I need urgent help
Configuration are follows
Proxy = Squid 3.1 running on port 8080 (Transparent)
(without http_port virtual etc. its running fine)
http_port 127.0.0.1:8080
If required I will post my configuration files as well

Filtering = Dansguardian 2.10 running on port 3128

LAN IP's = 192.168.0.0/255.255.0.0
eth0 = 192.168.0.47/255.255.0.0 LAN Interface
eth0:1 = 192.168.0.61/255.255.0.0 (Virtually External Interface)

As we have no dual interfaces on single machine, we have only gateway/firewall address with DNS

IP Forwarding
Enable IP forwarding by modifying the value of net.ipv4.ip_forward = 1 in /etc/sysctl.conf
because our LAN users need to access mail servers out side our LAN

Redirecting Port 80 traffic to 3128 through IP tables
iptables -t nat -A PREROUTING -d 192.168.0.47 -p tcp --dport 80 -j DNAT --to 192.168.0.47:3128
iptables -t nat -A PREROUTING -d 192.168.0.47 -p tcp --dport 8080 -j DNAT --to 192.168.0.47:3128
iptables -t nat -A PREROUTING -d 192.168.0.47 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -d 192.168.0.61 -p tcp --dport 80 -j REDIRECT --to-port 3128

Every thing working perfect filtering with Dansguardian and other things by enforcing proxy address in browser
When I configured browser with no proxy, and configure (192.168.0.47) as a gateway. Users are able to access those site which are restricted

One more thing sometimes its working with the above settings sometimes not. Means sometime it filter the browsing sometime it doesn't.

Could any one help me, it's the first time that I have raised a question on linuxquestion.org, because I have to resolve this issues on urgent basis.

Thanks in advance

First, this is not 'urgent' for anyone here. We volunteer our time, so if you need **URGENT** support, use a distro that you pay for, and they'll be there for you.

And if I'm understanding what you wrote...your proxy is working fine...except when you bypass it? Yep...that sounds about right. If you don't want people to get out, block any other path.

0 members found this post helpful.

Your network currently looks like:

A solution could be:

It is left as an exercise to the reader to come up with other ways of making this work, or implement this at will.

Dear All,
Thanks for your help and assistance, Next time I will be careful about “URGENT”
The scenario here is

I need to provide internet access to our users transparently as they don't need to know about the proxy address. We have a router in place, through which I am accessing internet. Now I need to provide filtered internet to all of our users in the following way

[Internet]

| [Router/Gateway]
|
| [Squid/Dansguardian]
|
| [Client PCs]


PCs PCs PCs Proxy(Squid+Dansguardian) Gateway(Router)
[] [] [] [] []
[ ] [ ] [ ] [ ] [ ]
|______|_________|________________|___________________|


All are well connected with switches on a same segment.
Client PC's only has the access on Squid machine to get the internet. I want to do some magic with IP tables that the web traffic goes through DansGuardian---> Squid for filtration purpose. Remaining POP and SMTP traffic route through gateway without any interception.

Hope above will clear the situation and requirements

Once again thanks in advance

Thanks guys
I think i was unable to demonstrate my problem, But finally I got the solution


http://ubuntuforums.org/archive/index.php/t-479407.html