Randy Welch <[EMAIL PROTECTED]> writes: > >>That way I can still view activity based on the actual client machine in > >>the sarg report. (since there is no reporting based on the dansguardian > >>log files this works quite well. As a side note there was an option added > >>to allow dansguardian format it output in a format that sarg can process > >>as well.) > >> > >>http://dansguardian.org/downloads/squidxforwardloggingpatch25S1.txt > >> > >>-randy > >> > > > >ok, use the latest squid, DansGuardian and naat packages .. I have applied > >the patch ... > > > > > Thank you. That seems to work! (You have to hand edit the > dansguardian.conf file to make it work, but it's there!)
Why would you need to hand edit it ? What did you change by hand ? > A couple of notes.... > > The setup seems to go much smoother it finds the interface cards fine. > However it seems to believe that the administrative interface is eth0 and > won't let you change it! ( my system has the internal interface on eth1 ) I'll check that ... I never use that ... I simply open the 8443 port on the interface I want ... and that's it my admin interface :o) > > In the default rules there is an entry in the shorewall rules file for > ftp.mnf.mandrake.com on all high ports. That might take some folks by > surprise. Plus if it can't be resolved shorewall will fail. well, that address is for the updates .. maybe I could put it in the description text but not add ii directly ... > For some reason httpd2-naat is not started by default. oh ? it starts fine here .. chkconfig --list httpd2-naat ? > The really odd and somewhat disconcerting item is that I cannot get into > the system via ssh. At first I thought it was a missing rule, which I > added but no joy and I can't seem to find any log entry to show what is > wrong... :-( yeah ... you need to add Sshd:All in /etc/hosts.allow I'll have a look at that btw, what security level are you in ? I use the 4th one. > One question which I've always wanted to ask... > > I have things setup where I have two forms of transparent http proxying: > > 1. DHCP served IP addresses which are in a specific ranges are > re-directed straight to squid, bypassing Dansguardian. (These are > 'trusted' machines. ) (port 8080) > > 2. All other IP Addresses are routed to the default transparent proxy > setup (port 3328) Actually, when you enable the proxy server, the default port is 3328. If you enable DansGuardian, it's default port is 8080. Now, the tricky is the following: in order not to change the client's setup ... when ContentFiltering/DansGuardian is enabled, squid gos to the 8080 port and dansguardian on 3328 so the client goes on DansGuardian first, and then on squid ... > Now what I've always wanted to do is to be able to put the first one in > via the http interface, in a fashion like the MNF created proxy: > 25 REDIRECT lan 3328 tcp www all > > However I want to do the following: > > 24 REDIRECT lan:192.168.200.64/29 8080 tcp www all I understand ... you simply want to add a port and no interface in the destination field ... I'll add that option today ... > The problem is that I can't do the 8080 in the GUI without adding fw: to > it. When I do it like that shorewall fails to restart. -randy thank you for testing, -- Florin Grad http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
