[squid-users] Squd - Dansguardian - Shorewall, Please Help!!

First of all I am not sure if this is a squid problem but it is where the
errors are so I will start here. I have a fc3 box with squid 2.5.11, dg
2.8.0, and shorewall 2.4.2. I have routing and everything working great
with an external interface(eth0), dmz(eth1),and 2 internal lans(eth3,4)
Here is my problem. I am trying to make this a transparent proxy. I am
going to take dans out of the loop and do all testing direct to 3128. My
shorewall rule is
REDIRECT Ol:10.20.0.19 3128 tcp www -
!10.10.1.2

I am only forwarding 1 machine for testing.

If I set my browser to directly connect to the proxy everything outside
the firewall works great, but the server on my dmz gets a (111)
connection refused error.

If I use shorewall to direct my machine the server on my dmz works fine,
but I get this error when I try and access anything outside my box.

The requested URL could not be retrieved

While trying to retrieve the URL: http://yahoo.com/

The following error was encountered:

    Unable to determine IP address from host name for yahoo.com

The dnsserver returned:

    Name Error: The domain name does not exist.

This means that:

 The cache was not able to resolve the hostname presented in the URL.
 Check if the address is correct.

Your cache administrator is root.

I have googled this thing to death for the last 2 weeks, tried varius lug
groups and I am not making any ground. The only difference I see is in
the squid access log is the none and direct with an ip address.

TCP_MISS/503 1466 GET http://mozilla.com/ - NONE/- text/html is from the
shorewall directed machine

TCP_MISS/301 583 GET http://mozilla.com/ - DIRECT/207.126.111.202
text/html is from the browser pointed machine.

Here is my squid.conf file

acl all src 0.0.0.0/0.0.0.0
acl passport dstdomain .passport.com
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Olivia src 10.x.x.x/255.255.255.0
acl Bird src 10.x.x.x/255.255.255.0
http_access allow Olivia
http_access allow passport
http_access allow Bird
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 80 21 443 563 70 210 1025-65535
http_access deny !Safe_ports
acl CONNECT method CONNECT
no_cache deny !SSL_ports

I will be forever greatful to anyone that can help me out with this.
TIA,

Justin Vogt
BOLD Schools
Technology Coordinator
Justin.Vogt@bold.k12.mn.us
(320)523-1031 ext.117
Received on Fri Sep 30 2005 - 08:34:07 MDT