1 |
On 01/21/10 00:49, Joseph wrote: |
2 |
> On 01/20/10 21:24, Adam wrote: |
3 |
>> On 01/20/10 16:53, Joseph wrote: |
4 |
>>> I'm testing squid and want to allow only one domain but it is not |
5 |
>>> working (using iptable + squid) |
6 |
>>> iptable: |
7 |
>>> ACCEPT tcp -- anywhere anywhere tcp |
8 |
>>> dpt:http owner UID match squid |
9 |
>>> ACCEPT tcp -- anywhere anywhere tcp |
10 |
>>> dpt:3128 owner UID match squid |
11 |
>>> REDIRECT tcp -- anywhere anywhere tcp |
12 |
>>> dpt:http redir ports 3128 |
13 |
>> |
14 |
>> Using "owner" is incorrect, as the packets are not locally generated so |
15 |
>> the OS has no user context for them. |
16 |
> |
17 |
> In a squid log I get: |
18 |
> |
19 |
> 1263964263.464 0 192.168.1.5 NONE/400 1828 GET / - NONE/- text/html |
20 |
> |
21 |
> All I have access is to localhost:361 anything else local is denied |
22 |
> including www |
23 |
> What should I use instead of owner? |
24 |
> I was following this guide: |
25 |
> http://www.linux.com/archive/articles/113733 |
26 |
|
27 |
Sorry my mistake, for the OUTPUT chain it makes sense as all those |
28 |
packets are from squid. |
29 |
|
30 |
The log should have a URL after the GET command, ie; |
31 |
|
32 |
1264070023.044 103 192.168.1.12 TCP_MISS/200 33140 GET |
33 |
http://safebrowsing-cache.google.com/safebrowsing/rd/goog-phish-shavar_a_82561-82720.82561-82614.82615-82720: |
34 |
- DIRECT/150.101.98.208 application/vnd.google.safebrowsing-chunk |
35 |
|
36 |
Have you tried configuring the proxy in your browser to check that |
37 |
squid's working? Once you've established that you then know if you have |
38 |
to fix the squid config or the iptables config |