Francis Daly wrote:
> On 04/01/2008, Darragh <lists at digitaldarragh.com> wrote:
>>>> I set up squid guard and after getting rid of the initial configuration
>> problems, it finally gives me a status of ready to serve in it's logs.
>>>> I've downloaded a reasonably decent blacklist and it's recognising it
>> however when I test squid, it's still not blocking anything.
>>>> I'd say leave out squidGuard until you have plain squid working the
> way you want it to. Adding squidGuard -- after you've done it a few
> times with a few different squid versions -- is relatively
> straightforward, once you've got file permissions correct.
>> On a philosophical note, I'd say trying to do transparent proxying is
> bad, and then transparently filtering stuff is worse. Of course, the
> network manager gets to choose what happens on the network; but I'd be
> slow to try anything other than telling people to use the proxy server
> if they want web access. Depending on the clients used and the rest of
> the network environment, it might just be a config change or two on a
> master server. And it'll remove the element of surprise when they get
> a message from their proxy admin saying why this particular web access
> attempt failed.
>>>> I wanted to test it to make sure that there wasn't something wrong with
>> squids logging and it was definitly not working correctly but it definitly
>> seems like squid just is not getting any traffic.
>>>> As in the earlier reply, I'd look closely at the tcpdump output to see
> whether the traffic was even getting to the squid server.
>> If your client is 192.168.1.6, and is told that its default gateway is
> 192.168.1.5, while the machine that is 192.168.1.5 knows that its
> default gateway is 192.168.1.1 (all on the same subnet), then when the
> .6 machine tries to talk to something remote via .5, .5 will forward
> the traffic to .1 and send an icmp redirect to .6, telling it that for
> this remote host (or possibly a bigger network), .6 should go straight
> via .1 rather than .5. So any future requests, while .6 honours that
> redirect, won't go near .5 and your filtering attempt breaks down.
>> I suspect that something like that might be happening.
Your squid wants to have two network cards on different subnets. Then
the Internet/Router is on a separate network to the clients and only
traffic via squid works.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!