Results 1 to 3 of 3
OK, I am trying to set up a simple unit to cache/save bandwidth and filter the kid's internet. I'm using Fedora. I downloaded the Squid source, compiled, make, installed. I ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 05-09-2006 #1
- Join Date
- Oct 2004
Setting up Squid/Dansguardian - I keep getting "Access Denied."
OK, I am trying to set up a simple unit to cache/save bandwidth and filter the kid's internet. I'm using Fedora. I downloaded the Squid source, compiled, make, installed. I change the folder owner of the log/cache folders, and set the cache_effective_user. I set my http_access list to:
# Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user http_access deny to_localhost # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed acl cortiaus src 192.168.0.0/24 http_access allow cortiaus # And finally deny all other access to this proxy http_access deny all
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3128 -j REDIRECT --to-port 8080
ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.hardocp.com/ The following error was encountered: * Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is webmaster. Generated Tue, 09 May 2006 21:50:44 GMT by localhost.localdomain (squid/2.5.STABLE13)
- 06-01-2006 #2
- Join Date
- Jun 2006
iptables rule for squid/dansguardian transparent proxy
Hi - you've probably already resolved your issue by now, but by changing a couple of settings you can use the squid/firewall machine as a transparent proxy, and you won't need to set a proxy server in your client machines browsers.
the iptables rule looks like:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
and you would set "proxyport = 3128" and "proxyip = your.internal.ip.address" in your /etc/dansguardian/dansguardian.conf.
You'll probably also need to set the following to "on" in your squid.conf:
Although those may just be necessary for me as I also serve webpages from apache on this host as well
Now if you want to bypass dansguardian, you can set proxy server in your client browser to your squid host's internal ip address, port 3128.
- 12-08-2007 #3
- Join Date
- Dec 2007
Thanks Milkman_dan -
In my case with redhat 8, Squid-2.6 and configured as a transparent router / bridge aka 'brouter', the Access Denied message was fixed by changing proxyip from 127.0.0.1 to what my bridge was set to; 192.168.1.117 in my case.
Other show stoppers along the way, I recall were:
- enable IP forwarding in /proc/sys/net/bridge
- run iptables as you show
- run ebtables (optional? .. per freshmeat.net: Tutorials - Configuring a Transparent Proxy/Webcache in a Bridge using Squid and ebtables )
- kill the dhclient process on your linux box or it will reassign the IP address of your bridge interface (and to some the NICs as well).... which would no doubt muck up the proxyip setting.
IMPORTANT: If you are using Squid 2.6 and newer, the tags:
Instead, you need this directive:
http_port 3128 transparent
in the squid configuration file.