LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
Search this Thread
Old 03-09-2006, 09:51 PM   #1
cryonics
LQ Newbie
 
Registered: Mar 2006
Posts: 12

Rep: Reputation: 0
setting up dansguardian, squid and iptables as webfilter!!


Hi…

I read an article about linux web filtering by using Squid, DansGuardian and IPTables. So, I try to implement it on my single computer. I used Redhat Enterprise Edition 4 AS that already have squid-2.5.STABLE6-3 and iptables-1.2.11-3.1.RHEL4. So, I just need to install dansguardian. I install DG 2.8.0.6-1 by using rpm. The configuration as below:

Squid Configuration
Add or edit the file on ( /etc/squid/squid.conf )

http_port 127.0.0.1:3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_effective_user squid
cache_effective_group squid

On the command prompt type :
groupadd -r squid
useradd -g squid -d /var/spool/squid -s /bin/false -r squid

DansGuardian Configuration

Add or edit the file on ( /etc/dansguardian/dansguardian.conf)

reportinglevel = 3
filterip = 127.0.0.1
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
daemonuser = 'squid'
daemongroup = 'squid'

Iptables Command
Setting up the transparent proxy using iptables. ( allow the user squid to access both the Internet and the Squid proxy )

iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT

The next command redirects Internet traffic from all users, other than squid and any exempt users, to the filter on port 8080:

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080

iptables-save > /etc/sysconfig/iptables

chkconfig iptables on
service iptables restart

chkconfig squid on
chkconfig dansguardian on

service squid restart
service dansguardian restart

MY PROBLEM :
All seems okay except for the command “service dansguardian restart” where my DG stop OK, but start failed!! So I just start it manually using Redhat system setting-service.
After that I try to open the web site but my computer can’t reach the internet!!there’s a prompt pop out saying that “cannot attempt to reach the connection…” a sort like that! I can’t browse the internet at all. My computer can enter the internet like normal again after i disable (stop) iptables. But then I can reach the prohibited site!! Can anyone help me???
 
Old 03-10-2006, 06:29 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,454
Blog Entries: 54

Rep: Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896
//Moderator note: you have crossposted a message, which is against the LQ Rules. Cross-posting is considered bad netiquette on your part, a waste of resources on LQ's part and a waste of time for LQ members who take the time to read and answer your question.
Please do not do that again.

FUP to: http://www.linuxquestions.org/questi...d.php?t=423139
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Proxy won't let me connect, iptables, squid and dansguardian hindenbergbaby Linux - Networking 4 12-02-2009 03:45 AM
Problem using Squid, Dansguardian and IPtables as web filtering! cryonics Linux - Networking 7 05-09-2006 01:00 PM
dansguardian + squid shafey Linux - Security 2 12-31-2005 11:42 AM
Dansguardian/Squid HELP! Prizam Linux - Software 3 09-23-2005 06:30 PM
iptables, DansGuardian, and Squid. cth3 Linux - Networking 1 02-10-2005 09:04 AM


All times are GMT -5. The time now is 11:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration