[K12OSN] Dansguardian and squid wont play together

Ron Freidel rfreidel at computergeex.com
Tue Sep 7 14:31:34 UTC 2004 

For Dansguardian/Squid I put it on a firewall box running iptables,
this is what I use to transparently route all users through DG/Squid.

iptables -t nat -A PREROUTING -m tcp -p tcp --dport 80 -j REDIRECT --to-port
8080
iptables -A INPUT -m tcp -p tcp -s ! 127.0.0.1 --dport 3128 -j DROP

Most teachers request that their computers be unrestricted so I usually have
to control that through dansguardian itself.








Duane Wilson (aaa at pacifier.com) wrote:
>
> goblin at scooter.co.nz wrote:
>
> > Mark Cockrell wrote:
> >
> >> I'm not entirely certain about this, but I think that DG by default
> >> listens on port 8080.  If you're rerouting to port 3128, then I think
> >> you're skipping DG altogether.  Try rerouting from 80 to 8080 and see
> >> what happens.
> >>
> > Mark Cockrell wrote:
> >
> > > I'm not entirely certain about this, but I think that DG by default
> > > listens on port 8080.  If you're rerouting to port 3128, then I think
> > > you're skipping DG altogether.  Try rerouting from 80 to 8080 and see
> > > what happens.
> > >
> >
> > Yeah thats exactly right...
> > You set Squid to listen on (localhost only) port 3128... DG will talk
> > to squid via 3128 but DG itself will listen on 8080.
> >
> > From your conf file
> > =================================================
> > # the port that DansGuardian listens to.
> > filterport = 8080
> >
> > # the ip of the proxy (default is the loopback - i.e. this server)
> > proxyip = 127.0.0.1
> >
> > # the port DansGuardian connects to proxy on
> > proxyport = 3128
> > =================================================
> >
> > All requests are then answered by DansGuardian.... DG should be the
> > only thing able to talk to squid or your filtering can be easily
> > bypassed by connecting to squid directly.
> >
> > (Internet)--><:80-->(Clients)
> >
> > so yeah redirect to port 8080 and if it's still not working we will
> > need to have a look at your squid.conf file.
> >
> > Regards
> >
> > John
> >
> >
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> >
> Thanks for explaining that to me.  That is very logical, but I didn't
> understand the flow.
> I changed my firewall rules to intercept all port 80 trafic from the
> local network and send it to port 8080 where DansGuardian dutifuly
> filtered the requests.
>
> I suspect some of you in the Portland area may have heard my shout for
> joy when I saw the "Access Denied" screen.
>
> Yes, Linux rocks,  but not without people willing to help each other out!
>
> Duane
>
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

--
Ron Freidel
Some or all of my comments should not be taken seriously.
http://leroy.homeunix.org

More information about the K12OSN mailing list