> I think I need some clarification related to the "ident vs. tranparent
> proxy" dilemma
With a transparent proxy you don't make any changes to the individual workstations.
(Which means that <Tools><Internet Options><Connections><LAN Settings><Proxy Server>
is blank.) Web requests leave your browser headed for port 80 on the remote computer,
just as normal. (That's the transparent part!)
Before the request can leave your network, however, an ipchains or iptables rule does
net address translation and redirects the outgoing web request to the port on which
squid is listening. In this process squid (and squidGuard) do not see the true ip
address of the requestor, but instead the ip of the firewall box. The problem arises
when you are trying to control access using the ip addresses, because you aren't
seeing them. Ident is an *answer* to this problem.
> My squidGuard.conf reads:
>
> src admin {
> user jan
> }
> acl {
> admin {
> pass all
> default ...
> }
> }
Well, if it weren't for the '...' I'd ask you if this is really your config file. I
know you've modified it for posting, I just don't know how much. Do you have any
destination declarations? You are missing a '}' after your admin acl.
> But squidGuard blocks nevertheless.
Blocks what? You don't have any destination declarations?
> This is a line from my logfile:
>
> TCP_MISS/403 2515 GET http://www.girls.com/ jan DIRECT/192.168.0.99
> text/html
That's your squid logfile. What is squidGuard telling you in its log file(s)?
If you had destination groups I'd give you the same advice I gave earlier:
My suggestion there would be to give every destination group its own log file:
-------------
dest porn {
domainlist porn/domains
urllist porn/urls
logfile porn.log
}
-------------
(You will need to manually create each of these log files and correct set file
ownership and permissions.) Then bounce squid.
You can look at these log files to find out why you are being blocked. It's very
helpful for debugging.
I hope this helps!
Rick Matthews
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Jan
> Klaverstijn
> Sent: Friday, May 10, 2002 3:32 PM
> To: Squidguard Mailing List
> Subject: Re: Authentication question
>
>
> I think I need some clarification related to the "ident vs. tranparent
> proxy" dilemma as mentioned in
> http://www.maynidea.com/squidguard/ident.html. I installed the identd
> program on my WinXP and Win2K machines (thanks Rick for the reference). When
> I simply add
>
> httpd_accel_host virtual
>
> to my squid.conf.
> My squidGuard.conf reads:
>
> src admin {
> user jan
> }
> acl {
> admin {
> pass all
> default ...
> }
> }
>
> I neatly get my identity "jan" plus the correct IP in the squid access
> logging. But squidGuard blocks nevertheless. Does this mean I just prooved
> the dilemma since squid knows who I am and where I come from, but passes
> something else to squidGuard? Or is there something else? This is a line
> from my logfile:
>
> TCP_MISS/403 2515 GET http://www.girls.com/ jan DIRECT/192.168.0.99
> text/html
>
> Regards,
> Jan.
>
>
