LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Squid / DansGuardian problem
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-07-2008, 10:32 PM   #1
ketchukf
LQ Newbie
 
Registered: Feb 2008
Posts: 4

Rep: Reputation: 0
Squid / DansGuardian problem

Hi all. Thanks for reading my tale of woe.

I'm trying to build a test Squid/Dans Guardian box on SuSE 10.1. Squid is squid-2.5.STABLE12-18.9, Dans Guardian is 2.9.9.2. Single NIC. When I set the browser's proxy port to 3128 everything works as it should, but when I set the browser's proxy to the DG port (8080) I get this in the squid access.log:

1202444056.897 193 127.0.0.1 TCP_DENIED/403 1414 GET some url/ - DIRECT/72.14.205.104 text/html

and this in the squid cache.log:

2008/02/07 14:44:09| comm_udp_sendto: FD 5, 192.168.0.1, port 53: (1) Operation not permitted

192.168.0.1 is the gateway and DNS server.

An attempt to browse to a DG-banned site results in the DG 'you've been blocked' page. Sites that should be allowed result in 'Access denied'. Why? Where have I gone wrong?

I've taken iptables out of the equation for now. Here's the output of iptables -L:

sles:/var/log/dansguardian # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain LOGDROP (0 references)
target prot opt source destination

Chain forward_ext (0 references)
target prot opt source destination

Chain input_ext (0 references)
target prot opt source destination

Chain reject_func (0 references)
target prot opt source destination

My squid.conf file:

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl to_localhost dst 127.0.0.0/8
acl CONNECT method CONNECT
acl localnet src 192.168.0.0/255.255.255.0
acl all src 192.168.0.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
http_access allow localnet
http_access allow localhost
http_access allow CONNECT SSL_ports
http_access deny all
http_access allow manager localhost
http_access deny manager
http_reply_access allow all
icp_access allow all
coredump_dir /var/cache/squid

My dansguardian.conf file:

reportinglevel = 3
languagedir = '/usr/local/share/dansguardian/languages'
language = 'ukenglish'
loglevel = 2
logexceptionhits = 2
logfileformat = 1
loglocation = '/var/log/dansguardian/access.log'
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
accessdeniedaddress = 'my dg box's url'
nonstandarddelimiter = on
usecustombannedimage = on
custombannedimagefile = '/usr/local/share/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/usr/local/etc/dansguardian/lists/filtergroupslist'
bannediplist = '/usr/local/etc/dansguardian/lists/bannediplist'
exceptioniplist = '/usr/local/etc/dansguardian/lists/exceptioniplist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 1000
urlcacheage = 900
scancleancache = on
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = off
forcequicksearch = off
reverseaddresslookups = off
reverseclientiplookups = off
logclienthostnames = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 256
maxcontentramcachescansize = 2000
maxcontentfilecachescansize = 20000
filecachedir = '/tmp'
deletedownloadedtempfiles = on
initialtrickledelay = 20
trickledelay = 10
downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/fancy.conf'
downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/default.conf'
contentscannertimeout = 60
contentscanexceptions = off
recheckreplacedurls = off
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
logchildprocesshandling = off
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
maxips = 0
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
ipipcfilename = '/tmp/.dguardianipipc'
nodaemon = off
nologger = off
logadblocks = off
loguseragent = off
softrestart = off

Thanks in advance for your help!

Keith
 
Old 02-10-2008, 07:51 AM   #2
ketchukf
LQ Newbie
 
Registered: Feb 2008
Posts: 4

Original Poster
Rep: Reputation: 0
Nevermind. Dan's Guardian has to point at the LAN IP of the proxy server, not the loopback address.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem installing squid as a web filter with dansguardian davimint Slackware 3 07-21-2007 05:18 AM
Dansguardian + Squid SBN Linux - Server 2 07-12-2007 07:16 AM
Problem using Squid, Dansguardian and IPtables as web filtering! cryonics Linux - Networking 7 05-09-2006 01:00 PM
dansguardian + squid shafey Linux - Security 2 12-31-2005 11:42 AM
Dansguardian/Squid HELP! Prizam Linux - Software 3 09-23-2005 06:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:56 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration