Ok. So I'll give you guys an overview of applicable config files to see if we can't spot the problem. I will only list applicable entries. First, the basic setup:
2 NICS, onboard and USB. USB nic is eth0 with fixed IP 192.168.1.1. eth1 is bonded to create lanbond0 on 172.168.0.1 I still don't see why all traffic passing through lanbond0 is using squid and then bypassing dansguardian. iptables-xs.in: _______________________________________________________________________________ *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] @@SQUID@@ -A POSTROUTING -o @@WAN@@ -j MASQUERADE -A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner squid -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8887 -A OUTPUT -p tcp -m tcp --dport 3128 -j REDIRECT --to-ports 8887 COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT ________________________________________________________________________________ dansguardian.conf ________________________________________________________________________________ filterip = filterport = 8887 proxyip = 172.18.0.1 proxyport = 3128 daemonuser = 'squid' daemongroup = 'squid' _______________________________________________________________________________ squid-xs.conf _______________________________________________________________________________ cache_effective_user squid cache_effective_group squid _______________________________________________________________________________ # nmap -T4 172.18.0.1 _______________________________________________________________________________ Not shown: 1703 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.1 (protocol 2.0) 53/tcp open domain | zone-transfer: | notredame.sn. SOA localhost. root.notredame.sn. | notredame.sn. NS localhost. | escuela.notredame.sn. CNAME | library.notredame.sn. A 172.18.0.1 | ntp.notredame.sn. A 172.18.0.1 | presence.notredame.sn. A 172.18.0.1 | school.notredame.sn. A 172.18.0.1 | schoolserver.notredame.sn. A 172.18.0.1 | conference.schoolserver.notredame.sn. A 172.18.0.1 | schoolserver1.notredame.sn. A 172.18.1.1 | schoolserver2.notredame.sn. A 172.18.1.2 | schoolserver3.notredame.sn. A 172.18.1.3 | schoolserver4.notredame.sn. A 172.18.1.4 | schoolserver5.notredame.sn. A 172.18.1.5 | schoolserver6.notredame.sn. A 172.18.1.6 | schoolserver7.notredame.sn. A 172.18.1.7 | schoolserver8.notredame.sn. A 172.18.1.8 | schule.notredame.sn. CNAME | time.notredame.sn. A 172.18.0.1 | www.notredame.sn. A 172.18.0.1 | xs.notredame.sn. A 172.18.0.1 |_ notredame.sn. SOA localhost. root.notredame.sn. 80/tcp open http-proxy DansGuardian HTTP proxy 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: NOTREDAME) 191/tcp open prospero? 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: NOTREDAME) 873/tcp open rsync (protocol version 30) 3128/tcp open http-proxy DansGuardian HTTP proxy 3306/tcp open mysql MySQL (unauthorized) 8080/tcp open http Python SimpleXMLRPCServer (BaseHTTP 0.3; Python 2.5.1) 8887/tcp open http-proxy DansGuardian HTTP proxy _____________________________________________________________________________________ What else is applicable? On Sat, 17 Oct 2009 08:08:47 -0000, Martin Langhoff <martin.langh...@gmail.com> wrote: > On Sat, Oct 17, 2009 at 2:15 AM, Devon Connolly <dev...@gmail.com> wrote: >> Right, I appended the aforementioned entries to "iptables-xs.in" so that >> the resulting iptables-xs file reflected the modifications, but the >> rules >> still did not take affect. > > And you did "/etc/init.d/iptables restart" to make it take effect... > right? I notice I forgot to mention that key step :-) > > (And Jerry's suggested change is also needed.) > > cheers, > > > > m -- Devon Connolly _______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel