Sto cercando di impostare debian affinchè esegua un redirect automatico di tutte le connessioni tcp sulla porta 80 uscenti verso il proxy locale (squid+dansguardian).
Per farlo preso spunto da queste guide:
http://gentoo-wiki.com/HOWTO_setup_a_home-server#Squid
http://gentoo-wiki.com/Dansguardian
Impostando il proxy nelle preferenze del browser funziona tutto perfettamente, solo che rimuovendolo posso navigare in piena libertà, come se i pacchetti non venissero automaticamente inoltrati sulla 8080 locale da questa regola:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
Qualcuno riesce a capire cosa sto sbagliando? Thx.
edit: dimenticavo le configurazioni di squid e di dansguardian:
SquidDansguardian:codice:acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow localhost http_access deny all icp_access allow all http_port 3128 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY access_log /var/log/squid/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache broken_vary_encoding allow apache extension_methods REPORT MERGE MKACTIVITY CHECKOUT icp_port 0 hosts_file /etc/hosts coredump_dir /var/spool/squidcodice:reportinglevel = 3 languagedir = '/etc/dansguardian/languages' language = 'italian' loglevel = 3 logexceptionhits = on logfileformat = 1 filterip = filterport = 8080 proxyip = 127.0.0.1 proxyport = 3128 accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' nonstandarddelimiter = on usecustombannedimage = 1 custombannedimagefile = '/etc/dansguardian/transparent1x1.gif' filtergroups = 1 filtergroupslist = '/etc/dansguardian/filtergroupslist' bannediplist = '/etc/dansguardian/bannediplist' exceptioniplist = '/etc/dansguardian/exceptioniplist' banneduserlist = '/etc/dansguardian/banneduserlist' exceptionuserlist = '/etc/dansguardian/exceptionuserlist' showweightedfound = on weightedphrasemode = 2 urlcachenumber = 3000 urlcacheage = 900 phrasefiltermode = 2 preservecase = 0 hexdecodecontent = 0 forcequicksearch = 0 reverseaddresslookups = off reverseclientiplookups = off createlistcachefiles = on maxuploadsize = -1 maxcontentfiltersize = 256 usernameidmethodproxyauth = on usernameidmethodntlm = off # **NOT IMPLEMENTED** usernameidmethodident = off preemptivebanning = on forwardedfor = off usexforwardedfor = off logconnectionhandlingerrors = on maxchildren = 120 minchildren = 8 minsparechildren = 4 preforkchildren = 6 maxsparechildren = 32 maxagechildren = 500 ipcfilename = '/tmp/.dguardianipc' urlipcfilename = '/tmp/.dguardianurlipc' nodaemon = off nologger = off softrestart = off virusscan = on virusengine = 'clamav' tricklelength = 32768 forkscanlength = 32768 firsttrickledelay = 10 followingtrickledelay = 10 maxcontentscansize = 41904304 virusscanexceptions = on urlcachecleanonly = on virusscannertimeout = 60 notify = 0 emaildomain = 'your.domain.com' postmaster = 'postmaster@your.domain.com' emailserver = '127.0.0.1:25' downloaddir = '/tmp/dgvirus' clmaxfiles = 1500 clmaxreclevel = 3 clmaxfilesize = 10485760 clblockencryptedarchives = off cldetectbroken = off clamdsocket = '/tmp/clamd' avesocket = '/var/run/aveserver' trophiesocket = '/var/run/trophie' sophiesocket = '/var/run/sophie' icapsocket = 'localhost:1344' icapservice = 'icap://localhost/avscan'
Rispondi quotando
