- Posts: 4
- Thank you received: 0
How to integrate between iptables, dansguardian and squid?
18 years 8 months ago #13590
by janekim
I'm newbie in linux as weel as Firewall. Currently i need to develop a project which is to build up a firewall system for school using iptables, dansguardian and squid.
Are there anyone know how to integrate between iptables, dansguardian and squid so that a small LAN can access to internet via firewall?
Thanks in advance.
Are there anyone know how to integrate between iptables, dansguardian and squid so that a small LAN can access to internet via firewall?
Thanks in advance.
18 years 8 months ago #13595
by janekim
Replied by janekim on topic Re: How to integrate between iptables, dansguardian and squid?
thanks DaLigh!
I have went through the thread u suggested, but still i can't solve my problem.
The following are some of my problems:
1. how to write iptables command in order to redirect traffic
client--> dansguardian -->squid --> internet
(client, dansguardian and squid are in a pc)
i have tried the following command, but the browser prompt Access Denial. iptables -A INPUT DROP
iptables -A OUTPUT DROP
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3128 -j REDIRECT --to-port 8080
2. Do i need to make changes to dansguardian.conf and squid.conf in order do the most basic configuration?
the following were the changes i hav done:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
i feel sorry if i asked the stupid question, but i really in lost.
Thanks in advance
I have went through the thread u suggested, but still i can't solve my problem.
The following are some of my problems:
1. how to write iptables command in order to redirect traffic
client--> dansguardian -->squid --> internet
(client, dansguardian and squid are in a pc)
i have tried the following command, but the browser prompt Access Denial. iptables -A INPUT DROP
iptables -A OUTPUT DROP
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3128 -j REDIRECT --to-port 8080
2. Do i need to make changes to dansguardian.conf and squid.conf in order do the most basic configuration?
the following were the changes i hav done:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
i feel sorry if i asked the stupid question, but i really in lost.
Thanks in advance
18 years 8 months ago #13616
by monsky
Replied by monsky on topic Re: How to integrate between iptables, dansguardian and squid?
hi janekim,
sorry to answer you only now.. too busy.
for the purpose of isolating the problem do this first and i assume that your configuration is like this:
stations-->eth0|squid/dansguardian|eth1---- >externalnetwork
1. make sure you already have the right connectiviity, means you you identified your internal network and the external (what is the eth0 and eth1)
2. was the ip forwarding already enabled? the NAT or IP masquerading defined already in the iptables so that is NATted?
3. can you ping from a workstation on the same network of the internal ip of your linux box, even the external ip?
4. leave the default iptables entry but delete these previous entries:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 80
then follow this command in the same sequence.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
port of dansguardian is 8080
the squid is 3128
yes you need to make changes to the ports being used by the squid.conf and dansguardian.conf
dont hesitate to ask
sorry to answer you only now.. too busy.
for the purpose of isolating the problem do this first and i assume that your configuration is like this:
stations-->eth0|squid/dansguardian|eth1---- >externalnetwork
1. make sure you already have the right connectiviity, means you you identified your internal network and the external (what is the eth0 and eth1)
2. was the ip forwarding already enabled? the NAT or IP masquerading defined already in the iptables so that is NATted?
3. can you ping from a workstation on the same network of the internal ip of your linux box, even the external ip?
4. leave the default iptables entry but delete these previous entries:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 80
then follow this command in the same sequence.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
port of dansguardian is 8080
the squid is 3128
yes you need to make changes to the ports being used by the squid.conf and dansguardian.conf
dont hesitate to ask
18 years 8 months ago #13618
by janekim
Replied by janekim on topic Re: How to integrate between iptables, dansguardian and squid?
thanks a lot, monsky. i really apperciate ur help!!
i will try it later on because currently my pc only hav a NIC.
Then, i would like to ask do i need to make changes to squid.conf in order to allow internal network to surf to internet?
i was using the default rules and i had entered:
acl mynetwork src 10.0.0.3/15
http_access allow mynetwork
but the browser keep prompt me access denial, do you have idea what is going on?
thanks and thanks a lot!!
i will try it later on because currently my pc only hav a NIC.
Then, i would like to ask do i need to make changes to squid.conf in order to allow internal network to surf to internet?
i was using the default rules and i had entered:
acl mynetwork src 10.0.0.3/15
http_access allow mynetwork
but the browser keep prompt me access denial, do you have idea what is going on?
thanks and thanks a lot!!
18 years 8 months ago #13628
by monsky
Replied by monsky on topic Re: How to integrate between iptables, dansguardian and squid?
specify the static IP of your internal network ethx in the
http_port x.x.x.x:port line in the squid.conf (e.g 10.0.0.1:3128)
in your example you use:
maybe the right way is :
acl mynetwork src 10.0.0.0/15
http_access allow mynetwork
you put the subnet 10.0.0.0.
http_port x.x.x.x:port line in the squid.conf (e.g 10.0.0.1:3128)
in your example you use:
acl mynetwork src 10.0.0.3/15
http_access allow mynetwork
maybe the right way is :
acl mynetwork src 10.0.0.0/15
http_access allow mynetwork
you put the subnet 10.0.0.0.
Time to create page: 0.140 seconds