| Autor |
Nachricht |
|
|
Titel: squid, iptables
 Verfasst am: 05.06.2006, 01:51 Uhr
|
|
Anmeldung: 21. Apr 2006
Beiträge: 152
Wohnort: Ice and Snow
|
|
| I am trying to setup dansguardian which needs squid. I have squid to listen on port 3128 and use ip 127.0.0.1. I thought I cut/pasted the iptable instructions correctly , and squid is up and running, but when I configure browsers for 127.0.0.1 3128 nothing happens. Is there any way to find out what is going in the iptables, or is there a way to start with a clean slate and reimput the commands in case a conflict was imputted by mistake? (Me cause conflicts, I just wreck haveck, so that I can have the joy of doing everything all over from scratch, after all that is sooo much fun.) |
|
|
| |
|
|
|
 |
|
|
|
Titel: RE: squid, iptables
Verfasst am: 05.06.2006, 02:05 Uhr
|
|
Anmeldung: 21. Jan 2005
Beiträge: 454
Wohnort: NYC/NJ Area
|
|
May want to try looking in access.log in /var/log/squid.
It might tell ya what ya need. |
|
|
| |
|
|
|
|
|
|
|
Titel:
Verfasst am: 05.06.2006, 11:55 Uhr
|
|
Anmeldung: 16. Apr 2006
Beiträge: 207
Wohnort: England
|
|
What do you mean by nothing happens, do you mean dansguardian isn't blocking anything?
If you are using dansguardian you would want to point your browser to the port dansguardian is listening to (8080 or something), by pointing the browser to the port squid is listening to it is bypassing dansguardian. |
_________________
sidux 32 & 64 | PCLinuxOS | PC-BSD
repository of shame - compiz fusion & beryl repo for debian Sid/Lenny/Etch | 32-bit | 64-bit
|
| |
|
|
|
|
|
|
|
Titel:
Verfasst am: 05.06.2006, 21:34 Uhr
|
|
Anmeldung: 21. Jan 2005
Beiträge: 454
Wohnort: NYC/NJ Area
|
|
| I am not useing dansguardian myself but what shame mentions makes sense.My squid proxy is on my firewall box and even though its the standard port you are useing my browser uses 800 for use of the proxy. |
|
|
| |
|
|
|
|
|
|
|
Titel:
Verfasst am: 06.06.2006, 06:14 Uhr
|
|
Anmeldung: 21. Apr 2006
Beiträge: 152
Wohnort: Ice and Snow
|
|
I am trying to make Dansguardian run ontop of squid, but when I try to start DG I get Restarting DansGuardian: Error connecting to parent proxy. Now I have read that if squid is setup right without any filter ontop of it, if you point your browser to the reroute (127.0.0.1:3128) you should get through and a log of what is going on will appear in access.log. Well I setup squid as directed and setup the iptables as directed and no access to internet and nothing shows up in access.log. here is both what I did in konsole and squid and DG. There has to be an answer out there somewhere, I am a newbie to Linux, but I have visited dozens of sites, they all say basically the same thing, but I must be missing something or have something else configured wrong, because although squid is loaded, it is not doing anything. Is their anyone who knows something that can help. This is the first time I have come across anything that no one seems to know the answer.
# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
# iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
# iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
# iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080
# iptables-save > /etc/sysconfig/iptables
# /etc/init.d/squid restart
Restarting Squid HTTP proxy: squid.
# /etc/init.d/dansguardian restart
Restarting DansGuardian: Error connecting to parent proxy
squid.conf uncomented lines
http_port 3128
udp_incoming_address 192.168.7.151
udp_outgoing_address 255.255.255.255
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
maximum_object_size 8192 KB
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
emulate_httpd_log off
log_ip_on_direct on
client_netmask 255.255.255.0
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 127.0.0.1/255.255.255.255
acl manager proto cache_object
acl localhost src 0.0.0.0/0.0.0.0
acl to_localhost dst 127.0.0.1/32
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
acl lan src 192.168.7.0/24
http_access allow lan
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
miss_access allow all
visible_hostname 'hostname'
unique_hostname 'hostname'
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
cache_effective_group squid
cache_effective_user squid
dancguardian.conf uncomented lines
reportinglevel = 3
languagedir = '/etc/dansguardian/languages'
language = 'ukenglish'
loglevel = 1
logexceptionhits = on
logfileformat = 1
loglocation = '/var/log/dansguardian/access.log'
filterip =127.0.0.1
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
accessdeniedaddress = 'http://www.cbc.ca/'
nonstandarddelimiter = on
usecustombannedimage = 1
custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/etc/dansguardian/filtergroupslist'
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 2000
urlcacheage = 900
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = 0
forcequicksearch = 0
reverseaddresslookups = off
reverseclientiplookups = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 256
usernameidmethodproxyauth = on
usernameidmethodident = off
preemptivebanning = on
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
nodaemon = off
nologger = off
daemonuser = squid
daemongroup = squid
softrestart = off
virusscan = on
virusengine = 'clamav'
tricklelength = 32768
firsttrickledelay = 30
followingtrickledelay = 60
exceptionvirusmimetypelist = '/etc/dansguardian/exceptionvirusmimetypelist'
maxcontentscansize = 262144
exceptionvirusextensionlist = '/etc/dansguardian/exceptionvirusextensionlist'
downloaddir = '/tmp/dgvirus'
virusscanexceptions = on
urlcachecleanonly = on
virusscannertimeout = 60
localsocket = '/tmp/clamd'
clmaxfiles = 1500
clmaxreclevel = 3
clmaxfilesize = 10485760
clmaxratio = 250 |
|
|
| |
|
|
|
|
|
|
|
|
