I''m a relative noobie and I''m still having trouble getting a 2-NIC ubuntu server providing transparent dansguardian->squid3->internet proxy. I have dansguardian, shorewall, squid3 all on the same machine: My shorewall setup eth0 = zone net, eth1 = zone loc I''m able to manually proxy using the local network (192.168.2.1:8080) with this entry in /etc/shorewall/rules: Webcache/ACCEPT loc $FW Web/ACCEPT $FW net AllowICMPs/ACCEPT all all SMB/ACCEPT all all SSH/ACCEPT all $FW NTP/ACCEPT all all MySQL/ACCEPT all $FW Webmin/ACCEPT all $FW RTMP/ACCEPT all all Git/ACCEPT all all Invalid(DROP) net all DNS(ACCEPT) $FW net SSH(ACCEPT) loc $FW Ping(ACCEPT) loc $FW Ping(DROP) net $FW ACCEPT $FW loc icmp ACCEPT $FW net icmp I''ve googled and tried several of the REDIRECT without success. Could someone please give me some guidance. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 9/7/12 3:51 PM, Robert Watson wrote:> I''m a relative noobie and I''m still having trouble getting a 2-NIC > ubuntu server providing transparent dansguardian->squid3->internet > proxy. I have dansguardian, shorewall, squid3 all on the same machine: > My shorewall setup eth0 = zone net, eth1 = zone loc > I''m able to manually proxy using the local network (192.168.2.1:8080 > <http://192.168.2.1:8080>) with this entry in /etc/shorewall/rules: > Webcache/ACCEPT loc $FW > Web/ACCEPT $FW net > AllowICMPs/ACCEPT all all > SMB/ACCEPT all all > SSH/ACCEPT all $FW > NTP/ACCEPT all all > MySQL/ACCEPT all $FW > Webmin/ACCEPT all $FW > RTMP/ACCEPT all all > Git/ACCEPT all all > Invalid(DROP) net all > DNS(ACCEPT) $FW net > SSH(ACCEPT) loc $FW > Ping(ACCEPT) loc $FW > Ping(DROP) net $FW > ACCEPT $FW loc icmp > ACCEPT $FW net icmp > > I''ve googled and tried several of the REDIRECT without success. Could > someone please give me some guidance.http://www.shorewall.net/Shorewall_Squid_Usage.html -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Sorry for my lack of information Browser states "server not found" Not sure which log to use to debug but here''s dump<http://pastebin.com/Gwbutc92> ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 9/8/12 5:12 PM, Robert Watson wrote:> Sorry for my lack of information > Browser states "server not found" > Not sure which log to use to debug but here''s dumpYou are redirecting port 80 to port 8080: 1 52 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080 Which is the port that dansguardian is listening on: tcp 0 0 192.168.2.1:8080 0.0.0.0:* LISTEN 2100/dansguardian But ALL Squid/dansguardian HOWTOs that I can find say that you should redirect web traffic to Squid which is listening on port 3128: tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 7635/squid3 Please forget dansguardian for a moment and just get Squid working as a transparent proxy; *then* add dansguardian. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/