*nix Thread, Dansguardian Routing Query in Technical; Round 2:
After finally getting dansguardian to process urls and activate, ive now stumbled into another fiasco, it disabling all ...
24th June 2008, 02:43 PM #1
Dansguardian Routing Query
After finally getting dansguardian to process urls and activate, ive now stumbled into another fiasco, it disabling all internet when I had the iptables rule.
Now that means that it listens on 8080, accepts URL and than tells Squid to deal with the query. I thought using the following iptables command, I could force all incoming 3128 traffic onto port 8080 where DG would do its thing, and than re-route through localhost(Squid) and back out. Is there maybe an infinite loopback occuring here?
filterip = 127.0.0.1 # ??
filterport = 8080 #DG Port
proxyip = 127.0.0.1 #Squid Loopback
proxyport = 3128 #Squid Port
Squid is set to allow locahost
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3128 -j REDIRECT --to-port 8080
Last edited by ahuxham; 24th June 2008 at 02:45 PM.
24th June 2008, 04:18 PM #2
Reading your other post, are you attempting to reverse proxy Internet based requests through dansguardian and then squid and then to an internal webserver?
Or using it as a filtering proxy for internal requests to the Internet?
Layout: INTERNET (port) > SQUID (8080>3128) > LAN
All incoming traffic redirected to 8080 for Dans Guardian, than onto Squid and the lan, via IPtables, however dansguardian will not start, or well its starting
I assume, with your current settings, a client connects to server:3128, they're redirected to server:8080 and nothing happens after that?
Your filterip is set to 127.0.0.1 and port 8080 - you're redirecting requests (if I remember my iptables) from requestedip:3128 to requestedip:8080, so your clients will never access dansguardian as dansguardian is only listening on the server loopback. I'm not sure if specifying 127.0.0.1:8080 would redirect internally and do what you want.
Compared to my dansguardian.conf:
and in /etc/squid/squid.conf
# IP clients access
filterip = 10.X.Y.Z
# the port that DansGuardian listens on.
filterport = 8080
# the ip of the squid proxy
proxyip = 127.0.0.1
# the port DansGuardian connects to proxy on
proxyport = 3128
NB: We use Squid ACLs to allow direct squid access for certain boxes and some apps that don't play nicely with proxies (WSUS, for example).
25th June 2008, 11:17 AM #3
Reverse proxy sure, but not into an internal server.
Clients connect to 192.168.0.xx on port 3128 which in turn I want to redirect into Dansguardian, which in turn goes back out to the internet.
I'm pretty competent with google, and iptables and routing etc, but this has me stumped, too many variables in the mix, iptable, dansguardian, squid conf files.
Any help would be greatly appreciated
26th June 2008, 09:24 AM #4
Do clients need to connect to :3128 or can you set them to request :8080 instead? I ask because normally clients would connect to server:8080 and Dansguardian would redirect the request to Squid on 127.0.0.1:3128, negating the need for IPTables.
26th June 2008, 09:27 AM #5
I see what you did there, and I doubt theres any problem routing that way. I can point my clients to ip_addr:8080 which DG will route into squid. Now whats to stop someone missing DG and going straight into squid?
26th June 2008, 01:19 PM #6
If nothing needs to connect to squid directly - i.e all traffic should go through dansguardian, set squid to just listen on the loopback.
If some things (patch servers etc) still need to access squid directly and don't require access to dansguardian then you'd need to use:
and set up squid acls or firewall rules (or a combination of the two) to allow just the direct access you need. Depending on what you need one may be better than the other, squid acls tend to be a bit more flexible.
26th June 2008, 01:26 PM #7
Thanks for the help Pete!
Last Post: 10th May 2008, 03:51 PM
Last Post: 25th January 2008, 01:17 PM
By markwilliamson2001 in forum Web Development
Last Post: 5th October 2007, 08:43 AM
By callumtuckey in forum How do you do....it?
Last Post: 21st May 2007, 08:43 AM
Last Post: 8th May 2007, 11:30 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)