Re: [Server-devel] .6 release and Dansguardian
On Sat, 2009-10-17 at 00:15 +, Devon Connolly wrote: > Right, I appended the aforementioned entries to "iptables-xs.in" so that > the resulting iptables-xs file reflected the modifications, but the rules > still did not take affect. Those entries can't just be appended, you would have to place them in a specific place in that file. Note the *nat at the top, that is the table you need to add the rules to, add the rules above that first COMMIT. Since were doing the nat table and iptables is implied we just have to use the rest of the rule statement. *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] @@SQUID@@ -A POSTROUTING -o @@WAN@@ -j MASQUERADE -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8887 -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8887 COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT Hope that is the fix for you Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] .6 release and Dansguardian
Right, I appended the aforementioned entries to "iptables-xs.in" so that the resulting iptables-xs file reflected the modifications, but the rules still did not take affect. Dansguardian only seems to be working locally (on the server) but not on any computers in the LAN. If said entries are not appended to iptables-xs.in, Dansguardian does not work on the server or lan. I am yet to figure out why the port forwarding rules are not working LAN-side. So why are requests passing through port 3128 not being redirected to port 8887? Something else seems to be amiss as the rules have been applied to iptables. On Fri, 16 Oct 2009 18:01:25 -, Martin Langhoff wrote: > On Fri, Oct 16, 2009 at 4:08 PM, Devon Connolly wrote: >> >> I'm not sure what I am overlooking but was anything changed in .6 that >> could be breaking my Dansguardian install? My iptables are set up as >> before adding the following entries: > > Hi! Yes, there has been a change in iptables, to better support use of > other devices as the WAN port (wlan0, ppp0, etc). > > You now want to look at /etc/sysconfig/olpc-scripts/iptables-xs.in -- > note the trailing '.in' -- this gets processed by > /etc/syscofnig/olpc-scripts/gen-iptables to generate > /etc/sysconfig/olpc-scripts/iptables-xs > > hth, > > > > m -- Devon Connolly ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] .6 release and Dansguardian
On Fri, Oct 16, 2009 at 4:08 PM, Devon Connolly wrote: > > I'm not sure what I am overlooking but was anything changed in .6 that > could be breaking my Dansguardian install? My iptables are set up as > before adding the following entries: Hi! Yes, there has been a change in iptables, to better support use of other devices as the WAN port (wlan0, ppp0, etc). You now want to look at /etc/sysconfig/olpc-scripts/iptables-xs.in -- note the trailing '.in' -- this gets processed by /etc/syscofnig/olpc-scripts/gen-iptables to generate /etc/sysconfig/olpc-scripts/iptables-xs hth, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] .6 release and Dansguardian
I'm not sure what I am overlooking but was anything changed in .6 that could be breaking my Dansguardian install? My iptables are set up as before adding the following entries: iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8887 iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8887 It seems everything coming in on the LAN interface is running through squid but then not redirected to dansguardian. Dansguardian is functioning normally on the server via lynx. Dansguardian access log isn't picking up anything when accessing the net from the LAN. Squid access log is also not reporting anything unusual. Thanks for any insight ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel