On Sun, 2010-08-08 at 22:10 +0000, Mamadou Touré wrote:

hi all i'm about to implement a transparent content filtering using squid tproxy and squidGuard. I've tried this: squid.conf: ++++++++++++++++++++++++++++++++++++++++++++

http_port 3129 tproxy redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf -d redirect_children 10

+++++++++++++++++++++++++++++++++++++++++++++++++

my squidGuard.conf +++++++++++++++++++++++++++++++++++++++++++++++++++++

..... dest porn { domainlist porn/domains urllist porn/urls expressionlist porn/expressions redirect http://localhost/denied.bl }

acl { winxp_1 { pass !porn any } default { pass any } } ...... +++++++++++++++++++++++++++++++++++++++++++++++++++

HTTP traffic are redirect with: +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

I think that My traffic passthrougth squid. Because my LAN machine can browse Internet. But the contents are not filtered because the user can access porn site. Also access are not logged in access.log. Does some one already implement such config ? Can someone help me? regards.

do you also have a policy routing rule that redirects mark 1 traffic to the localhost? -- Bazsi