Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You mean to say that the mailing sites are being banned by dans? That could be possible if you have not taken into consideration dans when you configured squid. You will need to configure dans to bypass the mailing site that you want to access by putting it in exceptionsitelist file.
Everyones need is different and so are the server configurations. You need to look into it what is your need and then chalk out the policies that you need to make and then configure your server that way. Me sending you the configuration would not work for you.
Do not go over board and first try if squid is working. Then try is dans is working. Then make a very simple squid acl and then look if it is working. Go slow and step by step and you will have a working server.
Hi,
Acording to your old thread your and me requirement is same please send me all required conf and code if you can.Why do you use proxy on client side.Only i am not able to allow selected ip for mailing site, according to your old thread you have done this and you are using both acl(dans and squid) togather.Help of your all documentation i can check step by step.
I do not use proxy on client side. And how do I use it? If you mean to say configure the web browser, then I do not. I have pretty much working transparent squid with dans.(touch wood).
Can you elaborate why you think squid acl are not working? If you think that though you have allowed some sites in squid but are getting blocked by dans, then it will if they are not allowed in dans. Look into dans what you have allowed and what you have not. I doubt your configuration is not working but I guess it is your feeling that it is not. If dans is blocking some thing then you will need to allow it from your configuration files explicitly.
I have checked my all configuration throughly.Please send me your all configuration step by step from squid server to desktop then i could match with you.I ahve already send my all configuration.
You are still not answering my question and hell bent on my configuration. My configuration is not much different than yours. What I need to know is what is that is not working for you and how do you come conclusion that your access controls are not working. There is no meaning in matching my configuration with yours. That will not solve your problems long time.
Tell me one thing, the mailing sites that you want to allow are banned by squid or dans? Once you get to this you will have less difficulty.
Hi,
dans is blocking.your mentioed code is allowing all site (acl allowed_stations src 192.168.2.* - 192.168.2.*) on this ip i want to allow only mailing site on particular ip.in my setup when i transfer traffic to 8080 then dand is applying and when i transfer traffic to 3128 then squid is applying.
Do you know why dans is blocking? And can you give what error dans is giving you? You will need to configure dans separately than squid. Dans will not follow squid acl.
If you want to allow mailing sites on some set of ips then you can do that this way
But take care than dans will also allow the mailing sites. I doubt that problem is what you said to be. But it lies in the configuration. You think squid acls are not applied but I guess this is because dans is more restrictive than squid.
I have done this you can check in my posted code.only problem is this when i transfer traffic to 3128 then squid acl is applying and when i transfer traffic 8080 then dans is aplying.i have configure dans as full access mode for mailing site in banedsite file .if any other idea regarding dans config please share with me.
No, you dont have to configure bannedsitelist file. If you want to allow some site then you will have to allow it through exceptionsitelist file.
I am still confused how did you get to the conclusion that only one set of control lists are being applied.
Compile and install squid with the "--enable-follow-x-forwarded-for" option.
This helps squid to parse the X-Forwarded-For headers to find the IP address of the original (or indirect) client and apply the ip based acls set in your squid config. file.
Without this option enabled, if you check the squid access log, the only ip address that you can see is either the ip of your dansguardian server or 127.0.0.1 and not the original client machine's ip address. This is why your IP based acls in squid fail to work.
To fix it :
Turn on the option "forwarded_for" in squid.conf
Add the following acl lines in squid.conf :
i need a proper guidence on how to block all the restricted sites using dansguardian
is dansguardian has the default site blocking? or it has to be manually edited
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.