Ah, well, There's your problem I think, smoothwall is running as a transparent proxy if memory serves me correctly so Squid isn't going work with ident. There's no reason you can't get this working though, your clients would need to explicitly use the proxy in some way either setting it in the options of using a PAC file.
As for altering the smoothwall config, you can alter it. I had a version running at my home office for a look-see and I found some problems with the Squid conf as shipped and just changed it around. However, what would work better if you've got any number of clients at all is to build another squid proxy and use the smoothwall as its parent cache. That way you can get a 'better' proxy configuration and more cache space, you also look at not running in the transparent mode. There's nothing wrong with transparent mode but my personal preference is to have the control that PAC files etc give us. Ian -----Original Message----- From: Jaap Lelie [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 14:34 To: Ian Spare; [EMAIL PROTECTED] Subject: RE: ident Hey Ian, My client is indeed running ident; it's a winbox with an ident service installed on it. However, if I telnet to it from my firewall (telnet 192.168.0.2 auth) and enter "1 1 [enter]", I always get this as a respons: "0 , 0 : ERROR : UNKNOWN-ERROR" no matter what I enter upon connection. Slap me silly if I understand. No username or whatever info I might fine usefull. As ident seems to be not-an-option at the moment, I think I'll skip it for the moment. Some background info: my firewall is a smoothwall corporate server version 2.0, for those whose bells are now ringing. I have absolutely no way of tuning the build-in squid, and am quite pleased with its performance in coop with squidguard as is. My thanks to all who have contributed to this discussion. Regards, Jaap. At 10:39 09/27/2002 +0200, Ian Spare wrote: >No, you're being confused I think. You can forget SquidGuard at this point, >your squid log isn't showing any ident so there's nothing to pass to the >redirector at all. Right after the IP address the first "-" ought to have >been the use rid returned by indent and it isn't, ergo there's no point >messing around with Squidguard right now. > >I'd check the client was running indent to start with, something like this >would work : > ># telnet slash-and-burn.domain.com auth >Trying 1.1.1.1 ... >Connected to slash-and-burn.eur.sas.com. >Escape character is '^]'. >1 1 >1 1 : USERID : UNIX : the-real-thing >Connection closed by foreign host. > >There's some useful stuff in the Squid FAQ. It's little strange it's not >working for you, SquidGuard is only a redirector so it's not really very >complex and ident in squid ought not to hard, from a distance I really would >suspect the obvious things like the client not running ident or squid >running in interception/transparent mode. > >Ian > >-----Original Message----- >From: Jaap Lelie [mailto:[EMAIL PROTECTED]] >Sent: Thursday, September 26, 2002 18:25 >To: Ian Spare; 'Neil Watson'; [EMAIL PROTECTED] >Subject: RE: ident > > >Shoot... >My squidguard isn't identing as well. I've followed your tips below, and >inserted a logentry to access.log. This is wat struck me as odd: > >192.168.0.2 - - [26/Sep/2002:18:16:37 +0200] "GET >http://msimg.com/m/r/footer_logo-md.gif HTTP/1.0" 200 1413 >TCP_CLIENT_REFRESH_MISS:DIRECT > >Does this :DIRECT somehow mean that things are bypassed? I also noted that >my all.log (where all dst rules are loggin to) isn't filled at all. >Permissions are set correctly; the log is filled as soon as I remove all >ident stuff. > >Cheers! >Jaap. > >At 09:20 09/25/2002 +0200, Ian Spare wrote: > > > >You say that squid never looks up the id of the user? Is that true? If it >is > >then you're quite obviously wasting your time messing around with > >SquidGuard. If ident is working then you should be getting stuff in the > >access.log for squid, the squid FAQ has plenty of stuff on this but very > >briefly: > > > >make sure squid isn't built with "disable-ident-lookups" > >have lines like this in the squid.conf > >acl all_ident ident src 0.0.0.0/0.0.0.0 > >ident_lookup_access allow all_ident > >cache_access_log /var/log/squid/access.log > > > >Then if you're not seeing lines like this in the access.log then I fail to > >see to how SquidGuard will work either: > > > >1032938238.110 703 1.1.1.1 TCP_CLIENT_REFRESH_MISS/200 1492 GET > >http://windowsupdate.microsoft.com/ident.cab username > >ROUNDROBIN_PARENT/aproxy.somewhere.com application/octet-stream > > > >-----Original Message----- > >From: Neil Watson [mailto:[EMAIL PROTECTED]] > >Sent: Wednesday, September 25, 2002 00:59 > >To: [EMAIL PROTECTED] > >Subject: ident > > > > > >Rick, > > > >Thanks for your help. Alas no luck. The ads.log and the porn.log are >never > >written to. I gather that squid and squidguard never look up the id of the > >user at the browser. Any suggestions. > > > >Neil Watson wrote: > > > I've been trying to make squid and squiguard play nice for hours. > > > Squid works fine on its own. I've installed squidguard to filter > > > adult content. Squidguard never idents the user and therefore uses > > > the default rule of deny. > > > > > >Rick Mathews wrote: > >I can help you get there. Make the changes to your config file > > > >that are marked below: > > > > > logdir /usr/local/squidGuard/log > > > dbhome /usr/local/squidGuard/db > > > > > > > > src neil { > > > ip 10.0.0.10 > > > user neil > > > } > > > > > > > > dest porn { > > > domainlist porn/domains > > > urllist porn/urls > > > > > > > >add> logfile porn.log > >add> redirect > >http://webserver/images/title.php?size=15&text=denied > > > > > > > } > > > > > > > > dest ads { > > > domainlist ads/domains > > > urllist ads/urls > > > > > > > >add> expressionlist ads.expressions # see attached > >add> logfile ads.log > >add> redirect http://webserver/images/1x1.gif # see > >attached > > > > > > > } > > > acl { > > > neil { > > > pass !ads !porn all > > > } > > > > > > > > default { > > > pass none > > > redirect http://webserver/images/title.php?size=15&text=denied > > > } > > > } > > > > > > > >Create: > >/usr/local/squidGuard/log/porn.log > >/usr/local/squidGuard/log/ads.log > >Give them the same ownership and permissions as squidGuard.log. > > > > > >- Make the config changes above and issue 'squid -k reconfigure'. > >- Check the messages in squidGuard.log for errors. > >- Enter a known-blocked porn url in your browser and hit enter. > >- The last (or one of the last) entries in squid's access.log will show > >the request, along with squid's understanding of your ip and ident. > >- The last entry in /usr/local/squidGuard/log/porn.log will show how > >squidGuard handled the request, including the ip and ident received > >from squid, and the source group and destination group from your > >squidGuard.conf file. > > > > > >-- > >Neil Watson > >Network Administrator > >watson-wilson.ca > > > > > >--- > >Incoming mail is certified Virus Free. > >Checked by AVG anti-virus system (http://www.grisoft.com). > >Version: 6.0.391 / Virus Database: 222 - Release Date: 09/19/2002 > > > >--- >Incoming mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.391 / Virus Database: 222 - Release Date: 09/19/2002
