Ubuntu 8.04: Transparent proxy using squid working but block domain not working
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ubuntu 8.04: Transparent proxy using squid working but block domain not working
I have successfully set my transparent proxy using squid and one nic. I also set to block some domain using dstdomain but my client still able to access blocked domain. I wonder why... Here is my squid.conf
Quote:
# OPTIONS FOR AUTHENTICATION
# Recommended minimum configuration for basic scheme
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
Did you hit the full url as specified in the blockeddomain.txt when testing to see if squid blocks? Is it blocked when you access the blocked domains as specified in the txt file?
I think it is better to put .example.com in the txt file, it should block all subdomain of example.com as well.
Did you hit the full url as specified in the blockeddomain.txt when testing to see if squid blocks? Is it blocked when you access the blocked domains as specified in the txt file?
Yes, I have try testing it...
Quote:
Originally Posted by predatorz
I think it is better to put .example.com in the txt file, it should block all subdomain of example.com as well.
Yes, I also already put domain... such as .google.com but I still can access google.
Is it because the my network structure ? I have the following structure :
Client PC --> Hub A --> Modem A --> Internet
Squid PC ---/
Client PC (192.168.1.3) and Squid PC (192.168.1.2) connect to a Switch/Hub, the switch/hub connect to the Modem/Router (192.168.1.1) than connect to the internet.
The client PC Gateway goes to Squid PC IP.
The Squid PC Gateway goes to Modem/Router IP.
Your iptables is on the Squid Server?
Firstly, let's not use transparent proxy first, have the client PC web broswer settings to point to the Squid PC first. Try to access the Internet on client PC and check the logs on the squid pc, to see if the proxy is working first.
Yes, the iptables is on the squid server...
But... Seem I found the problem.
I didn't know that iptables rules are temporary... I restarted the server and it didn't work, but after I rerun the iptables again, than the blocking is work...
Than case is closed
Sorry to confuse you...
Another question...
Is it possible to redirect the error page ? I don't want my client PC to see plain text access denied page... I want to show something more nice
Yeah it is possible to show the customized error page. You will need to change the page /etc/squid/errors/ERR_ACCESS_DENIED page to something that you need. Or create the new page and insert it in squid configuration file.
Yeah it is possible to show the customized error page. You will need to change the page /etc/squid/errors/ERR_ACCESS_DENIED page to something that you need. Or create the new page and insert it in squid configuration file.
Thanks...
I'll use squidGuard...
Everything's now working as expected.
I am going to implement squid on my Ubuntu 8.10 with only on nic.
Please tell me something, On your architecture, could your client PCs connect to Internet directly, ignoring the proxy ?
My network is something like this :
Various PCs ... 192.168.10.2,192.168.10.3,192.168.10.4...
Router DI-624 (Gateway) ... 192.168.10.1
Now I would like to configure squid and every traffic to internet will be grabbed on my proxy. I would like to analyse some http stats, I read that awstats it's good.
Sorry for this rookie questions ... ;-)
Thanks in advance
Quote:
Originally Posted by bleketux
Yes,
I have try testing it...
Yes, I also already put domain... such as .google.com but I still can access google.
Is it because the my network structure ? I have the following structure :
Client PC --> Hub A --> Modem A --> Internet
Squid PC ---/
Client PC (192.168.1.3) and Squid PC (192.168.1.2) connect to a Switch/Hub, the switch/hub connect to the Modem/Router (192.168.1.1) than connect to the internet.
The client PC Gateway goes to Squid PC IP.
The Squid PC Gateway goes to Modem/Router IP.
Your question does not seem to be very clear. Also it does not seem to be related to what OP was facing. Do not hijack the thread. Instead start your own in viable forum with neat subject to get max help.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.