Squid help

tuxrules · 08-12-2016, 08:31 PM

Hi Folks,

I'm trying to setup Squid along with Dansguardian for local network. Installing both these are relatively trivial but I've been banging my head with Squid for few hours now and getting nowhere. I am testing this on a local machine before deploying everything on a network server.

Here's the entire squid config file.

Code:

acl kuiperbelt src 192.168.2.0/24       # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow localhost
http_access allow kuiperbelt
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access deny all
http_port 127.0.0.1:3127
cache_mem 256 MB
cache_dir ufs /var/cache/squid 256 16 256
access_log daemon:/var/log/squid/access.log squid
mime_table /etc/squid/mime.conf
pid_filename /var/run/squid/squid.pid
cache_log /var/log/squid/cache.log
coredump_dir /var/log/squid/cache/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
visible_hostname shakal
forwarded_for on

On the local machine, I have INPUT, OUTPUT and FORWARD chains set to allow. No NAT rules on the local machines except this one to redirect outgoing http request to port 8080 (where Dansguardian is listening)

Code:

iptables -t nat -A OUTPUT -o eth0 -p tcp --sport 1024:65535 --dport 80 -j REDIRECT --to-ports 8080

The issue I am facing is that I see Dansguardian log and squid log getting populated when I access websites but with this config and iptables rules but Squid blocks even www.slackware.com. I know Squid blocks it because I see the Squid access denied page, see attached screenshot.

I'd appreciate if someone can help me point out what's wrong here. This is my first time dealing with Squid.

Thanks,

Gerard Lally · 08-13-2016, 02:26 AM

Quote:

Originally Posted by tuxrules

Hi Folks,

I'm trying to setup Squid along with Dansguardian for local network.

...

I'd appreciate if someone can help me point out what's wrong here. This is my first time dealing with Squid.

I found these instructions fairly helpful when I was setting up Squid+DG on Slackware and NetBSD.