Transparent squid with dansguardian ,
Hi,
It is possible that squid(transparent) and dansguardian rule would be apply at same time if yes how please advise. thanks |
Quote:
With a very vague question, the best you can get is a very vague answer. There's lots of documentation on the web on setting up Squid and Dansguardian.... |
Dansguardian will need squid running. It needs to know about the Squid port and the ip address of the machine on which squid is running.
|
Transparent squid with dansguardian
Hi,
I have installed squid(transparent) and gansguardian and working fine but at the same time both content filtering rule not workin if i use following command then only dansguardian rule apply iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 and when i use following command then only squid acl apply. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 why both dans and squid content filtering rule applie at same time if any way please share with me. thanks |
If you want to use dansguardian, then you should only have the first rule active.
You really haven't explained what your problem is yet. |
Transparent squid with dansguardian ,
Hi,
Perhaps you are not getting me due to my week english,i am trying to explain again. I know dans work with squid but according to me dans and squid acl works saperate when we transfer traffic to 8080 then dans acl work and when we transfer traffic to 3128 then squid acl works.I want to know from any body that any way to configure dans and squid then both acl would work togather(both content rule apply on desktop at the same time).this will be appreciable. Thanks |
Are you saying that when you use squid via dansguardian that it isn't obeying squid's acls? It should. What acls in particular are being ignored?
|
Transparent squid with dansguardian ,
Hi,
when i transfer traffic to port 8080 then this is not checking any acl from squid when i transfer traffic to 3128 then this check squid this is transparent i pass on client gatway. I want to way both would be apply at same time. Thanks |
It should. And it does for me. There could be some issues with the configuration at your place. It would be better if you provide the configuration that is not working.
|
Hi i am sending config file its fedora cor-8.
Squid conf file. #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http #acl SSL_ports port 443 acl CONNECT method CONNECT #acl sucky-proxy dstdomain "/etc/squid/bproxy" acl mail-sites url_regex -i "/etc/squid/mailsitelist" acl sys-ips src "/etc/squid/mailips" #acl msnmime req_mime_type ^application/x-msn-messenger$ #acl msngw url_regex -i gateway.dll #http_access deny msnmime #http_access deny msngw http_access allow mail-sites sys-ips #Default: http_access allow all http_port 3128 transparent Dansguardian conf file. # Network Settings # # the IP that DansGuardian listens on. If left blank DansGuardian will # listen on all IPs. That would include all NICs, loopback, modem, etc. # Normally you would have your firewall protecting this, but if you want # you can limit it to only 1 IP. Yes only one. filterip =172.16.119.3 # the port that DansGuardian listens to. filterport = 8080 # the ip of the proxy (default is the loopback - i.e. this server) proxyip = 172.16.119.3 # the port DansGuardian connects to proxy on proxyport = 3128 # accessdeniedaddress is the address of your web server to which the cgi # dansguardian reporting script was copied # Do NOT change from the default if you are not using the cgi. # accessdeniedaddress = 'http://proxyserver3.fareportal/cgi-bin/dansguardian.pl' # Non standard delimiter (only used with accessdeniedaddress) # Default is enabled but to go back to the original standard mode dissable it. nonstandarddelimiter = on command for transparent run echo 1 > /proc/sys/net/ipv4/ip_forward service squid restart service dansguardian restart iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 this is running but only applying dansguardian filtring rulle . i want on particular ip mailing should be work help of above squid acl if i am wrong please send me code why i can allow mailing site on specific ip's. Please send your running conf file if possible then i could compare with you. Thanks |
This very similar to my setup at two sites that I maintain. Only difference in squid file I have is
Code:
http_port ip:3128 transparent |
hi,
I have done this,when i allow on particilar ip of mailing site through following acl then dans.. is blocking not applying squid acl for that ip. acl mail-sites url_regex -i "/etc/squid/mailsitelist" acl sys-ips src "/etc/squid/mailips" http_access allow mail-sites sys-ips are you able to open mailing site on particular ip through squid when traffic is going to 8080 port. please send me code. |
So are you saying that if dansguardian restrictions are tighter than squid, then dansguardian restriction are being applied? Since dansguardian is essentitally a pipe to squid, you'd fully expect this behaviour.
|
But you will want squid to run on the internal interface for security reasons. And what makes you think that only one acl set is being applied, either squid or dans?
Squid will not do content filtering. It will block on urls. And hence you need dans. But one thing you would want to check is, do you really need this strict protection? I applied this in an educational institution where students can visit porn sites directly or indirectly. But in our office we do not need it so strict and hence just squid. You should first take into consideration if you need it that badly. And as far as running it is considered, dans should integrate into the squid environment without any issues and it is built for that. |
Hi,
I know dansguardian work together squid, in my office setup its working.i have posted code in previous reply.but i want to allow mailing site on specific ip ,how it is possible with dans and squid please send me all code nad configuration. i pass my proxy ip on client gateway, is any other way to use transparent proxy except browser and gateway.where is error in my code. |
All times are GMT -5. The time now is 07:34 AM. |