| 1 |
On 01/21/10 00:49, Joseph wrote: |
| 2 |
> On 01/20/10 21:24, Adam wrote: |
| 3 |
>> On 01/20/10 16:53, Joseph wrote: |
| 4 |
>>> I'm testing squid and want to allow only one domain but it is not |
| 5 |
>>> working (using iptable + squid) |
| 6 |
>>> iptable: |
| 7 |
>>> ACCEPT tcp -- anywhere anywhere tcp |
| 8 |
>>> dpt:http owner UID match squid |
| 9 |
>>> ACCEPT tcp -- anywhere anywhere tcp |
| 10 |
>>> dpt:3128 owner UID match squid |
| 11 |
>>> REDIRECT tcp -- anywhere anywhere tcp |
| 12 |
>>> dpt:http redir ports 3128 |
| 13 |
>> |
| 14 |
>> Using "owner" is incorrect, as the packets are not locally generated so |
| 15 |
>> the OS has no user context for them. |
| 16 |
> |
| 17 |
> In a squid log I get: |
| 18 |
> |
| 19 |
> 1263964263.464 0 192.168.1.5 NONE/400 1828 GET / - NONE/- text/html |
| 20 |
> |
| 21 |
> All I have access is to localhost:361 anything else local is denied |
| 22 |
> including www |
| 23 |
> What should I use instead of owner? |
| 24 |
> I was following this guide: |
| 25 |
> http://www.linux.com/archive/articles/113733 |
| 26 |
|
| 27 |
Sorry my mistake, for the OUTPUT chain it makes sense as all those |
| 28 |
packets are from squid. |
| 29 |
|
| 30 |
The log should have a URL after the GET command, ie; |
| 31 |
|
| 32 |
1264070023.044 103 192.168.1.12 TCP_MISS/200 33140 GET |
| 33 |
http://safebrowsing-cache.google.com/safebrowsing/rd/goog-phish-shavar_a_82561-82720.82561-82614.82615-82720: |
| 34 |
- DIRECT/150.101.98.208 application/vnd.google.safebrowsing-chunk |
| 35 |
|
| 36 |
Have you tried configuring the proxy in your browser to check that |
| 37 |
squid's working? Once you've established that you then know if you have |
| 38 |
to fix the squid config or the iptables config |
Archives