I am using Squid 2.5.stable 1 + Dansguardian on a RH9. The linux box works as a transparent proxy for a win98 network at a cybercafe.

It is working just fine, the problem is that i have no way of switching the content filtering for each machine.

Since the redirection works this way:

Browser > Linux Box (port 80) > DansGuardian (8080) > Squid (3160) > Browser

I was thinking a script could be made to redirect the machine directly to squid without passing trough the filtering, the problem is i have to idea of how to do this.

If you could give me an idea or point me somewhere i can read. Or if you have a better idea just tell me :P

Thanks in advance

On my setup I can connect on 3128 and get no filter and 8080 is filtered. You just have to set another acl for squid to allow you to connect to it directly. I know what when I first setup dansguardian I remove all squid access except for the localhost which dansguardian was connecting to. Then you could only connect to the 8080 of dansguardian as 3128 was being denied. Its all in your squid.conf Like I said you just need another acl.

Content filtering is required by law here, but it is only meant for people under 18. Right now i can have DansGuardian filter all the machines or none. So I need an easy way of switching DansGuardian filtering on each machine.

Since i use static ips i thought a script could do that, redirecting an ip to squid intead of dansguardian. I have no idea of how to do that, maybe you can give me and idea or point me somewhere i can read.

Thanks

Your client is running XP? Cause if you setup each username to use the different ports then that would work. I'm assuming that windows will allow different internet setting for different users. Other that this there is no way to know if the person sitting infront of the compuer is really 18.

Clients are running windows 98, there shudn't be any client side configuration.

Let me put it another way, right now i have this iptables rule redirecting all http to DansGuardian

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

What iptables rule do i need to redirect 1 machine (lets say 192.168.0.111) to port 3160 intead of 8080 without modifying the rest ?

Can't help with Squid but you could just config the one machine's browser to use a particular proxy port.