How are Squid and DansGuardian chained together? how does that fit with the firewall interception rules? I'm not sure what you are asking. The proxy/filter doesn't seem to have any firewall installed. The traffic is rerouted to the filter by the ddwrt router box at (192.168.1.1) using the following commands. #!/bin/sh PROXY_IP=192.168.1.2 PROXY_PORT=8080 LAN_IP=`nvram get lan_ipaddr` LAN_NET=$LAN_IP/`nvram get lan_netmask` iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT iptables -t nat -I PREROUTING -i br0 -s 192.168.1.5 -j ACCEPT the final command allows 192.168.1.5 to bypass the filter. This would be the only device in which apt-get and spybot updates work from. (Nevermind how one device can do both of those things) It looks like all traffic is rerouted to port 8080 (dansguardian answers) so maybe it isn't hitting squid at all. And this isn't a squid issue. ;-( I'm not real slick with iptables, but maybe the router box is dropping all non port 80 traffic except for device 192.168.1.5? More than likely apt and spybot use https, so what would be the iptables rule to allow all traffic on port 443 to bypass the filter? -- View this message in context: http://n4.nabble.com/Squid-with-Dansguardian-is-killing-apt-get-and-Spybot-updates-tp1555460p1556890.html Sent from the Squid - Users mailing list archive at Nabble.com.
