[Server-devel] .6 release and Dansguardian
Devon Connolly
devcon at gmail.com
Sat Oct 17 13:48:13 EDT 2009
> What is the output of "iptables -t nat -L -v"
>
I can't cite any explicit benefits as this is my first XS install and my
first time using Dansguardian. I'm still getting used to iptables and the
wonderful science of redirecting packets. Google led me to believe this
is the best way to do it so folks have no chance of circumventing DG.
# sudo iptables -t nat -L -v
========================================
Chain PREROUTING (policy ACCEPT 1643 packets, 150K bytes)
pkts bytes target prot opt in out source
destination
2562 138K REDIRECT tcp -- lanbond0 any anywhere
anywhere tcp dpt:http redir ports 3128
0 0 REDIRECT tcp -- mshbond0 any anywhere
anywhere tcp dpt:http redir ports 3128
0 0 REDIRECT tcp -- mshbond1 any anywhere
anywhere tcp dpt:http redir ports 3128
0 0 REDIRECT tcp -- mshbond2 any anywhere
anywhere tcp dpt:http redir ports 3128
Chain POSTROUTING (policy ACCEPT 10613 packets, 544K bytes)
pkts bytes target prot opt in out source
destination
4233 282K MASQUERADE all -- any eth0 anywhere
anywhere
Chain OUTPUT (policy ACCEPT 12189 packets, 670K bytes)
pkts bytes target prot opt in out source
destination
2037 122K ACCEPT tcp -- any any anywhere
anywhere tcp dpt:http owner UID match squid
119 7140 ACCEPT tcp -- any any anywhere
anywhere tcp dpt:squid owner UID match squid
96 5688 REDIRECT tcp -- any any anywhere
anywhere tcp dpt:http redir ports 8887
17 940 REDIRECT tcp -- any any anywhere
anywhere tcp dpt:squid redir ports 8887
=======================================
As you can see, everything 'should' be being redirected from squid to
dansguardian. Before the upgrade, this worked flawlessly, so something
got mixed up with the new configs. It seems to be ignoring the last rule
in the OUTPUT chain. Again, squid access.log reports normal activity, but
dansguardian access.log isn't touched.
This is why I love gentoo cause you know everything that goes into your
build, so troubleshooting is a snap. These highly customized builds that
run off an array of scripts can be tough to navigate unless you are very
familiar how everything works.
More information about the Server-devel
mailing list