Ok, since I haev to wait moderator approval
for over 40KB , I did not attach my files and will have to later on...
TIA!
Scott
Scott Pichelman
Systems Administrator
Weir Slurry TM
North America
2701 S Stoughton Rd
Madison WI 53716 USA
T: +001 608 226 5615
F: +001 608 221 5807
M: +001 608 279 0368
E: scott.pichelman@weirslurry.com
W: http://weirslurry.com
----- Forwarded by Scott
Pichelman/US/WAR/Weir on 06/30/2004 09:55 AM -----
Scott Pichelman/US/WAR/Weir
06/30/2004 09:36 AM
To
wlug@list.waikato.ac.nz
cc
Subject
Transparent Proxy install
- RH linux 7.3(2.4.20-28.7) updated via RHN w/ IPtables enabled & Squid
2.5-Stable5 w/ Dansguardian-2.6.1 & AV plug-in.
Hi all,
Can anyone help me out with my dilemma?
Here is a brief overview of my situation...
Research:
I have been trying to get the above
mentioned to work for some time!
I have read Doc from these sources:
http://dansguardian.org/?page=documentation
http://dansguardian.org/?page=dgflow
http://www.nyetwork.org/wiki/DansGuardian
And...other
posts/threads and doc as well!
Mission:
We are a mid-sized organization trying
to set-up a Proxy server to cache & filter requests from Windows users.
We "would" like to set-up
all the above in the email "subject" line on one machine.
Can we use it as a gateway like transparent
proxying suggests?
Can I use a test machine w/ a "DHCP"
address & will the FW(iptables) still work properly?
In what order should I configure, whast
type of logging could I use to troubleshoot?
I know it has been done and I have little
time now, sigh.
So, I found your list while searching
google noticed that WPAD might be a better way to go, is this true in some
cases?
We do not want to have to change "browser
settings" on all of the client machines.
I am unfamiliar with a transparent proxy
versus other options but wonder if someone could help me out with doc?
Finally, I may be missing something
very easily, if so, please forgive my carelessness.
Is there a simple procedure to follow
so I install simply and than add complexity as I go?
Tryed installing one app at a time starting
w/ Squid then DG w/ plug-in, then IP tables but to no avail...
I used the standard config files in
many cases and will attach those files.
The errors I receive are when setting
my browser to "direct connection" are "ERROR Requested URL
could not be retrieved" & "Access Denied".
There have been times when Squid/DG
& IPtables filtering seem to work, but would filter "all"
sites most of the time.
Most of the time when I enable the FW
or IPtables it does not seem to work correctly.
Meanwhile, I am trying a new distro
- RH AS 2.1 server and will patch 2/ up2date.
Please view my attached doc and conf
files.
root@Linux-Test dansguardian]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.2.8 on Tue Jun 29 16:49:36 2004
*nat
:PREROUTING ACCEPT [22:4542]
:POSTROUTING ACCEPT [1:132]
:OUTPUT ACCEPT [1:132]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
COMMIT
# Completed on Tue Jun 29 16:49:36 2004
# Generated by iptables-save v1.2.8 on Tue Jun 29 16:49:36 2004
*filter
:INPUT ACCEPT [627:56813]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [293:29548]
-A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 3128 -j DROP
COMMIT
# Completed on Tue Jun 29 16:49:36 2004
Any help is greatly appreciated, if
possible.
Thanks.
Scott
Scott Pichelman
Systems Administrator
Weir Slurry TM
North America
2701 S Stoughton Rd
Madison WI 53716 USA
The information contained in this email (including any attachments) is confidential, subject to copyright and for the use of the intended recipient only. If you are not the intended recipient please delete this message after notifying the sender. Unauthorised retention, alteration or distribution of this email is forbidden and may be actionable.
Attachments are opened at your own risk and you are advised to scan incoming email for viruses before opening any attached files. We give no guarantee that any communication is virus-free and accept no responsibility for virus contamination or other system loss or damage of any kind.