setting up dansguardian, squid and iptables as webfilter!!

cryonics · 03-09-2006, 09:51 PM

Hi…

I read an article about linux web filtering by using Squid, DansGuardian and IPTables. So, I try to implement it on my single computer. I used Redhat Enterprise Edition 4 AS that already have squid-2.5.STABLE6-3 and iptables-1.2.11-3.1.RHEL4. So, I just need to install dansguardian. I install DG 2.8.0.6-1 by using rpm. The configuration as below:

Squid Configuration
Add or edit the file on ( /etc/squid/squid.conf )

http_port 127.0.0.1:3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_effective_user squid
cache_effective_group squid

On the command prompt type :
groupadd -r squid
useradd -g squid -d /var/spool/squid -s /bin/false -r squid

DansGuardian Configuration
Add or edit the file on ( /etc/dansguardian/dansguardian.conf)

reportinglevel = 3
filterip = 127.0.0.1
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
daemonuser = 'squid'
daemongroup = 'squid'

Iptables Command
Setting up the transparent proxy using iptables. ( allow the user squid to access both the Internet and the Squid proxy )

iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT

The next command redirects Internet traffic from all users, other than squid and any exempt users, to the filter on port 8080:

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080

iptables-save > /etc/sysconfig/iptables

chkconfig iptables on
service iptables restart

chkconfig squid on
chkconfig dansguardian on

service squid restart
service dansguardian restart

MY PROBLEM :
All seems okay except for the command “service dansguardian restart” where my DG stop OK, but start failed!! So I just start it manually using Redhat system setting-service.
After that I try to open the web site but my computer can’t reach the internet!!there’s a prompt pop out saying that “cannot attempt to reach the connection…” a sort like that! I can’t browse the internet at all. My computer can enter the internet like normal again after i disable (stop) iptables. But then I can reach the prohibited site!! Can anyone help me???

unSpawn · 03-10-2006, 06:29 PM

//Moderator note: you have crossposted a message, which is against the LQ Rules. Cross-posting is considered bad netiquette on your part, a waste of resources on LQ's part and a waste of time for LQ members who take the time to read and answer your question.
Please do not do that again.

FUP to: http://www.linuxquestions.org/questi...d.php?t=423139