Re: Squid with Dansguardian problem.
Semih Gokalp wrote:
Thanks for reply but i tried before:
http_port 127.0.0.1:3128 <http://127.0.0.1:3128/> transparent
http_port 192.168.0.1:3128 <http://192.168.0.1:3128/> transparent
but not worked.
I tried different ip tables rules like below:
iptables -t nat -A PREROUTING -p tcp -i $INTIF --dport 80 -j DNAT --to
192.168.0.1:8080 <http://192.168.0.1:8080>
but no worked.
When i configure web browser manually(http proxy 192.168.0.1
<http://192.168.0.1> and port 8080), and remove iptables rule (iptables
-t nat -A PREROUTING -p tcp -i $INTIF -s 192.168.0.0/24
<http://192.168.0.0/24> --dport 80 -j REDIRECT --to-port 8080 ) , it works.
But why do not squid works with redirect iptables rule.I dont understand.
I suppose,problem is url because web browser error page is like this:
ERROR
The requested URL could not be retrived
While trying to retrive the URL: /2007/11/14/guncel/?ver=0
but real website adress is www.milliyet.com.tr/2007/11/14/guncel/?ver=0
<http://www.milliyet.com.tr/2007/11/14/guncel/?ver=0>
what do you think about this ?
Thanks.
I think your Squid and Dansguardian setups are fine.
Your problem is with Iptables. I assumed you had all the Iptables commands
already in place for a NAT+transparent proxy setup but I guess you didnt have it.
Leave Squid and Dansguardian as it it and try the following bash script for
Iptables.
---------------------------
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
EXTIF="eth0"
INTIF="eth1"
echo " External interface : $EXTIF"
echo " Internal interace : $INTIF"
echo " loading modules"
$DEPMOD -a
echo "----------------------------------------------------------------------"
#Load the main body of the IPTABLES module - "iptable"
echo -en "ip_tables, "
$MODPROBE ip_tables
#Load the stateful connection tracking framework - "ip_conntrack"
echo -en "ip_conntrack, "
$MODPROBE ip_conntrack
#Load the general IPTABLES NAT code - "iptable_nat"
echo -en "iptable_nat, "
$MODPROBE iptable_nat
#Loads the FTP NAT functionality into the core IPTABLES code
echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp
echo -e " Done loading modules.\n"
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $INTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo " Rerouting http hits to proxy server "
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT
--to-port 8080
---------------------------
Mihira.
--
Random Quotes From Megas XLR
Coop: You see? The mysteries of the Universe are revealed when you break stuff.
Jamie: When in doubt, blow up a planet.
Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here.
Glorft Technician: Unnecessary use of force in capturing the Earthers has been
approved.
Reply to: