[Server-devel] .6 release and Dansguardian
Devon Connolly
devcon at gmail.com
Sat Oct 17 09:46:12 EDT 2009
Ok. So I'll give you guys an overview of applicable config files to see
if we can't spot the problem. I will only list applicable entries.
First, the basic setup:
2 NICS, onboard and USB. USB nic is eth0 with fixed IP 192.168.1.1. eth1
is bonded to create lanbond0 on 172.168.0.1
I still don't see why all traffic passing through lanbond0 is using squid
and then bypassing dansguardian.
iptables-xs.in:
_______________________________________________________________________________
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
@@SQUID@@
-A POSTROUTING -o @@WAN@@ -j MASQUERADE
-A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8887
-A OUTPUT -p tcp -m tcp --dport 3128 -j REDIRECT --to-ports 8887
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
________________________________________________________________________________
dansguardian.conf
________________________________________________________________________________
filterip =
filterport = 8887
proxyip = 172.18.0.1
proxyport = 3128
daemonuser = 'squid'
daemongroup = 'squid'
_______________________________________________________________________________
squid-xs.conf
_______________________________________________________________________________
cache_effective_user squid
cache_effective_group squid
_______________________________________________________________________________
# nmap -T4 172.18.0.1
_______________________________________________________________________________
Not shown: 1703 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.1 (protocol 2.0)
53/tcp open domain
| zone-transfer:
| notredame.sn. SOA localhost. root.notredame.sn.
| notredame.sn. NS localhost.
| escuela.notredame.sn. CNAME
| library.notredame.sn. A 172.18.0.1
| ntp.notredame.sn. A 172.18.0.1
| presence.notredame.sn. A 172.18.0.1
| school.notredame.sn. A 172.18.0.1
| schoolserver.notredame.sn. A 172.18.0.1
| conference.schoolserver.notredame.sn. A 172.18.0.1
| schoolserver1.notredame.sn. A 172.18.1.1
| schoolserver2.notredame.sn. A 172.18.1.2
| schoolserver3.notredame.sn. A 172.18.1.3
| schoolserver4.notredame.sn. A 172.18.1.4
| schoolserver5.notredame.sn. A 172.18.1.5
| schoolserver6.notredame.sn. A 172.18.1.6
| schoolserver7.notredame.sn. A 172.18.1.7
| schoolserver8.notredame.sn. A 172.18.1.8
| schule.notredame.sn. CNAME
| time.notredame.sn. A 172.18.0.1
| www.notredame.sn. A 172.18.0.1
| xs.notredame.sn. A 172.18.0.1
|_ notredame.sn. SOA localhost. root.notredame.sn.
80/tcp open http-proxy DansGuardian HTTP proxy
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: NOTREDAME)
191/tcp open prospero?
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: NOTREDAME)
873/tcp open rsync (protocol version 30)
3128/tcp open http-proxy DansGuardian HTTP proxy
3306/tcp open mysql MySQL (unauthorized)
8080/tcp open http Python SimpleXMLRPCServer (BaseHTTP 0.3; Python
2.5.1)
8887/tcp open http-proxy DansGuardian HTTP proxy
_____________________________________________________________________________________
What else is applicable?
On Sat, 17 Oct 2009 08:08:47 -0000, Martin Langhoff
<martin.langhoff at gmail.com> wrote:
> On Sat, Oct 17, 2009 at 2:15 AM, Devon Connolly <devcon at gmail.com> wrote:
>> Right, I appended the aforementioned entries to "iptables-xs.in" so that
>> the resulting iptables-xs file reflected the modifications, but the
>> rules
>> still did not take affect.
>
> And you did "/etc/init.d/iptables restart" to make it take effect...
> right? I notice I forgot to mention that key step :-)
>
> (And Jerry's suggested change is also needed.)
>
> cheers,
>
>
>
> m
--
Devon Connolly
More information about the Server-devel
mailing list