-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please post a new thread email to the list instead of replying to an existing topic. This has nothing to do with YouTube access control. On 1/10/2014 11:23 p.m., Darren B. wrote: > > HI > > I am trying to set up a router that allows a group of devices on a > network to access the internet via Dansguardian and squid. > > I am setting it up as a transparent proxy and locking down the > ports with IPtables. > > I am using IPtables to redirect connections on port 80 from the > client and remap them to 8080 for dansguardian, dans is then set up > to talk to squid on 127.0.0.1:3128 > > the iptables rules are > > iptables -A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j > REDIRECT --to-ports 8080 iptables -A POSTROUTING -j MASQUERADE > > if I set the rule above to REDIRECT to 3128, the cache works as > expected. If I set it above, I can see traffic in DG and in the > cache log of squid but the target IF address is stripped out and I > seem to be getting a forwarding loop. > > I am not sure what is going on but it seems that Dansguardian is > rewriting the target address and getting squid to loop back on > itself. DG is opening a regular TCP connection from itself (127.0.0.1:*) to Squid (127.0.0.1:3128). Nothing Special. > > All the various versions are current to ubuntu 14.04 although the > dansguardian is a little old in this distro. > > Any pointers would be greatly appreciated. Okay, some pointers... * REDIRECT is NAT interception. * You have DG configured to use Squid port 3128 *without* NAT between them. * You configured Squid to receive NAT traffic on port 3128. * You configured Squid to receive expicitly configured clients (like DG) on port 3129. * you must only send the configured type of traffic to a Squid port. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUK+EoAAoJELJo5wb/XPRjFWcH/1v6l48h2TuDydVuk9p87BMs NZ8IrbcMtkqmNaIoWJ8KapvpFERBDyZVVQ54TX1iVPOUh4nHPskzzc7iZFXK1P5h F+oIqecgaQ+KwbdIRn0YJF5w0XppSiH1aRX3dmbwIHI3ghH7cca7Nj6txHdhyaq0 udlEp+1mteyy+7gbGJTNVR4XCqDPwVfgBzuvMtQFI2C6yqf7OcxqibAW/J9SYp5z XM/Ap8tw7Q2xNC9a8BI/AURb4RkcelMX/iQ1G41oMCKcKEW2BjfOe6AVe0UbT8AD jNDkhsmLqgOHfubiMhRiZHkayy1qcJLapNuyi5XkYcASD1rTtuqKoBhumqiJFrE= =w4j+ -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
