[tproxy] Squid, TPROXY and SquidGuard

Balazs Scheidler bazsi at balabit.hu
Mon Aug 9 17:29:40 CEST 2010


On Sun, 2010-08-08 at 22:10 +0000, Mamadou Touré wrote:
> hi all i'm about to implement a transparent  content filtering using
> squid tproxy and squidGuard.
> I've tried this:
> squid.conf:
> ++++++++++++++++++++++++++++++++++++++++++++
> 
> http_port 3129 tproxy
> redirect_program /usr/local/bin/squidGuard -c
> /usr/local/squidGuard/squidGuard.conf -d redirect_children 10
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++
> 
> my squidGuard.conf
> +++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> .....
> dest  porn {
>        domainlist           porn/domains
>        urllist              porn/urls
>        expressionlist       porn/expressions
>        redirect             http://localhost/denied.bl }
> 
> acl {
>        winxp_1 {
>                pass !porn any
>        }
>        default {
>                pass any
>        }
>  }
> ......
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> HTTP traffic are redirect with:
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
> --tproxy-mark 0x1/0x1 --on-port 3129
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> 
> I think that My traffic passthrougth squid.
> Because my LAN machine can browse Internet.
> But the contents are not filtered because the user can access porn site.
> Also  access are not logged in access.log.
> Does some one already implement such config ?
> Can someone help me?
> regards.

do you also have a policy routing rule that redirects mark 1 traffic to
the localhost?


-- 
Bazsi




More information about the tproxy mailing list