Florin wrote:
Randy Welch <[EMAIL PROTECTED]> writes:
Thank you. That seems to work! (You have to hand edit theThat way I can still view activity based on the actual client machine in the sarg report. (since there is no reporting based on the dansguardian log files this works quite well. As a side note there was an option added to allow dansguardian format it output in a format that sarg can process as well.)
http://dansguardian.org/downloads/squidxforwardloggingpatch25S1.txt
-randy
ok, use the latest squid, DansGuardian and naat packages .. I have applied the patch ...
dansguardian.conf file to make it work, but it's there!)
Why would you need to hand edit it ?
Because initially squid was logging the ip address of the proxy.
What did you change by hand ?
forwardedfor and xforwardedfor, both to on.
If it has no real meaning, ie the really important item is just the port, the perhaps the admin interface nomenclature should be removed.
A couple of notes....
The setup seems to go much smoother it finds the interface cards fine.
However it seems to believe that the administrative interface is eth0 and
won't let you change it! ( my system has the internal interface on eth1 )
I'll check that ... I never use that ... I simply open the 8443 port on the interface I want ... and that's it my admin interface :o)
In the default rules there is an entry in the shorewall rules file for
ftp.mnf.mandrake.com on all high ports. That might take some folks by
surprise. Plus if it can't be resolved shorewall will fail.
well, that address is for the updates .. maybe I could put it in the description text but not add ii directly ...
For some reason httpd2-naat is not started by default.
oh ? it starts fine here .. chkconfig --list httpd2-naat ?
Yea I had to add it whth check config.
The really odd and somewhat disconcerting item is that I cannot get into
the system via ssh. At first I thought it was a missing rule, which I
added but no joy and I can't seem to find any log entry to show what is
wrong... :-(
yeah ... you need to add Sshd:All in /etc/hosts.allow
Thanks that did the trick.
I'll have a look at that
btw, what security level are you in ? I use the 4th one.
3rd high, not quite parnoid... I might have had it set differently in my last install...
The reasons for doing this actually go back to the earlier inabliity to seperate traffic in the sarg report because everything was going through squid. And I was wanting reporting on a more generic level.
One question which I've always wanted to ask...
I have things setup where I have two forms of transparent http proxying:
1. DHCP served IP addresses which are in a specific ranges are re-directed straight to squid, bypassing Dansguardian. (These are 'trusted' machines. ) (port 8080)
2. All other IP Addresses are routed to the default transparent proxy
setup (port 3328)
Actually, when you enable the proxy server, the default port is 3328.
If you enable DansGuardian, it's default port is 8080. Now, the tricky is the following: in order not to change the client's
setup ... when ContentFiltering/DansGuardian is enabled, squid gos to the
8080 port and dansguardian on 3328 so the client goes on DansGuardian
first, and then on squid ..
What I've done works with no affect on the clients themselves.
Yes you could say that, or at least have something generated that shorewall will accept. If I do it what the GUI and I would consider proper generates this, which shorewall does not like.Now what I've always wanted to do is to be able to put the first one in via the http interface, in a fashion like the MNF created proxy: 25 REDIRECT lan 3328 tcp www all
However I want to do the following:
24 REDIRECT lan:192.168.200.64/29 8080 tcp www all
I understand ... you simply want to add a port and no interface in the
destination field ... I'll add that option today ..
REDIRECT lan:192.168.200.64/29 fw:8080 tcp www - all
(shorewall fails on this)
The problem is that I can't do the 8080 in the GUI without adding fw: to
it. When I do it like that shorewall fails to restart. -randy
thank you for testing,
Thanks for this product!
A couple of other notes...
sarg isn't running right.... It's getting a segmentation violation...
Any word on the time restriction on ports?
Another thing that would be really nice is the ability to serve internal dns information for the local network.
-randy
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
