[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Squid with Dansguardian problem.

Semih Gokalp wrote:

Thanks for reply but i tried before:

http_port 127.0.0.1:3128 <http://127.0.0.1:3128/> transparent
http_port 192.168.0.1:3128 <http://192.168.0.1:3128/> transparent

but not worked.

I tried different ip tables rules like below:
iptables -t nat -A PREROUTING -p tcp -i $INTIF --dport 80 -j DNAT --to 192.168.0.1:8080 <http://192.168.0.1:8080> 

but no worked.
When i configure web browser manually(http proxy 192.168.0.1 <http://192.168.0.1> and port 8080), and remove iptables rule (iptables -t nat -A PREROUTING -p tcp -i $INTIF -s 192.168.0.0/24 <http://192.168.0.0/24> --dport 80 -j REDIRECT --to-port 8080 ) , it works. 

But why do not squid works with redirect iptables rule.I dont understand.

I suppose,problem is url because web browser error page is like this:

ERROR
The requested URL could not be retrived
While trying to retrive the URL: /2007/11/14/guncel/?ver=0
but real website adress is www.milliyet.com.tr/2007/11/14/guncel/?ver=0 <http://www.milliyet.com.tr/2007/11/14/guncel/?ver=0> 

what do you think about this ?

Thanks.

I think your Squid and Dansguardian setups are fine.
Your problem is with Iptables. I assumed you had all the Iptables commands already in place for a NAT+transparent proxy setup but I guess you didnt have it. Leave Squid and Dansguardian as it it and try the following bash script for Iptables. 

---------------------------
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe

EXTIF="eth0"
INTIF="eth1"

echo "      External interface : $EXTIF"
echo "      Internal interace : $INTIF"

echo "      loading modules"
$DEPMOD -a

echo "----------------------------------------------------------------------"

#Load the main body of the IPTABLES module - "iptable"
echo -en "ip_tables, "
$MODPROBE ip_tables


#Load the stateful connection tracking framework - "ip_conntrack"
echo -en "ip_conntrack, "
$MODPROBE ip_conntrack


#Load the general IPTABLES NAT code - "iptable_nat"
echo -en "iptable_nat, "
$MODPROBE iptable_nat


#Loads the FTP NAT functionality into the core IPTABLES code
echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp

echo -e "   Done loading modules.\n"


echo "   Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward

echo "   Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F


$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo "   Enabling SNAT (MASQUERADE) functionality on $INTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo "   Rerouting http hits to proxy server "
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT --to-port 8080 

---------------------------


Mihira.

--
Random Quotes From Megas XLR
Coop: You see? The mysteries of the Universe are revealed when you break stuff.
Jamie: When in doubt, blow up a planet.
Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here.
Glorft Technician: Unnecessary use of force in capturing the Earthers has been approved.
Reply to: