On 01/21/10 00:49, Joseph wrote: > On 01/20/10 21:24, Adam wrote: >> On 01/20/10 16:53, Joseph wrote: >>> I'm testing squid and want to allow only one domain but it is not >>> working (using iptable + squid) >>> iptable: >>> ACCEPT tcp -- anywhere anywhere tcp >>> dpt:http owner UID match squid >>> ACCEPT tcp -- anywhere anywhere tcp >>> dpt:3128 owner UID match squid >>> REDIRECT tcp -- anywhere anywhere tcp >>> dpt:http redir ports 3128 >> >> Using "owner" is incorrect, as the packets are not locally generated so >> the OS has no user context for them. > > In a squid log I get: > > 1263964263.464 0 192.168.1.5 NONE/400 1828 GET / - NONE/- text/html > > All I have access is to localhost:361 anything else local is denied > including www > What should I use instead of owner? > I was following this guide: > http://www.linux.com/archive/articles/113733
Sorry my mistake, for the OUTPUT chain it makes sense as all those packets are from squid. The log should have a URL after the GET command, ie; 1264070023.044 103 192.168.1.12 TCP_MISS/200 33140 GET http://safebrowsing-cache.google.com/safebrowsing/rd/goog-phish-shavar_a_82561-82720.82561-82614.82615-82720: - DIRECT/150.101.98.208 application/vnd.google.safebrowsing-chunk Have you tried configuring the proxy in your browser to check that squid's working? Once you've established that you then know if you have to fix the squid config or the iptables config