[K12OSN] dansguardian and squid won't play together

Ron Freidel rfreidel at computergeex.com
Fri Aug 27 00:26:33 UTC 2004 

Do you see something like this in squid's cache.log?

2004/08/26 08:17:25| Starting Squid Cache version 2.5.STABLE6 for
i686-pc-linux-gnu...
2004/08/26 08:17:25| Process ID 2016
2004/08/26 08:17:25| With 1024 file descriptors available
2004/08/26 08:17:25| Performing DNS Tests...
2004/08/26 08:17:25| Successful DNS name lookup tests...
2004/08/26 08:17:25| DNS Socket created at 0.0.0.0, port 32768, FD 4
2004/08/26 08:17:25| Adding nameserver 65.19.193.21 from /etc/resolv.conf
2004/08/26 08:17:25| Adding nameserver 199.104.81.3 from /etc/resolv.conf
2004/08/26 08:17:25| Adding nameserver 65.19.208.21 from /etc/resolv.conf
2004/08/26 08:17:25| Unlinkd pipe opened on FD 9
2004/08/26 08:17:25| Swap maxSize 102400 KB, estimated 7876 objects
2004/08/26 08:17:25| Target number of buckets: 393
2004/08/26 08:17:25| Using 8192 Store buckets
2004/08/26 08:17:25| Max Mem  size: 8192 KB
2004/08/26 08:17:25| Max Swap size: 102400 KB
2004/08/26 08:17:25| Rebuilding storage in /usr/local/squid/var/cache
(CLEAN)
2004/08/26 08:17:25| Using Least Load store dir selection
2004/08/26 08:17:25| Set Current Directory to /usr/local/squid/var/cache
2004/08/26 08:17:25| Loaded Icons.
2004/08/26 08:17:25| Accepting HTTP connections at 0.0.0.0, port 3128, FD
11.
2004/08/26 08:17:25| Accepting ICP messages at 0.0.0.0, port 3130, FD 12.
2004/08/26 08:17:25| WCCP Disabled.
2004/08/26 08:17:25| Ready to serve requests.

The things to look for are the nameservers, (yours will be different) and
that last one "Ready to serve requests"

I assume you have squid.conf configured to work with your local network.

Here's the important stuff from one of my installations where I have
transparent filtering working...
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl our_network src 192.168.30.0/24
http_access allow our_network
http_access allow all
http_access allow localhost
http_access deny all

I find that is all a person needs to do in squid.conf, the defaults work the
way they are.

Theres only one thing that needs to be changed in dansguardian.conf, thats
the url for your server, you don't even need to change that if you aren't
running apache on the firewall.

Then there's only a little tweaking to do to your firewall script to get
transparent filtering working, then you'll get calls about teachers not being
able to access their msn email :) But that is fixed with dansguardian.

Hope this helps.


aaa at pacifier.com wrote:
>
> 'service squid status' says 'squid is running'
> 'squid -z' says 'squid is running'
>
> cache.log doesn't give me any clues.  the last entry was at 08:55 this am.
>
> I just tried starting dansguardian again and failed.  - no change in squid
> chache.log after try.
>
> What Am I Missing???
> Thanks,
> Duane
>
> > Hi,
> >
> > That usually means that squid is not working, if you check your squid logs
> > you'll see where the problem is.
> >
> > Did you build your cache... squid -z
> >
> > Dansguardian is the easy part, squid/iptables (for transparent filtering)
> > is
> > the tricky stuff to get right.
> >
> >
> >
> > aaa at pacifier.com wrote:
> >>
> >> I am building a firewall/proxy/filter box out of 4.1.0, shorewall,
> >> squid,
> >> and dansguardian.
> >>
> >> Shorewall is working.
> >> Squid is working.
> >> When I try to run dansguardian I get a 'failed' message.
> >>
> >> Looing at /var/log/messages I see something close to the following:
> >> 'cannot connect to test proxy'
> >>
> >> What should my next step be?
> >>
> >> Duane Wilson
> >>
> >>
> >> _______________________________________________
> >> K12OSN mailing list
> >> K12OSN at redhat.com
> >> https://www.redhat.com/mailman/listinfo/k12osn
> >> For more info see <http://www.k12os.org>
> >>
> >
> > --
> > Ron Freidel
> > Some or all of my comments should not be taken seriously.
> > http://leroy.homeunix.org
> >
> >
> >
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> >
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

--
Ron Freidel
Some or all of my comments should not be taken seriously.
http://leroy.homeunix.org

More information about the K12OSN mailing list