[tproxy] Squid, TPROXY and SquidGuard

Mamadou Touré e2ia.ci at gmail.com
Mon Aug 9 00:10:44 CEST 2010

hi all i'm about to implement a transparent  content filtering using
squid tproxy and squidGuard.
I've tried this:

http_port 3129 tproxy
redirect_program /usr/local/bin/squidGuard -c
/usr/local/squidGuard/squidGuard.conf -d redirect_children 10


my squidGuard.conf

dest  porn {
       domainlist           porn/domains
       urllist              porn/urls
       expressionlist       porn/expressions
       redirect             http://localhost/denied.bl }

acl {
       winxp_1 {
               pass !porn any
       default {
               pass any

HTTP traffic are redirect with:

iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3129

I think that My traffic passthrougth squid.
Because my LAN machine can browse Internet.
But the contents are not filtered because the user can access porn site.
Also  access are not logged in access.log.
Does some one already implement such config ?
Can someone help me?

More information about the tproxy mailing list