtering to block adverts and banners on my squid server, but don't use another plugin - I just use this list
 

good idea, logical thinking. Need to improve myself on that :P btw is it smarter to run a virtual machine and have a proxy/webfilter running on there rather than my actual desktop?

Quote:<blockquote data-ipsquote="" class="ipsQuote" data-ipsquote-contentcommentid="15296" data-ipsquote-username="Dungeon-Dave" data-cite="Dungeon-Dave" data-ipsquote-timestamp="1319734461" data-ipsquote-contentapp="forums" data-ipsquote-contenttype="forums" data-ipsquote-contentid="4182" data-ipsquote-contentclass="forums_Topic"><div>
Try getting squid working on its own first - then adding dansguardian etc.

 

I do URL filtering to block adverts and banners on my squid server, but don't use another plugin - I just use this list
 

good idea, logical thinking. Need to improve myself on that [img]<___base_url___>//public/style_emoticons/default/tongue.png[/img] btw is it smarter to run a virtual machine and have a proxy/webfilter running on there rather than my actual desktop?

 

Wouldn't have thought so since you'll need to fire up the VM then squid to act as a filter, rather than have squid running locally as a service.



</div></blockquote>

Yeah true. Do you know if it is possible, is once I have it setup like that I can. Use my pc as proxy/filter, and make all my internet traffic go through my pc first.

So that all traffic goes through the proxy and all connections are filtered?


I got squid working now and tried to add that list as a blacklist using acl but my log gives the same error for every single weblink in that list.

 

2011/10/30 14:54:04| WARNING: 'zmedia.com' is a subdomain of 'zmedia.com'

2011/10/30 14:54:04| WARNING: because of this 'zmedia.com' is ignored to keep splay tree searching predictable

2011/10/30 14:54:04| WARNING: You should probably remove 'zmedia.com' from the ACL named 'blacklist'

 

At least I got squid working. I did make progress in the matter :) Only have to figure out this error.

 

I also tried some of the domains on the list and some are blocked by squid and some I just get access to.

I also tried adding a few domains myself, but they aren't blocked by squid either.

 

 

I found the answer to the error:

" This can also appear when a domain name is listed in a src or dst ACL.



Squid will find all the IP addresses of that domain and list them in the



ACL. If any single IP appears more than once this warning shows."



It depends upon how you add them. What are you specifying in your ACLs to deny traffic to those sites?

Quote:It depends upon how you add them. What are you specifying in your ACLs to deny traffic to those sites?
 

Yeah I was trying to deny traffic to those sites. But I tried one more time doing the whole setup with dansguardian.

And it's working now. It even blocked this topic cuz it had the word porn in it. Had to whitelist it before I could see

it lmao. Using a blacklist I found here Now have to figure out why my laptop can't reach this pc where the proxy/filter is running. It's on the same

network though. But I got further :)