Re: Squid with Dansguardian problem.



Semih Gokalp wrote:
Thanks for reply but i tried before:

http_port 127.0.0.1:3128 <http://127.0.0.1:3128/> transparent
http_port 192.168.0.1:3128 <http://192.168.0.1:3128/> transparent

but not worked.

I tried different ip tables rules like below:
iptables -t nat -A PREROUTING -p tcp -i $INTIF --dport 80 -j DNAT --to 192.168.0.1:8080 <http://192.168.0.1:8080>

but no worked.

When i configure web browser manually(http proxy 192.168.0.1 <http://192.168.0.1> and port 8080), and remove iptables rule (iptables -t nat -A PREROUTING -p tcp -i $INTIF -s 192.168.0.0/24 <http://192.168.0.0/24> --dport 80 -j REDIRECT --to-port 8080 ) , it works.

But why do not squid works with redirect iptables rule.I dont understand.

I suppose,problem is url because web browser error page is like this:

ERROR
The requested URL could not be retrived
While trying to retrive the URL: /2007/11/14/guncel/?ver=0

but real website adress is www.milliyet.com.tr/2007/11/14/guncel/?ver=0 <http://www.milliyet.com.tr/2007/11/14/guncel/?ver=0>

what do you think about this ?

Thanks.
I think your Squid and Dansguardian setups are fine.
Your problem is with Iptables. I assumed you had all the Iptables commands already in place for a NAT+transparent proxy setup but I guess you didnt have it.
Leave Squid and Dansguardian as it it and try the following bash script for Iptables.

---------------------------
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe

EXTIF="eth0"
INTIF="eth1"

echo " External interface : $EXTIF"
echo " Internal interace : $INTIF"

echo " loading modules"
$DEPMOD -a

echo "----------------------------------------------------------------------"

#Load the main body of the IPTABLES module - "iptable"
echo -en "ip_tables, "
$MODPROBE ip_tables


#Load the stateful connection tracking framework - "ip_conntrack"
echo -en "ip_conntrack, "
$MODPROBE ip_conntrack


#Load the general IPTABLES NAT code - "iptable_nat"
echo -en "iptable_nat, "
$MODPROBE iptable_nat


#Loads the FTP NAT functionality into the core IPTABLES code
echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp

echo -e " Done loading modules.\n"


echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward

echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F


$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " Enabling SNAT (MASQUERADE) functionality on $INTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo " Rerouting http hits to proxy server "
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT --to-port 8080

---------------------------


Mihira.

--
Random Quotes From Megas XLR
Coop: You see? The mysteries of the Universe are revealed when you break stuff.
Jamie: When in doubt, blow up a planet.
Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here.
Glorft Technician: Unnecessary use of force in capturing the Earthers has been approved.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx



Relevant Pages

  • IPTables configuration
    ... This is the iptables script I use on the router: ... echo "You're using the example configuration for a setup of a firewall" ... # modprobe iptable_filter ...
    (comp.os.linux.setup)
  • Re: iptables masquerading problem
    ... > I have an shell script, which starts my iptables rules. ... > $MODPROBE ip_conntrack ... echo " External Interface: $EXTIF" ...
    (comp.os.linux.networking)
  • firewall NAT tables with dynamic assign IP
    ... # 0.74 - the ruleset now uses modprobe vs. insmod ... # The location of the iptables and kernel module programs ... echo " External Interface: $EXTIF" ... echo " - Verifying that all kernel modules are ok" ...
    (Ubuntu)
  • Re: passive ftp problem
    ... echo " External Interface: $EXTIF" ... # If your Linux distribution came with a copy of iptables, ... Outgoing traffic from various internfaces. ...
    (comp.os.linux.security)
  • Iptables masquerading buggy?
    ... I am running iptables 1.2.7 as a loadable module (which came bundled ... echo " External Interface: $EXTIF" ... $MODPROBE ip_conntrack ... # - Loaded automatically when MASQ functionality is turned on ...
    (comp.os.linux.networking)