Trying to get a quick n dirty Dans Guardian/Squid install for client
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Once I did the daemonuser and group commands, and created that user and group, I get an error when I try to restart the dansguardian daemon. It gives me this:
./dansguardian restart
Shutting down dansguardian: [ FAILED ]
Starting dansguardian: Error opening/creating log file. (check ownership and access rights).
I am running as dansguardian and I am trying to open /var/log/dansguardian/access.log
[ FAILED ]
oh yeah, and the same would go for squid, you'd need to change the ownership of the cache and log directories... depending on where you have them, it would go kinda like:
Code:
chown -R squid:squid /var/lib/squid
BTW, these are the kinda things that you wanna do *after* shutting-down the daemons...
basically, my main concern is/was the ownership of your dansguardian binary and the fact you are/were running it as root... like, cuz it might be what's causing the odd non-filtering behavior... of course it's just a shot in the dark... i'm actually quite dumbfounded about this dansguardian issue...
I do appreciate your help. I have run all of your commands verbatim and have restarted the daemons. This there any ls -l information that you would like to see to straighten out the possible ownership issue? Should I reinstall anything? Reboot?
i mean, like, using a browser on the same machine which DG and squid are running on... like, telling the browser to use proxy 127.0.0.1:8080 and stuff...??
I put the "server" itself on the proxy. I actually used the public address 192.168.111.46 as when I tried the loopback, squid gave me an access denied page. I never put the loopback address in the ACL in squid. Also, I am using port 3128. If I use 8080, squid gives me an access denied page.
basically you just need to have an ACL for 127.0.0.1 in your squid.conf... this is due to the fact that all requests to squid will be coming from the dansguardian which is running on the same box... so squid in this case won't care about your LAN IPs... an ACL like this in your squid.conf should suffice:
Code:
acl localhost src 127.0.0.1/255.255.255.255
seems like you already have that, but now that you mention it, it doesn't look like you have the respective "allow" for it, which would look like:
Code:
http_access allow localhost
you should double-check that...
having said that, squid should be listening on port 3128, while dansguardian listens on port 8080... so since squid's ACL's only allow connections from 127.0.0.1 (localhost) then trying to connect directly to 3128 from a client will fail, which is a good thing in this case... they are forced to use port 8080 which will be the content-filter...
Okay, we are making progress. Now if I point the browser to port 3128, squid will give me an access denied page, while is I point it to 8080 everything is allowed. I had the 192.168.111.0 subnet allowed in squid and the localhost disallowed. I reversed that now. Since I had the whole port thing messed up (and in effect the relationship btwn squid and dansguardian) perhaps that is the root of the problem. Is there any thing else I should look at regarding ports and how dansguardian and squid communicate?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.