***I believe I am posting this in the appropriate section but if I am not, please move it. I am a newbie with SquidProxy/SquidGuard and figured this may be a good spot.
Hello everyone, I want to learn Squidproxy and SquidGuard due to it being used in past workplaces and it was always something I wanted to learn to deploy and maintain.
I've setup a small lab at home with a Windows 7 VM and SquidProxy configured on a Proxmox hypervisor.
Client IP = 10.16.60.244
Server IP = 10.16.61.67:3128
I have followed the following brief guide to build this.
http://linuxpitstop.com/install-squi...ng-this-proxy/
Initially I had difficulty with my client PC not being able to access the internet at all when the proxy configuration is entered in Internet Options.
After some reading, I realized that CentOS had FirewallD enabled. I disabled it (for testing) and the internet passes through squid (from what I can tell via access.log).
The instructions that I followed stated to
compile squid using the following command:
Code:
squidGuard -b -d -C all
The output that I receive is:
Code:
[root@localhost etc]# squidGuard -b -d -C all
2020-01-14 16:46:15 [9518] New setting: dbhome: /var/squidGuard/blacklists
2020-01-14 16:46:15 [9518] New setting: logdir: /var/log/squidGuard
2020-01-14 16:46:15 [9518] Added User: root
2020-01-14 16:46:15 [9518] Added User: foo
2020-01-14 16:46:15 [9518] Added User: bar
2020-01-14 16:46:15 [9518] destblock good missing active content, set inactive
2020-01-14 16:46:15 [9518] destblock local missing active content, set inactive
2020-01-14 16:46:15 [9518] init domainlist /var/squidGuard/blacklists/blacklists/porn/domains
2020-01-14 16:46:15 [9518] Error db_open: No such file or directory
2020-01-14 16:46:15 [9518] Going into emergency mode
^C
I'm not entirely sure why the compile error occurs, it seems due to db_open, which I'm unsure what to do about.
Reviewing /var/log/squid/access.log, I see the following output:
Code:
........
1579037842.676 94126 10.16.60.244 TCP_TUNNEL/200 9171 CONNECT pixel.facebook.com:443 - HIER_DIRECT/31.13.66.36 -
1579037968.297 240655 10.16.60.244 TCP_TUNNEL/200 5176 CONNECT www.gstatic.com:443 - HIER_DIRECT/172.217.1.3 -
1579037968.323 240668 10.16.60.244 TCP_TUNNEL/200 4058 CONNECT clientservices.googleapis.com:443 - HIER_DIRECT/172.217.1.3 -
1579037972.893 240101 10.16.60.244 TCP_TUNNEL/200 5254 CONNECT update.googleapis.com:443 - HIER_DIRECT/172.217.165.3 -
1579037977.029 240102 10.16.60.244 TCP_TUNNEL/200 163536 CONNECT ssl.gstatic.com:443 - HIER_DIRECT/172.217.165.3 -
1579037977.958 240120 10.16.60.244 TCP_TUNNEL/200 4422 CONNECT www.google-analytics.com:443 - HIER_DIRECT/172.217.0.238 -
1579037980.381 240324 10.16.60.244 TCP_TUNNEL/200 3630 CONNECT www.gmail.com:443 - HIER_DIRECT/172.217.1.5 -
1579037980.745 240083 10.16.60.244 TCP_TUNNEL/200 832 CONNECT fonts.gstatic.com:443 - HIER_DIRECT/172.217.1.3 -
1579037980.849 240791 10.16.60.244 TCP_TUNNEL/200 4992 CONNECT mail.google.com:443 - HIER_DIRECT/172.217.1.5 -
1579037980.910 253231 10.16.60.244 TCP_TUNNEL/200 7039 CONNECT accounts.google.com:443 - HIER_DIRECT/172.217.0.237 -
1579037980.931 253235 10.16.60.244 TCP_TUNNEL/200 148447 CONNECT www.google.com:443 - HIER_DIRECT/172.217.164.228 -
1579038033.506 240078 10.16.60.244 TCP_TUNNEL/200 11914 CONNECT safebrowsing.googleapis.com:443 - HIER_DIRECT/172.217.0.234 -
1579038327.142 240161 10.16.60.244 TCP_TUNNEL/200 5621 CONNECT update.googleapis.com:443 - HIER_DIRECT/172.217.165.3 -
1579038399.960 66376 10.16.60.244 TCP_TUNNEL/200 1160 CONNECT www.facebook.com:443 - HIER_DIRECT/31.13.66.35 -
I'm testing a few regular sites (
www.facebook.com and
www.gmail.com) which have SSL certificates and I'm also testing another site that is not HTTPS configured and neither is blocked.
I realize that filtering for SSL may require further configurations but I'd expect my personal site to be blocked by squid.
the squid.conf file (/etc/squid/squid.conf) is fairly untouched aside from what I entered from the initial configuration guide.
Any suggestions on what I should look at?