Hello all,
I have got squid working properly. I use it for internet sharing as well as content filtering. There are about 150 clients that use my squid. Some of the clients are allowed to access all the sites without filtering. Only exception is that they are not allowed porn sites.
Rest of the clients are not allowed full access. Mailing sites, pornography and some unwanted sites that could chock up the bandwidth are banned.
It is a transparent proxy and I do it this way.
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
I tired to integrate dansguardian in the existing setup and changed 3128 to 8080 in the above command keeping other things as it is. It does work but not the way I want it to.
Clients that are allowed to browse emailing sites such as yahoo rediff and gmail are getting blocked with error from squid if the connections are redirected to 8080 but if connections are redirected to 3128 everything works fine.
For example:
I have acl allowed_stations
acl allowed_stations src 192.168.1.71 192.168.1.71 192.168.1.57
http_access allow allowed_stations
http_access deny blocked_sites where this acl mentions which sites are to be blocked. This contains mailing sites as well.
If I redirect it to 3128 it works properly.
But if I redirect it to 8080 allowed_stations are not able to browse banned sites. And the error is from squid not from dansguardian.
Any help will be appreciated.