[K12OSN] Dansguardian and squid wont play together

Huck dhuckaby at paasda.org
Tue Sep 7 16:10:55 UTC 2004 

to unfilter it is simple enough to do at their browser as well..

i.e.  web proxy settings   192.168.0.254 port 3128 
will bybass DG's filtering... assuming your DG box's IP is the same as 
above.

--Huck

Ron Freidel wrote:

>For Dansguardian/Squid I put it on a firewall box running iptables,
>this is what I use to transparently route all users through DG/Squid.
>
>iptables -t nat -A PREROUTING -m tcp -p tcp --dport 80 -j REDIRECT --to-port
>8080
>iptables -A INPUT -m tcp -p tcp -s ! 127.0.0.1 --dport 3128 -j DROP
>
>Most teachers request that their computers be unrestricted so I usually have
>to control that through dansguardian itself.
>
>
>
>
>
>
>
>
>Duane Wilson (aaa at pacifier.com) wrote:
>  
>
>>goblin at scooter.co.nz wrote:
>>
>>    
>>
>>>Mark Cockrell wrote:
>>>
>>>      
>>>
>>>>I'm not entirely certain about this, but I think that DG by default
>>>>listens on port 8080.  If you're rerouting to port 3128, then I think
>>>>you're skipping DG altogether.  Try rerouting from 80 to 8080 and see
>>>>what happens.
>>>>
>>>>        
>>>>
>>>Mark Cockrell wrote:
>>>
>>>      
>>>
>>>>I'm not entirely certain about this, but I think that DG by default
>>>>listens on port 8080.  If you're rerouting to port 3128, then I think
>>>>you're skipping DG altogether.  Try rerouting from 80 to 8080 and see
>>>>what happens.
>>>>
>>>>        
>>>>
>>>Yeah thats exactly right...
>>>You set Squid to listen on (localhost only) port 3128... DG will talk
>>>to squid via 3128 but DG itself will listen on 8080.
>>>
>>>From your conf file
>>>=================================================
>>># the port that DansGuardian listens to.
>>>filterport = 8080
>>>
>>># the ip of the proxy (default is the loopback - i.e. this server)
>>>proxyip = 127.0.0.1
>>>
>>># the port DansGuardian connects to proxy on
>>>proxyport = 3128
>>>=================================================
>>>
>>>All requests are then answered by DansGuardian.... DG should be the
>>>only thing able to talk to squid or your filtering can be easily
>>>bypassed by connecting to squid directly.
>>>
>>>(Internet)--><:80-->(Clients)
>>>
>>>so yeah redirect to port 8080 and if it's still not working we will
>>>need to have a look at your squid.conf file.
>>>
>>>Regards
>>>
>>>John
>>>
>>>
>>>_______________________________________________
>>>K12OSN mailing list
>>>K12OSN at redhat.com
>>>https://www.redhat.com/mailman/listinfo/k12osn
>>>For more info see <http://www.k12os.org>
>>>
>>>      
>>>
>>Thanks for explaining that to me.  That is very logical, but I didn't
>>understand the flow.
>>I changed my firewall rules to intercept all port 80 trafic from the
>>local network and send it to port 8080 where DansGuardian dutifuly
>>filtered the requests.
>>
>>I suspect some of you in the Portland area may have heard my shout for
>>joy when I saw the "Access Denied" screen.
>>
>>Yes, Linux rocks,  but not without people willing to help each other out!
>>
>>Duane
>>
>>
>>
>>_______________________________________________
>>K12OSN mailing list
>>K12OSN at redhat.com
>>https://www.redhat.com/mailman/listinfo/k12osn
>>For more info see <http://www.k12os.org>
>>
>>    
>>
>
>--
>Ron Freidel
>Some or all of my comments should not be taken seriously.
>http://leroy.homeunix.org
>
>
>
>_______________________________________________
>K12OSN mailing list
>K12OSN at redhat.com
>https://www.redhat.com/mailman/listinfo/k12osn
>For more info see <http://www.k12os.org>
>
>
>  
>

More information about the K12OSN mailing list