Shorewall users - Aug 2003 - Running Shorewall with Squidguard on same machine

Hi,
I''m trying to get Shorewall to work with Squidguard on a machine which 
is acting as the fileserver, firewall, proxy server and internet access 
point for a small network. The network at present consists of the 
fileserver/firewall machine running RH 8.0, two Linux boxes running 
various RH distributions and two windows virtual machines running on the 
other machines under Win4Lin. This setup is really a trial for a larger 
network with ADSL access.

The firewall seems to work fine and proxy serving with Squidguard works 
fine when I run Mozilla from the fileserver/firewall machine. (I set 
Mozilla to look for the proxy server). However, I cannot get Squidguard 
to work from the other machines. I''m not sure if the problem lies with 
Squidguard or with my settings for Shorewall.

If I set Mozilla on these machines to look for the proxy server (HTTP 
proxy at 192.168.0.1 on port 3128), I get the following message:

"Access denied.
Access control configuration prevents your request from being allowed 
..etc.etc
Generated ...(Squid/2.4.STABLE7)"

Based on the Shorewall installation notes, I then put Mozilla put back 
to "Direct connection to the Internet" and added a redirect to the 
shorewall rules:
REDIRECT loc	3128      tcp	www	 -	!192.168.0.1

This time I get the message:
"While trying to retrieve the URL :/
The following error was encountered
Invalid URL etc...etc
Generated ...(Squid/2.4.STABLE7)""

Obviously the effect of the redirection was to lose the entire URL

Does anyone know what I''m doing wrong? Is this something with Shorewall
or should I be asking the Squidguard users list?

My Shorewall rules are as follows:
REDIRECT loc	3128      tcp	www	 -	!192.168.0.1
ACCEPT	fw		net		tcp	53
ACCEPT	fw		net		udp	53
ACCEPT	loc		fw		tcp	22
AACCEPT	loc		fw		tcp	111
ACCEPT	loc		fw		udp	111
ACCEPT	loc		fw		udp	2049
ACCEPT	loc		fw		udp	32700:
ACCEPT	fw		loc		tcp	22
ACCEPT	fw		loc		udp	137:139
ACCEPT	fw		loc		tcp	137,139
ACCEPT	fw		loc		udp	1024:		137
ACCEPT	loc		fw		udp	137:139
ACCEPT	loc		fw		tcp	137,139
ACCEPT	loc		fw		udp	1024:		137
ACCEPT	loc		fw		icmp	8
ACCEPT	net		fw		icmp	8
ACCEPT	fw		loc		icmp	8
ACCEPT	fw		net		icmp	8
ACCEPT	loc		net		icmp	8
ACCEPT	net		loc		icmp	8
(There are also a few rules to block external access via various 
"nonstandard" port numbers)

Policy is:
all		local2		DROP
loc		net		ACCEPT
loc		fw		ACCEPT
net		all		DROP		ULOG
all		all		REJECT		ULOG	
fw		net		ACCEPT

Thanks
Clive Harris

---- Original Message -----
From: "Clive Harris" <clive@clive-harris.com>
> Does anyone know what I''m doing wrong? Is this something with
Shorewall
> or should I be asking the Squidguard users list?
Ask neither.
It looks like your squid configuration is broken.
Turn off squidguard for a sec and see if you get the same error.
Get transparent proxying working with just squid and the aforementioned
shorewall rules and the rest of your questions will be squidguard questions.

btw, I can help you off list if you like - I run many similar configs
(shorewall, squid, squidguard)

dave