[squid-users] Re: Squid with Dansguardian is killing apt-get and Spybot updates

From: tcygne <tcygne_at_altonschools.org>
Date: Mon, 15 Feb 2010 19:27:40 -0800 (PST)

How are Squid and DansGuardian chained together? how does that fit with
the firewall interception rules?

I'm not sure what you are asking. The proxy/filter doesn't seem to have any
firewall installed. The traffic is rerouted to the filter by the ddwrt
router box at (192.168.1.1) using the following commands.

#!/bin/sh
PROXY_IP=192.168.1.2
PROXY_PORT=8080
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport
80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j
DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j
SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport
$PROXY_PORT -j ACCEPT
iptables -t nat -I PREROUTING -i br0 -s 192.168.1.5 -j ACCEPT

the final command allows 192.168.1.5 to bypass the filter. This would be the
only device in which apt-get and spybot updates work from. (Nevermind how
one device can do both of those things) It looks like all traffic is
rerouted to port 8080 (dansguardian answers) so maybe it isn't hitting squid
at all. And this isn't a squid issue. ;-( I'm not real slick with iptables,
but maybe the router box is dropping all non port 80 traffic except for
device 192.168.1.5? More than likely apt and spybot use https, so what would
be the iptables rule to allow all traffic on port 443 to bypass the filter?

-- 
View this message in context: http://n4.nabble.com/Squid-with-Dansguardian-is-killing-apt-get-and-Spybot-updates-tp1555460p1556890.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Tue Feb 16 2010 - 03:27:55 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 16 2010 - 12:00:05 MST