[K12OSN] squidGuard working but not as a separate/redirect server...?
Jay Pfaffman
pfaffman at gmail.com
Sat Oct 30 12:27:00 UTC 2004
It could be your firewall rules. Do an "iptables -F" and see if that
fixes it. If it does you can then go about opening the necessary
ports (which I guess is just 3128).
On Fri, 29 Oct 2004 17:32:16 -0700, Steve Hargadon
<steve.hargadon at gmail.com> wrote:
> I set up a separate K12LTSP (4.0.1) server to install squidGuard and
> Dan's Guardian. I've only installed the squidGuard so far. If I surf
> from that actual server, setting the proxy settings to "localhost,"
> port 3128, it works just like it should. But when redirect outbound
> traffic from my main K12LTSP (4.1.1) server to this proxy/filter
> server, the main K12 server and its clients can only see secure
> (https) sites. Non-secure sites are denied. Because https uses port
> 433, I believe that indicates that the port 80 regular traffic is
> trying to use the proxy/filter server, and the port 433 traffic
> bypasses that server.
>
> So if the proxy/filter server uses squidGuard correctly on a local
> level, there must be something I am missing when I try to send the
> port 80 traffic to the proxy/filter server.
>
> Anybody know what I've done? My install steps are below... cobbled
> together from other threads.
>
> 1. Download squidGuard from
> ftp://k12linux.mesd.k12.or.us/pub/squidGuard/ to proxy/filter server.
> 2. Install squidGuard package. Dependencies require yum install of "compat-db"
> 3. Add the following lines to /etc/squid/squidconf
> redirect_program /usr/sbin/squidGuard -c /etc/squid/squidGuard.conf
> redirect_children 5
> http_port 3128
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> 4. Start squid service
> 5. Run /usr/sbin/update_squidguard_blacklists to update blacklist files
> 6. Run the following iptable line additions on *main* K12LTSP server:
> iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination
> 192.168.1.1:3128
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT
> --to-destination 192.168.1.1:3128
> (chaging the ip address to my proxy/filter servers ip)
> 7. Restart the network service on *main* server.
>
> One additional line for the squid.conf file I hadn't seen before but
> which is in Michael William's setup instructions for squidGuard and
> Dan's Guardian is "httpd_accel_single_host off". Would that make a
> difference? It's not in squidGuard's instructions, or in the mesd
> instructions...
> Also, I am assuming that if I wanted to protect 433 traffic, I'd add
> additional lines on the main servers iptables with those ports?
>
> --
> Steve Hargadon
> 916-652-8600 ext. 711
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
>
--
Jay Pfaffman <pfaffman at utk.edu>
Asst Professor of Instructional Technology, U. TN, Knoxville
Experimenting with gmail, please honor the Reply-To
More information about the K12OSN
mailing list