Transparent squid with dansguardian ,
 

Hi,

It is possible that squid(transparent) and dansguardian rule would be apply at same time if yes how please advise.

thanks

Dansguardian and Squid work together, so "yes". If you want them to work together, install them and configure them.

With a very vague question, the best you can get is a very vague answer. There's lots of documentation on the web on setting up Squid and Dansguardian....

Dansguardian will need squid running. It needs to know about the Squid port and the ip address of the machine on which squid is running.

Transparent squid with dansguardian
 

Hi,

I have installed squid(transparent) and gansguardian and working fine but at the same time both content filtering rule not workin

if i use following command then only dansguardian rule apply

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

and when i use following command then only squid acl apply.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
why both dans and squid content filtering rule applie at same time if any way please share with me.

thanks

If you want to use dansguardian, then you should only have the first rule active.

You really haven't explained what your problem is yet.

Transparent squid with dansguardian ,
 

Hi,
Perhaps you are not getting me due to my week english,i am trying to explain again. I know dans work with squid but according to me dans and squid acl works saperate when we transfer traffic to 8080 then dans acl work and when we transfer traffic to 3128 then squid acl works.I want to know from any body that any way to configure dans and squid then both acl would work togather(both content rule apply on desktop at the same time).this will be appreciable.

Thanks

Are you saying that when you use squid via dansguardian that it isn't obeying squid's acls? It should. What acls in particular are being ignored?

Transparent squid with dansguardian ,
 

Hi,
when i transfer traffic to port 8080 then this is not checking any acl from squid when i transfer traffic to 3128 then this check squid this is transparent i pass on client gatway. I want to way both would be apply at same time.

Thanks

It should. And it does for me. There could be some issues with the configuration at your place. It would be better if you provide the configuration that is not working.

Hi i am sending config file its fedora cor-8.

Squid conf file.

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
#acl SSL_ports port 443
acl CONNECT method CONNECT

#acl sucky-proxy dstdomain "/etc/squid/bproxy"
acl mail-sites url_regex -i "/etc/squid/mailsitelist"
acl sys-ips src "/etc/squid/mailips"

#acl msnmime req_mime_type ^application/x-msn-messenger$
#acl msngw url_regex -i gateway.dll

#http_access deny msnmime
#http_access deny msngw

http_access allow mail-sites sys-ips


#Default:

http_access allow all


http_port 3128 transparent

Dansguardian conf file.

# Network Settings
#
# the IP that DansGuardian listens on. If left blank DansGuardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP. Yes only one.
filterip =172.16.119.3

# the port that DansGuardian listens to.
filterport = 8080

# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 172.16.119.3

# the port DansGuardian connects to proxy on
proxyport = 3128

# accessdeniedaddress is the address of your web server to which the cgi
# dansguardian reporting script was copied
# Do NOT change from the default if you are not using the cgi.
#
accessdeniedaddress = 'http://proxyserver3.fareportal/cgi-bin/dansguardian.pl'

# Non standard delimiter (only used with accessdeniedaddress)
# Default is enabled but to go back to the original standard mode dissable it.
nonstandarddelimiter = on

command for transparent run
echo 1 > /proc/sys/net/ipv4/ip_forward
service squid restart
service dansguardian restart
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

this is running but only applying dansguardian filtring rulle .
i want on particular ip mailing should be work help of above squid acl
if i am wrong please send me code why i can allow mailing site on specific ip's.

Please send your running conf file if possible then i could compare with you.

Thanks

This very similar to my setup at two sites that I maintain. Only difference in squid file I have is
You can try that way.

hi,

I have done this,when i allow on particilar ip of mailing site through following acl then dans.. is blocking not applying squid acl for that ip.

acl mail-sites url_regex -i "/etc/squid/mailsitelist"
acl sys-ips src "/etc/squid/mailips"



http_access allow mail-sites sys-ips

are you able to open mailing site on particular ip through squid when traffic is going to 8080 port.

please send me code.

So are you saying that if dansguardian restrictions are tighter than squid, then dansguardian restriction are being applied? Since dansguardian is essentitally a pipe to squid, you'd fully expect this behaviour.

But you will want squid to run on the internal interface for security reasons. And what makes you think that only one acl set is being applied, either squid or dans?
Squid will not do content filtering. It will block on urls. And hence you need dans. But one thing you would want to check is, do you really need this strict protection?
I applied this in an educational institution where students can visit porn sites directly or indirectly. But in our office we do not need it so strict and hence just squid. You should first take into consideration if you need it that badly.
And as far as running it is considered, dans should integrate into the squid environment without any issues and it is built for that.

Hi,
I know dansguardian work together squid, in my office setup its working.i have posted code in previous reply.but i want to allow mailing site on specific ip ,how it is possible with dans and squid please send me all code nad configuration. i pass my proxy ip on client gateway, is any other way to use transparent proxy except browser and gateway.where is error in my code.