[K12OSN] squidGuard working but not as a separate/redirect server...?

Jay Pfaffman pfaffman at gmail.com
Sat Oct 30 12:27:00 UTC 2004 

It could be your firewall rules.  Do an "iptables -F" and see if that
fixes it.  If it does you can then go about opening the necessary
ports (which I guess is just 3128).


On Fri, 29 Oct 2004 17:32:16 -0700, Steve Hargadon
<steve.hargadon at gmail.com> wrote:
> I set up a separate K12LTSP (4.0.1) server to install squidGuard and
> Dan's Guardian.  I've only installed the squidGuard so far.  If I surf
> from that actual server, setting the proxy settings to "localhost,"
> port 3128, it works just like it should.  But when redirect outbound
> traffic from my main K12LTSP (4.1.1) server to this proxy/filter
> server, the main K12 server and its clients can only see secure
> (https) sites.  Non-secure sites are denied.  Because https uses port
> 433, I believe that indicates that the port 80 regular traffic is
> trying to use the proxy/filter server, and the port 433 traffic
> bypasses that server.
> 
> So if the proxy/filter server uses squidGuard correctly on a local
> level, there must be something I am missing when I try to send the
> port 80 traffic to the proxy/filter server.
> 
> Anybody know what I've done?  My install steps are below... cobbled
> together from other threads.
> 
> 1.  Download squidGuard from
> ftp://k12linux.mesd.k12.or.us/pub/squidGuard/ to proxy/filter server.
> 2.  Install squidGuard package.  Dependencies require yum install of "compat-db"
> 3.  Add the following lines to /etc/squid/squidconf
> redirect_program /usr/sbin/squidGuard -c /etc/squid/squidGuard.conf
> redirect_children 5
> http_port 3128
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy  on
> httpd_accel_uses_host_header on
> 4.  Start squid service
> 5.  Run /usr/sbin/update_squidguard_blacklists to update blacklist files
> 6.  Run the following iptable line additions on *main* K12LTSP server:
> iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination
> 192.168.1.1:3128
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT
> --to-destination 192.168.1.1:3128
> (chaging the ip address to my proxy/filter servers ip)
> 7.  Restart the network service on *main* server.
> 
> One additional line for the squid.conf file I hadn't seen before but
> which is in Michael William's setup instructions for squidGuard and
> Dan's Guardian is "httpd_accel_single_host off".  Would that make a
> difference?  It's not in squidGuard's instructions, or in the mesd
> instructions...
> Also, I am assuming that if I wanted to protect 433 traffic, I'd add
> additional lines on the main servers iptables with those ports?
> 
> --
> Steve Hargadon
> 916-652-8600 ext. 711
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 
> 


-- 
Jay Pfaffman                           <pfaffman at utk.edu>
Asst Professor of Instructional Technology, U. TN, Knoxville
Experimenting with gmail, please honor the Reply-To

More information about the K12OSN mailing list