Yes, yes and yes. Linux neowall 2.6.23.12 #1 SMP PREEMPT Wed Jan 2 20:09:47 MST 2008 i686 pentium4 i386 GNU/Linux It is running on a P4 3G cpu with 2 Gig of RAM squid was configured with: --sysconfdir=/etc/squid \ --localstatedir=/var/cache/squid \ --enable-async-io \ --enable-snmp \ --enable-gnuregex \ --enable-linux-netfilter here is my squid.conf: http_port 127.0.0.1:3128 transparent visible_hostname neowall.neoharbor.com hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache access_log /var/cache/squid/logs/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 192.168.0.0/16 10.1.0.0/16 127.0.0.1 http_access allow our_networks http_access allow localhost http_reply_access allow all icp_access allow all forwarded_for off coredump_dir /var/cache/squid and my dansquadian.conf: reportinglevel = 3 languagedir = '/etc/dansguardian/languages' language = 'ukenglish' loglevel = 3 logexceptionhits = on logfileformat = 1 filterip = filterport = 8080 proxyip = 127.0.0.1 proxyport = 3128 accessdeniedaddress = 'http://neowall.neoharbor.com/cgi- bin/dansguardian.pl' nonstandarddelimiter = on usecustombannedimage = 1 custombannedimagefile = '/etc/dansguardian/transparent1x1.gif' filtergroups = 1 filtergroupslist = '/etc/dansguardian/filtergroupslist' bannediplist = '/etc/dansguardian/bannediplist' exceptioniplist = '/etc/dansguardian/exceptioniplist' banneduserlist = '/etc/dansguardian/banneduserlist' exceptionuserlist = '/etc/dansguardian/exceptionuserlist' showweightedfound = on weightedphrasemode = 2 urlcachenumber = 1000 urlcacheage = 900 phrasefiltermode = 2 preservecase = 0 hexdecodecontent = 0 forcequicksearch = 0 reverseaddresslookups = off reverseclientiplookups = off createlistcachefiles = on maxuploadsize = -1 maxcontentfiltersize = 256 usernameidmethodproxyauth = on usernameidmethodntlm = off # **NOT IMPLEMENTED** usernameidmethodident = off preemptivebanning = on forwardedfor = on usexforwardedfor = off logconnectionhandlingerrors = on maxchildren = 120 minchildren = 8 minsparechildren = 4 preforkchildren = 6 maxsparechildren = 32 maxagechildren = 500 ipcfilename = '/tmp/.dguardianipc' urlipcfilename = '/tmp/.dguardianurlipc' nodaemon = off nologger = off softrestart = off Thank you for your reply. --Richard On 5 Jan 2008 at 19:17, Adrian Chadd wrote: > Have you configured the http_port with 'transparent' ? > > Is it linux based? Did you compile --enable-linux-netfilter? > > > > Adrian > > > On Sat, Jan 05, 2008, Richard Pyne wrote: > > I am having a problem with getting this combination to work properly. Yes, > > I have searched the docs, faq and the web for an answer. The only > > solutions I can find are for much older versions and do not work with the > > current versions. > > > > I am running squid 3.0STABLE1, shorewall 3.4.5 and dansguardian 2.8.0.6 on > > my firewall machine. > > > > shorewall is configured to redirect through dansguardian as a transparent > > proxy: > > > > REDIRECT loc 8080 tcp http > > ACCEPT loc fw tcp 8080 > > > > Watching the logs, requests to dansguardian look fine, but the requests > > showing in the squid log are missing the domain portion of the request. > > > > The really strange part is that if the request comes to dansguardian from > > the localhost (127.0.0.1) directly on port 8080 everything works fine and > > the request in the squid log has the domain part of the request, but if > > the request comes from a machine on the local net, the squid log shows > > that the domain portion of the request is missing. > > > > If I change the shorewall rules do only redirect through squid, everything > > works fine, I just don't get any content filtering. > > > > Please help, I have been tearing my hair out on this now for two days. > > > > --Richard > > -- > - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - > - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA - > > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.516 / Virus Database: 269.17.13/1210 - Release Date: 1/5/2008 11:46 AM >
