[ale] squidGuard

James P. Kinney III jkinney at localnetsolutions.com
Sat Apr 17 10:48:27 EDT 2004


On Sat, 2004-04-17 at 08:47, Doug McNash wrote:
> On the first pass I would say it can't find your lists.  Check your
> squidGuard.conf for 
> 
> dbhome /etc/squid/db

It is configured to use /usr/local/squidGuard.db and there are .db files
there that were created using the text files.

> or something similar.  I don't see one.
> 
> Have you built the .db files?  I don't recall the command options or if
> it is absolutely necessary.  It might be.
> 
> Why have an "else" block that does nothing, is "else" valid config
> language?
> 
I'll double check that else

> Local access is not going thru the proxy at your browser if you look at
> your browser config.

Actually, I have a port rewrite rule in iptables that takes everything
destined for port 80 that arrives on the internal interface and rewrites
it to be port 8080 so the squid proxy can pick it up. Squid is set up to
listen on port 8080.

iptables -t nat -I PREROUTING -i eth1 -p tcp --dport 80 -j DNAT
--to-destination :8080

I have an allow site (ups.com) that simply times out. The internal web
site (sewingmachine.biz) works fine. My domain is also on the OK list at
it immediately give an error "not accessible". That is the same error as
other domains that are not on any OK list.

I'm trying to do this in such a way as to not require any browser
changes as the IE machines can be reset by the users as they choose to
not use the filtering proxy.  
> 
> On Fri, 2004-04-16 at 14:47, James P. Kinney III wrote:
> > Has anyone setup squidGuard before? I can connect to the local gateway
> > machine OK but everything past it is blocked even though I have rules
> > set (I think) to allow access.
> > 
> > From
> > squidGuard.conf:                                                                                
> > source LAN {
> >         ip              192.168.1.2
> > }
> > 
> >                                                                                 
> > dest good {
> >         expressionlist          good.destexprlist
> >         urllist         good.desturllist
> >         domainlist      good.destdomainlist
> > }
> >                                                                                 
> > acl {
> >         LAN {
> >                 pass good all
> >         }else{
> >                 pass none
> >         }
> >                                                                                 
> >         default {
> >                 pass none
> >                 rewrite dmz
> >                 redirect
> > http://192.168.1.1/cgi-bin/blocked?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
> >         }
> > }
> > 
> > 192.168.1.1 is the gateway machine that is also a web server. It is the
> > squid proxy server
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list