I've been pulling my hair out and can't figure out what's wrong. I have dhcp, squid, and dansguardian all running on my server, but when I point a client to it for a proxy (192.168.1.15:8080) and try to get to a website, nothing happens and the connection times out. When I don't bother with the proxy, the client has no trouble getting to the internet.

I've verified I can ping the server and gateway from both machines. And the services are running, no errors noted in the logs.

Do I need to do any iptables or selinux changes?

My network is very basic, several clients on the same network as the server, connected to a verizon gateway. Local addresses are 192.168.1.x. The server is 192.168.1.15, gateway is 192.168.1.1.

Any help for what to do or where to look appreciated.

I'm using:
* squid-7:3.1.8-1.fc12 (x86_64)
* dansguardian-2.10.1.1-3.fc12.x86_64
* Fedora 12

My squid config file:
My dansguardian.conf is all defaults at this point.

Help?

So I pointed my browser on the server (localhost) to proxy 192.168.1.15:8080 and it's all working beautifully...

So why isn't it working for the client?

I have no idea how to do this, I've been reading various threads and websites, which all have various instructions for making a transparent proxy server, but I'm not sure this is what I want. I only have one ethernet card in the server, my plan is to give all clients addresses above 192.168.1.100 and then have the gateway filter any direct access from those IP's. So if a client doesn't go through the proxy, it won't get to the internet.

Help needed, I'm a bit clueless here.

Here is the output of iptables -L:

you are aware that fedora 12 is past it's END OF LIFE
there has been no support since Dec. 2 2010 ,and there will never be any .
NO bug fixes,NO security updates ,NO new software , NO nothing .

are you saying that iptables has changed dramatically and I shouldn't bother trying to make this work?

I don't think this is so much a problem with fedora 12 as that I need some help understanding how to modify iptables to make it work.

Let me know if I am wrong on this. I don't really relish the though of rebuilding my linux server at this point... everything works and has for a long time... just trying to add some functionality.

no iptables has not changed much
HOWEVER there will NEVER be any security fixes to the End Of Life fedora 12
NO NEW third party bugfixes or up to date rpms for it.
NO newer version of Dansguardian & Squid UNLESS you build ALL the dependencies from source FIRST , then them from source.

NO new version of ClamAV unless you build it from source ( no new rpm)

however, I'd appreciate some help with iptables even more.

How is your network connections? Can you show it with a crude diagram here? And you need two ethernet cards for proxy to be running. One card should be connected to the internet and the other to the internal network on which the squid service should listen. Is this how your network is designed?

And you can think of having it to be transparent later when you have your proxy running fine. Let the clients get to the internet through proxy. Then worry about making it transparent.

So I went ahead and upgraded to Fedora 14 (hopefully that will stop the peanut gallery from complaining ;-)

As previously noted, though, nothing has changed, output from iptables -L is still the same, same issue going on.

My network config is very simple. I have a bunch of clients all connected directly through the router to the internet. The Linux box is NOT the router.

My intention is to have those clients needing direct internet access assigned static IP's on my network, while all other addresses will be filtered by the router to disallow direct access to the internet. They will be forced to go through a proxy.

I know it's probably not the most secure system in the world, but for my purposes, it will work just fine.

So network traffic will flow from the client computers into eth0 on the Linux server to access the proxy, then out through eth0 on the Linux server to the Internet, with a similar return path.

Question is, how do I set up iptables to accept traffic from the clients and forward the valid traffic on?

Your linux server can either listen on eth0 for client requests or connect to internet. How can you connect a single interface to both the connections? Am I still confused? Why dont you draw a small network diagram and show us how you want your network to be and where you want your proxy to be connected?

My network, there is only a single network card on the linux server.

router <-->

|<--> Linux Server (eth0)
|<--> client 1
|<--> client 2
|<--> ...
|<--> client n

Why can the traffic not flow from client to server, be filtered by the proxy, and then back out through the server?

There's no physical reason this won't work, will the software reject this configuration for some reason?

(ETA, sorry, couldn't get the forum tools to display the ASCII network diagram very well. Suffice it to say, All machines (including the Linux server) are connected directly to the same router.)

Just a minute. You need two interfaces for your proxy to work as the way you want. Right now your linux system is connected to the internet the same way your other clients are. And they are directly connected to the internet. What you should do is add one more interface that will face internet. And let eth0 face the clients. And run squid service listening on eth0.