LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Suse/Novell
User Name
Password
Suse/Novell This Forum is for the discussion of Suse Linux.

Notices

Reply
 
Search this Thread
Old 09-29-2008, 12:04 PM   #1
joker20
Member
 
Registered: Sep 2004
Location: 127.0.0.1
Distribution: Slackware/Ubuntu/CentOS
Posts: 286

Rep: Reputation: 31
Squid/Squidguard and suse 10.1


ok, so im not a newbie to linux but i am a newbie when it comes to deploying proxy servers, as well as squid and suse
trying to setup a content filtering proxy server w/ 1 NIC. the network layout goes like this
INTERNET=======CABLE MODEM=======SWITCH
|=======SUSEPROXY
|=======CLIENT PCS

below is my squid.conf and squidguard.conf - main concern is the squid.conf and it being correct
all of my configuration has come from researching and playing around with it.
squid -z gave me a permission denied error when a cache directory was specified but when i removed that entry it seem to create the swap directories without any problems.
ive also created a deny page that squid redirects to when a blacklisted url is used, ive deployed this via apache. when trying to test this i put in a url to a client that has the proxy server ip and port but it always shoots back my deny page...which makes sense b/c it thinks its a web server
if anyone can help me complete this configuration it would be much appreciated...im so frustrated right now
Code:
http_port 10.64.83.225:3128

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

visible_hostname SuSEproxy

refresh_pattern ^ftp:           1440    60%     20160
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       40%     8640

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl allowed_hosts src 10.64.83.0/255.255.255.0
acl serv src 10.64.83.225/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost

http_access allow manager serv

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

acl network src 10.64.83.0/24

http_access allow network

redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
redirect_children 8
redirector_bypass on
i dont think squidguard has any issues but im going to post it for troubleshooting purposes
Code:
#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/logs

dest ads {
        domainlist      ads/domains
        urllist         ads/urls
        log             /var/log/squid/blocked.log
}
dest adult {
        domainlist      adult/domains
        urllist         adult/urls
        log             /var/log/squid/blocked.log
}
dest aggressive {
        domainlist      aggressive/domains
        urllist         aggressive/urls
        log             /var/log/squid/blocked.log
}

dest dating {
        domainlist      dating/domains
        urllist         dating/urls
        log             /var/log/squid/blocked.log
}

dest dialers {
        domainlist      dialers/domains
        urllist         dialers/urls
        log             /var/log/squid/blocked.log
}

dest drugs {
        domainlist      drugs/domains
        urllist         drugs/urls
        log             /var/log/squid/blocked.log
}

dest gambling {
        domainlist      gambling/domains
        urllist         gambling/urls
	log             /var/log/squid/blocked.log
}

dest guns {
        domainlist      guns/domains
        urllist         guns/urls
	log             /var/log/squid/blocked.log
}

dest hacking {
        domainlist      hacking/domains
        urllist         hacking/urls
	log             /var/log/squid/blocked.log
}

dest instantmessaging {
        domainlist      instantmessaging/domains
        urllist         instantmessaging/urls
	log             /var/log/squid/blocked.log
}

dest malware {
        domainlist      malware/domains
        urllist         malware/urls
	log             /var/log/squid/blocked.log
}

dest marketingware {
        domainlist      marketingware/domains
       
	log             /var/log/squid/blocked.log
}

dest mixed_adult {
        domainlist      mixed_adult/domains
        
	log             /var/log/squid/blocked.log
}

dest phishing {
        domainlist      phishing/domains
        urllist         phishing/urls
	log             /var/log/squid/blocked.log
}

dest porn {
        domainlist      porn/domains
        urllist         porn/urls
        log             /var/log/squid/blocked.log
}

dest proxy {
        domainlist      proxy/domains
        urllist         proxy/urls
	log             /var/log/squid/blocked.log
}

dest sexuality {
        domainlist      sexuality/domains
        urllist         sexuality/urls
	log             /var/log/squid/blocked.log
}

dest spyware {
        domainlist      spyware/domains
       
	log             /var/log/squid/blocked.log
}

dest verisign {
        domainlist      verisign/domains
        
	log             /var/log/squid/blocked.log
}

dest violence {
        domainlist      violence/domains
        urllist         violence/urls
	log             /var/log/squid/blocked.log
}

dest virusinfected {
        domainlist      virusinfected/domains
        urllist         virusinfected/urls
	log             /var/log/squid/blocked.log
}

dest warez {
        domainlist      warez/domains
        urllist         warez/urls
	log             /var/log/squid/blocked.log
}

dest weapons {
        domainlist      weapons/domains
        urllist         weapons/urls
        log             /var/log/squid/blocked.log
}

dest white {
        domainlist      whitelist/domains
        urllist         whitelist/urls
        log             /var/log/squid/blocked.log
}

acl {
        default {
                pass   white !ads !adult !aggressive !dating !dialers !drugs !gambling !guns !hacking !instantmessaging !malware !marketingware !mixed_adult !phishing !porn !proxy !sexuality !spyware !verisign !violence !virusinfected !warez !weapons all
                redirect http://suseproxy/index.html
                }
}
error message in cache.log
Code:
2008/09/29 10:23:15| Starting Squid Cache version 2.5.STABLE12 for i686-pc-linux-gnu...
2008/09/29 10:23:15| Process ID 24523
2008/09/29 10:23:15| With 1024 file descriptors available
2008/09/29 10:23:15| Performing DNS Tests...
2008/09/29 10:23:15| Successful DNS name lookup tests...
2008/09/29 10:23:15| DNS Socket created at 0.0.0.0, port 32870, FD 6
2008/09/29 10:23:15| Adding nameserver 10.64.83.5 from /etc/resolv.conf
2008/09/29 10:23:15| helperOpenServers: Starting 8 'squidGuard' processes
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| User-Agent logging is disabled.
2008/09/29 10:23:15| Referer logging is disabled.
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| Unlinkd pipe opened on FD 19
2008/09/29 10:23:15| Swap maxSize 102400 KB, estimated 7876 objects
2008/09/29 10:23:15| Target number of buckets: 393
2008/09/29 10:23:15| Using 8192 Store buckets
2008/09/29 10:23:15| Max Mem  size: 8192 KB
2008/09/29 10:23:15| Max Swap size: 102400 KB
2008/09/29 10:23:15| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2008/09/29 10:23:15| /etc/squid/cache/00: (2) No such file or directory
FATAL: 	Failed to verify one of the swap directories, Check cache.log
	for details.  Run 'squid -z' to create swap directories
	if needed, or if running Squid for the first time.
Squid Cache (Version 2.5.STABLE12): Terminated abnormally.
CPU Usage: 0.008 seconds = 0.000 user + 0.008 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
and when i try to test that squidguard is working properly i get
Code:
2008-09-29 12:13:13 [8432] squidGuard 1.3 started (1222708393.643)
2008-09-29 12:13:13 [8432] squidGuard ready for requests (1222708393.662)
2008-09-29 12:13:13 [8432] source not found
2008-09-29 12:13:13 [8432] no ACL matching source, using default

2008-09-29 12:13:13 [8432] squidGuard stopped (1222708393.664)

Last edited by joker20; 09-29-2008 at 12:14 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid And Squidguard SBN Linux - Software 1 07-27-2006 05:21 AM
Squid not redirecting SquidGuard lesneely Linux - Networking 3 12-21-2005 05:35 AM
squid and squidguard metallica1973 Linux - Networking 5 12-07-2005 10:23 AM
squid conf: squid failed when I type insert redirect_program /usr/bin/squidguard Niceman2005 Linux - Software 1 11-24-2004 02:29 PM
Can squid/squidguard be used to do this? Jeff D Linux - Newbie 2 01-13-2003 03:45 AM


All times are GMT -5. The time now is 05:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration