The squid/squidGuard box has two interfaces 172.16.0.0 network and one public. We have IPTABLES doing the NAT on the same box and forwarding requests to Squid and in turn to squidguard.
However, I have found the solution to my problem!! I looked in my squid.conf and found: # TAG: client_netmask # A netmask for client addresses in logfiles and cachemgr output. # Change this to protect the privacy of your cache clients. # A netmask of 255.255.255.0 will log all IP's in that range with # the last digit set to '0'. client_netmask 255.255.0.0 Therefore all client addresses were identified as 172.16.0.0. Since changing this to 255.255.0.0, I now have each client IP address logged and this allows the source group to work by IP address. Thanks for your help, Allan >>> "Rick Matthews" <[EMAIL PROTECTED]> 04/04/02 03:01pm >>> > The porn group was only an example, I > don't want you to think out technicians > browse porn all day! No, of course not! No one can do that *all day*. ;-) > However the log file does show some interesting > results. Hey, I *live* for interesting results! > All clients are being identified as 172.16.0.0; The 172.16. series is reserved for private ip space, so there is a box/router that is doing net address translation (NAT) for you. Your squid/squidGuard box is apparently outside of your private network. Is that the case? Rick -----Original Message----- From: Allan de Borde [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 2:41 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Hi, The porn group was only an example, I don't want you to think out technicians browse porn all day! Anyway, I have applied the changes as you suggested and I have no change. However the log file does show some interesting results. All clients are being identified as 172.16.0.0; 2002-04-04 09:25:12 [2623] Request(default/porn/-) http://www.bearshare.com/ 172.16.0.0/- - GET 2002-04-04 09:29:48 [2622] Request(default/porn/-) http://www.sex.com/ 172.16.0.0/- - GET 2002-04-04 09:27:44 [2622] Request(default/porn/-) http://stats.hitbox.com/buttons/380.gif 172.16.0.0/- - GET Have you any ideas how to solve this as I didn't install squid, this was on before I started working here. I have just installed squidGuard, Thanks so far, Allan >>> "Rick Matthews" <[EMAIL PROTECTED]> 04/04/02 05:18am >>> > I am trying to block porn to all users > except one group. The category porn is > filtering fine under default, however I > cannot get the "techs" group to by pass > SquidGuard. And I know how tough it is to get any work out of the techs if you take their porn away! > My machine is 172.16.1.55 and it sill gets > blocked and interestingly enough, all > machines on the cgi page are identified as > 172.16.0.0 Or it could be displaying 172.16.0.0 all the time and ignoring the true ip? Let's do a little research. I want you to add this line: logfile /usr/local/squidGuard/log/porn.log to the porn group section, like this: dest porn { domainlist porn/domains urllist porn/urls logfile /usr/local/squidGuard/log/porn.log } >From a command line enter: touch /usr/local/squidGuard/log/porn.log Then go change the ownership and permissions on porn.log to match squidGuard.log. While you're making changes in squidGuard.conf, you might want to check to see if "any" is interchangeable with "all". Or you could save time and just change the "any"s to "all". (pass all & pass !porn all) After making the changes, do a squid -k reconfigure. Now each time a machine is redirected because of a hit in the porn database, it will be logged in that porn.log, including the ip for that box. Find out what that tells you and see if it helps the cause... Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Allan de Borde Sent: Wednesday, April 03, 2002 8:40 AM To: [EMAIL PROTECTED] Subject: Hi, Hi, I am trying to block porn to all users except one group. The category porn is filtering fine under default, however I cannot get the "techs" group to by pass SquidGuard. My machine is 172.16.1.55 and it sill gets blocked and interestingly enough, all machines on the cgi page are identified as 172.16.0.0 so I think this is why my source group is not working. Here is my squidGuard.conf logdir /usr/local/SquidGuard/log dbhome /usr/local/squidGuard/db src techs { ip 172.16.1.55 } dest porn { domainlist porn/domains urllist porn/urls } acl { techs { pass any } default { pass !porn any redirect http://172.16.0.1/cgi-bin/squid/squidtester.cgi?clientaddr=%a&client name=%n&clientuser=%i&clientgroup=%s&url=%u } } Any help would be appreciated, Thanks
