Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


Closed Thread
  Search this Thread
Old 03-09-2006, 09:51 PM   #1
LQ Newbie
Registered: Mar 2006
Posts: 12

Rep: Reputation: 0
setting up dansguardian, squid and iptables as webfilter!!


I read an article about linux web filtering by using Squid, DansGuardian and IPTables. So, I try to implement it on my single computer. I used Redhat Enterprise Edition 4 AS that already have squid-2.5.STABLE6-3 and iptables-1.2.11-3.1.RHEL4. So, I just need to install dansguardian. I install DG by using rpm. The configuration as below:

Squid Configuration
Add or edit the file on ( /etc/squid/squid.conf )

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_effective_user squid
cache_effective_group squid

On the command prompt type :
groupadd -r squid
useradd -g squid -d /var/spool/squid -s /bin/false -r squid

DansGuardian Configuration

Add or edit the file on ( /etc/dansguardian/dansguardian.conf)

reportinglevel = 3
filterip =
filterport = 8080
proxyip =
proxyport = 3128
daemonuser = 'squid'
daemongroup = 'squid'

Iptables Command
Setting up the transparent proxy using iptables. ( allow the user squid to access both the Internet and the Squid proxy )

iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT

The next command redirects Internet traffic from all users, other than squid and any exempt users, to the filter on port 8080:

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080

iptables-save > /etc/sysconfig/iptables

chkconfig iptables on
service iptables restart

chkconfig squid on
chkconfig dansguardian on

service squid restart
service dansguardian restart

All seems okay except for the command “service dansguardian restart” where my DG stop OK, but start failed!! So I just start it manually using Redhat system setting-service.
After that I try to open the web site but my computer can’t reach the internet!!there’s a prompt pop out saying that “cannot attempt to reach the connection…” a sort like that! I can’t browse the internet at all. My computer can enter the internet like normal again after i disable (stop) iptables. But then I can reach the prohibited site!! Can anyone help me???
Old 03-10-2006, 06:29 PM   #2
Registered: May 2001
Posts: 29,358
Blog Entries: 55

Rep: Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545
//Moderator note: you have crossposted a message, which is against the LQ Rules. Cross-posting is considered bad netiquette on your part, a waste of resources on LQ's part and a waste of time for LQ members who take the time to read and answer your question.
Please do not do that again.

FUP to:

Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Proxy won't let me connect, iptables, squid and dansguardian hindenbergbaby Linux - Networking 4 12-02-2009 03:45 AM
Problem using Squid, Dansguardian and IPtables as web filtering! cryonics Linux - Networking 7 05-09-2006 01:00 PM
dansguardian + squid shafey Linux - Security 2 12-31-2005 11:42 AM
Dansguardian/Squid HELP! Prizam Linux - Software 3 09-23-2005 06:30 PM
iptables, DansGuardian, and Squid. cth3 Linux - Networking 1 02-10-2005 09:04 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:01 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration