Ok, since I haev to wait moderator approval for over 40KB , I did not attach my files and will have to later on... TIA! Scott Scott Pichelman Systems Administrator Weir Slurry TM North America 2701 S Stoughton Rd Madison WI 53716 USA T: +001 608 226 5615 F: +001 608 221 5807 M: +001 608 279 0368 E: scott.pichelman(a)weirslurry.com W: http://weirslurry.com ----- Forwarded by Scott Pichelman/US/WAR/Weir on 06/30/2004 09:55 AM ----- Scott Pichelman/US/WAR/Weir 06/30/2004 09:36 AM To wlug(a)list.waikato.ac.nz cc Subject Transparent Proxy install - RH linux 7.3(2.4.20-28.7) updated via RHN w/ IPtables enabled & Squid 2.5-Stable5 w/ Dansguardian-2.6.1 & AV plug-in. Hi all, Can anyone help me out with my dilemma? Here is a brief overview of my situation... Research: I have been trying to get the above mentioned to work for some time! I have read Doc from these sources: http://dansguardian.org/?page=documentation http://dansguardian.org/?page=dgflow http://www.nyetwork.org/wiki/DansGuardian And...other posts/threads and doc as well! Mission: We are a mid-sized organization trying to set-up a Proxy server to cache & filter requests from Windows users. We "would" like to set-up all the above in the email "subject" line on one machine. Can we use it as a gateway like transparent proxying suggests? Can I use a test machine w/ a "DHCP" address & will the FW(iptables) still work properly? In what order should I configure, whast type of logging could I use to troubleshoot? I know it has been done and I have little time now, sigh. So, I found your list while searching google noticed that WPAD might be a better way to go, is this true in some cases? We do not want to have to change "browser settings" on all of the client machines. I am unfamiliar with a transparent proxy versus other options but wonder if someone could help me out with doc? Finally, I may be missing something very easily, if so, please forgive my carelessness. Is there a simple procedure to follow so I install simply and than add complexity as I go? Tryed installing one app at a time starting w/ Squid then DG w/ plug-in, then IP tables but to no avail... I used the standard config files in many cases and will attach those files. The errors I receive are when setting my browser to "direct connection" are "ERROR Requested URL could not be retrieved" & "Access Denied". There have been times when Squid/DG & IPtables filtering seem to work, but would filter "all" sites most of the time. Most of the time when I enable the FW or IPtables it does not seem to work correctly. Meanwhile, I am trying a new distro - RH AS 2.1 server and will patch 2/ up2date. Please view my attached doc and conf files. root(a)Linux-Test dansguardian]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.2.8 on Tue Jun 29 16:49:36 2004 *nat :PREROUTING ACCEPT [22:4542] :POSTROUTING ACCEPT [1:132] :OUTPUT ACCEPT [1:132] -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 COMMIT # Completed on Tue Jun 29 16:49:36 2004 # Generated by iptables-save v1.2.8 on Tue Jun 29 16:49:36 2004 *filter :INPUT ACCEPT [627:56813] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [293:29548] -A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 3128 -j DROP COMMIT # Completed on Tue Jun 29 16:49:36 2004 Any help is greatly appreciated, if possible. Thanks. Scott Scott Pichelman Systems Administrator Weir Slurry TM North America 2701 S Stoughton Rd Madison WI 53716 USA T: +001 608 226 5615 F: +001 608 221 5807 M: +001 608 279 0368 E: scott.pichelman(a)weirslurry.com W: http://weirslurry.com The information contained in this email (including any attachments) is confidential, subject to copyright and for the use of the intended recipient only. If you are not the intended recipient please delete this message after notifying the sender. Unauthorised retention, alteration or distribution of this email is forbidden and may be actionable. Attachments are opened at your own risk and you are advised to scan incoming email for viruses before opening any attached files. We give no guarantee that any communication is virus-free and accept no responsibility for virus contamination or other system loss or damage of any kind.