I have an ADSL connection with a modem sagem (NAT) and connect one machine to cable >(fedora17 = 192.168.1.2) into this machine I installed oracle virtualbox and in this I >have two machine connected as network bridged to the modem Sagem (Debian "192.168.1.6" as >server + Ubuntu "192.168.1.7" as the client) I installed squid and squidGuard the couple >on (Debian).
in this server (Debian)Here is my configuration:
##cat /proc/sys/net/ipv4/ip_forward
1
##ls -l /etc/
..
..
lrwxrwxrwx ......squid -> squid3/
..
..
##cd /etc/squid/
ls -l
-rw-r--r-- 1 root root 1547 6 janv. 2012 errorpage.css
-rw-r--r-- 1 root root 421 6 janv. 2012 msntauth.conf
lrwxrwxrwx 1 root root 6 4 févr. 21:49 squid -> squid/
-rw-r--r-- 1 root root 198835 5 févr. 00:02 squid.conf
-rw-r--r-- 1 root root 198764 2 févr. 00:18 squid.conf.old
-rw-r--r-- 1 root root 1350 4 févr. 23:47 squidGuard.conf
-rw-r--r-- 1 root root 1431 3 févr. 20:25 squidGuard.conf.old
/etc/squid3/squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname mysrvhostname
/etc/squid3/squidGuard.conf
time workhours {
weekly mtwhf 08:00 - 16:30
date *-*-01 08:00 - 16:30
}
dest noface
{
domainlist noface/domains
expressionlist noface/expressions
urllist noface/urls
}
acl {
default {
pass !noface all
redirect http://www.google.tn/
}
}
/var/lib/squidGuard/db/noface/domains
facebook.com
free.com
speedtest.com
/var/lib/squidGuard/db/noface/urls
http://www.facebook.com/
https://www.facebook.com/
/var/lib/squidGuard/db/noface/domains.diff
+facebook.com
-debian.org
iptables rules
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
I built the databases and started squid3 like this:
# squidGuard -C all
# squidGuard -u
# /etc/init.d/squid3 restart
Now in my client Ubuntu I set the IP address of my server Debian 192.168.1.6 in the mandatory proxy and the port 3128 and when I hit one of the sites I want to block facebook as customer accede without difficulty
Where is the problem?
Best Answer
The problem is that you are not referencing SquidGuard nowhere to be seen. You'll need a
redirect_program
clause, pointing to your SG binary and configuration.Just check the path to SG binary, I'm not sure of it.