Server :: Using Squid And Dansguardian On Fedora 12?
Jan 15, 2011
I've been pulling my hair out and can't figure out what's wrong. I have dhcp, squid, and dansguardian all running on my server, but when I point a client to it for a proxy (192.168.1.15:8080) and try to get to a website, nothing happens and the connection times out. When I don't bother with the proxy, the client has no trouble getting to the internet. I've verified I can ping the server and gateway from both machines. And the services are running, no errors noted in the logs. Do I need to do any iptables or selinux changes?
My network is very basic, several clients on the same network as the server, connected to a verizon gateway. Local addresses are 192.168.1.x. The server is 192.168.1.15, gateway is 192.168.1.1.
I have around 9 squid proxy servers and going to deploy Dansguardian on all of them. But I feel managing individual copy/server would be an tedious job hence please let me know if any one aware of centralized management solution for Squid+Dansguardian? Or if not let me know if you are aware of any such other Open Source product.
I have squid running perfectly and I added MySQL Squid Access Report 2.1.4 and the reports works just fine. The problem its when I add a dansguardian content filter, from that moment the only IP address that appears on the report its the box itself (I have all running on the same box).
IPtables forward requests to port 8080 Dansguardian listening on port 8080 forwards to squid on port 3128 Squid on port 3128 to internet (Here I review the logs with MySar).
I know it is because the actual http request for Squid came from Dansguardian's IP address (its the job of the proxy). how to have the real IP address on the reports.
can anyone give me the solution how to configure dansguardian on squid transparent proxy.i m using linux - slackware squid - squid-2.6-stable18 dansguardian - 2.10.1.1
I would like to be able to get squid or dansguardian to authenticate a user account against active directory so that a users browsing activities can be logged.
I can find lots a very useful info on how to set up ntlm_auth etc, but all of these methods produce a pop up window when the user launches the browser.
I'm posting this thread because I would like to be able to authenicate, but without a pop up window. Is there a way of automatically carrying out this authentication so that the user is unaware of it.
We've previously attempted authenticating against an NT4 PDC, but the users worked out that they could use any user account on the network, not just the user that was logged in which kinda defeated the whole idea of logging the users activity.
My current setup is:
Windows 2003 AD Windows XP Clients, soon to be converted to windows 7. Fedora 11 running squid and dansguardian.
I have installed dansguardian and squid on my home computer and I need to configure them. the only problem I couldn't find any manual only one for opensuse 9. And even there the part after "acl CONNECT method CONNECT" doesn't make any sense to me.
I have installed squid and dansguardian on my server, I also setup my iptables to forward port 80 communication to port 3128 (squid). I also have remove the comment on /etc/dansguardian/dansguardianf1.conf (line "bannedextensionlist") hoping that my server would block download. But it isn't, it still download file no matter I add in /etc/dansguardian/lists/bannedextensionlist. Oh yeah, I also add this line to my /etc/squid/squid.conf
I am looking to redesign my network which I'll get into bellow but basically i am looking to setup an transparent/bridged firewall with squid and dansguardian. However, I want to require LDAP authentication to access internet. You'll understand why from diagram below.
My question is, since bridged firewalls operate at layer 2 and have no/require no IP address, can you access higher layered apps with them? Example would be to have the proxy authenticate to LDAP system to check for valid user and valid net permissions, server has to somehow send a reply back, so without an IP, this can't happen right.
Below are two designs I am looking into implementing. Everything Internally will be Authenticated against LDAP with a small possibility of some public servers using LDAP too, but in my way of thinking anything using LDAP would should be behind the router on private link. FYI, the PROXY and the Linux Router would be two physically separate systems. So I guess my second question would be, can systems outside private network access limited internal services securely and be restricted at the same time?
I am trying to learn DansGuardian for content filtering, but for some reasons it is NOT working for me. equest is directly getting routed to SQUID, it should come first to DansGuardian and then to SQUID.I have created the below scenario on CENTOS 5.5 boxes.
Code: 192.168.0.10box1.test.comYUM/HTTP SERVER 192.168.0.20box2.test.comYUM/HTTP CLIENT, SQUID SERVER
I have a proxy server (squid-3) that I would like to setup Dansguardian to do additional web filtering.
The system:
Ubuntu 10.10 - all updates as of today Dansguardian - 2.10.1.1-2ubuntu0.1 (latest update) Squid3 - latest update (not squid 2.7) Webmin - 1.530 (all updates) Webmin dansguardian module - 0.7.1
Ok - I have all of the above installed. When I go to the DG module page in Webmin, I get the following:
Warning - the version of DansGuardian you have is not supported by this Webmin module version Webmin Module Version 0.7.1 supports DG version 2.10 (& 2.9) Currently installed DG version
This obviously makes no sense, since I am running DG version 2.10.1...
PS. I have squid installed, but not configured (still tinkering) - could this be the problem? That squid needs to be running for DG to work?
I want to block yahoo mail chat in dansguardian. I had google few thing I come to know that I need to do this. Locking DNS lookups to webcs.msg.yahoo and httpcs.msg.yahoo by returning 127.0.0.1. I haven't have dns configured. So what I need to do solve this problem. I had tried by making an entry in etc hosts file. but it didn't worked.
I have configured squid with AD. It is working fine. Now I want to use dansguardian with squid for web filtering on group bases, what should I do. What configuration i have to do in squid for dansguardian and all my users in AD also authenticate with dansguardian and also how I use dansguardian.
I have Squid and Dans set up on a passthrough box with 2 nics, port 80 requestsEverything is working great. I need to know if there is a way to set up Dansguardian so that a user can enter a password on a blocked page to access it.
installed dansguardian and now working fine.I got a small problem. People bypassing proxy settings in firefox, means they go to settings and changes proxy settings to no proxy.. how to prevent this? How can I force people to use proxy to connect Internet? I done some googling but, unable to find a solution.
is this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
linux i have configured squid with dansguardian but not able to block the sites and url.. i am accessing dansgaurdian through webmin.. please help me out in the above (with screen shots)
My squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
I would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
There is this server running squid and dansguardian as proxy for the local network. Everything is working fine. But I have seen that from time to time the danguardian dies out and fails to respond to shutdown or restart commands. And this is because of the binary located at /usr/local/sbin named dansguardian goes empty. There are multiple instances and hence copying another named dansguardian.2 to dansguardian does it. And dansguardian works normally as it should. Looked into dmesg and /var/log/messages but nothing there. It was compiled and not installed from pre compiled binaries. And runs on CentOS5.4 Final.
I'm having some problems allowing websites with the word essex in the domain name. I've been running dansguardan for some time now and have managed to make rules to allow and disallow sites, but I've now hit a brick wall on the latest request from staff here. which config file i need to edit.I've tried adding *essex*.* to the exceptionsitelist, but these sites are still blocked. Example sites are [URL]
I have 4 servers running squid/3.1.1 proxy server. Since the latest version I can no longer FTP. I have posted this problem in multiple places but have received almost no response. I've found several other post to this problem throughout the Internet which have also gone unanswered. So, once again, I thought I'd give it a try. As I said "I have 4 servers running the newest version of Squid". When I try to access an ftp, any ftp, I receive an error (check attached image). This was never a problem until just recently. Squid should work perfectly find with ftp, it is not a strictly http proxy.
I turned my firewall off just to make sure, still had the same issue. If I jump directly on the server itself with no proxy settings set in the browser it will work fine. As soon as I set the browser setting to access the Squid software I get the same error. I've included my squid config (which is unchanged from the default settings), maybe somebody better versed than myself can point out an obvious flaw. Everything else seem to work just fine, it's only FTP that's a problem.
I want to configure squid server with SSL so that users send clear text username/password and also data in encrypted mode. i googled but all of the configuration is for reverse proxy not requests from users to proxy server in LAN for example.
I just saw that my network is slowed so I watches the /var/log/squid/access.log where I get this line continuously....
[Code]....
I thought that someone running any script so I disconnect all my LAN connection (simply removed the local lan cable) but I saw the connections is going on....so I watch the processes on proxy server but nothing suspicious....So I change my static IP and the spamming stops (I say it is spam b'coz the IP 203.188.197.10 is of yahoomail.com ) but I when I am putting my OLD ip back the connection starts again......I want to put back my old static IP b'coz I have configured it for many services. Is there any spyware on my machine or someone configured my IP?
My Proxy finally had a hard drive failure after 4 years of flawless service.So I'm building a new one. Got everything up and running except Dansguardian.
If I do a yum install dansguardian it does the install and all looks great until I go to the /etc/dansguardian folder. I'm missing all my folders and configuration files. For example:
exceptionsitelist bannedsitelist.... yadaa yadaa
Is there a problem on the repo (I'm using the default repo for fedora 11) or has there been a step changed since the last time I loaded this that I'm unaware of and unable to find a fix for?
I am using squid on my fedora box as a proxy server.By default the iptables (Firewall) service is on.To allow web pages to my client machines i stop the iptable service.
#service iptables stop
By doing it client computers start browsing.kindly how can I add a rule so that without stoping firewall client compter work fine.my perver IP address is 10.1.80.10
There is squid 3.1.8 on a Fedora 12 server with 2 GB of RAM. It is used for sharing the Internet for approximatively 80 PC's. The problem is that it is really a memory hog, when enabling delay pools. I am using the following configuration for the memory pools:
There are moments when the squid process uses approximatively all the RAM and goes into swapping. After that I restart it, it goes well for a while and again eats up all the memory. On the Internet it says that Squid uses a lot of memory, but should it use 2 GB of memory, even if all 80 people are online at the same time?
Squid document says that Squid accepts only HTTP requests but speaks FTP on the server side when FTP object are requested.
We call Squid HTTP and FTP caching proxy server. Does it also caches FTP contents? Is it possible to configure FTP clients to use Squid cache? When we make an FTP request to an FTP site via Squid will it be bypassed?
I want to make a transparent squid proxy server in centos. The squid proxy version is 2.6 stable. I made a normal squid server but want to make it transparent so that users do not need to enter the proxy settings in web browser. Even i searched about this on google but not getting it properly.I have two lan cards on centos system. ETH1 used for LAN and ETH2 used for WAN. And in this squid.conf i written "http_port 172.16.31.1:3128 transparent" and i also added a rule in iptables which is "iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128" but still i have to enter proxy settings at client's web browser to use internet
I would like to install and configure Transparent squid proxy on a gateway server ,but i dont have a local OR intranet DNS server.I am facing issues do that ,regard .My IP series is 192.168.1.1/24
