всем доброго времени суток...столкнулся с проблемой в настройке связки squid+squidguard...ОС ubuntu server 10.10, squid version 3.1.6, squidguard version 1.4 Berkeley DB 4.7.25настраивая инет канал в локальную сеть.....внешний адрес 10.13.13.90, шлюз 10.13.13.254, локальный 10.10.10.1 сеть 10.10.10.0/32.
squid настроен и работает на локальных машинах на ура, вот конфиг:
# WELCOME TO SQUID 3.1.11
# ----------------------------
#
# This is the default Squid configuration file. You may wish
# to look at the Squid home page (http://www.squid-cache.org/)
# for the FAQ and other documentation.
#
# The default Squid config file shows what the defaults for
# various options happen to be. If you don't need to change the
# default, you shouldn't uncomment the line. Doing so may cause
# run-time problems. In some cases "none" refers to no default
# setting at all, while in other cases it refers to a valid
# option - the comments for that keyword indicate if this is the
# case.
#
#
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
redirect_children 5
redirector_bypass on
#HTTP port
http_port 10.10.10.1:3128
#TAG: maximum odject_size_in_memory
maximum_object_size_in_memory 102400.00 bytes
#TAG: cache_dir
cache_dir ufs /var/spool/squid3/ 4096 32 256
error_directory /usr/share/squid3/errors/Russian-1251
#TAG: dns_nameservers
dns_nameservers 10.13.13.238
http_port 3128 transparent
#GLOBAL SETTINGS
acl localnet src 10.10.10.0/24
acl 10.10.10.10 src 10.10.10.10
http_access allow 10.10.10.10
http_access allow localnet
http_access deny all
acl getway src 10.13.13.254
#acl our_network src 10.13.13.0/24
acl acldomain srcdomain .eisst.local
acl archive urlpath_regex -i \.rar$ \.zip$ \.7z$
acl audio urlpath_regex -i \.mp3$ \.asf$ \.wma$ \.acc$ \.FLACC$
acl video urlpath_regex -i \.avi$ \.mob$ \.vob$ \.3gp$ \.wmw$
acl shell urlpath_regex -i \.cmd$ \.bat
acl execute urlpath_regex -i \.exe$
#getway access
http_access allow getway audio
http_access allow getway video
http_access allow getway archive
http_access allow getway shell
http_access allow getway execute
#localhosts access
http_access allow localnet audio
http_access allow localnet video
http_access allow localnet archive
http_access deny localnet shell
http_access deny localnet execute
#local acces internet at up rulez
#client speed
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 128000/128000
delay_access 1 allow localnet
delay_access 1 deny all
refresh_pattern -i \.gif$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.png$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.jpg$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.jpeg$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.pdf$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.zip$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.tar$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.gz$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.tgz$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.exe$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.prz$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.ppt$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.inf$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.swf$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.mid$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.wav$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.mp3$ 43200 100% 13200 override-lastmod override-expire
устанавливаю SquidGuard с пакетов....прикручиваю к squid'у....запускаю apache (делаю свою страницу на редирект)....качаю базы с блэклистами заливаю /var/lib/squidguard/db/....настраиваю сам squidguard....перезапускаю squid и обновляю базы squidguard'а....пытаюсь зайти на локальной машине в инет пускает так же как и без ограничений....вот конфиг squidguarda и моей базы тестовой...
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /var/lib/squidguard/db
logdir /var/log/squid
#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time workhours {
weekly mtwhf 08:00 - 16:30
date *-*-01 08:00 - 16:30
}
src admin {
ip 10.10.10.10
# user Administrator
# within workhours
}
dest adv {
domainlist adv/domains
urllist adv/urls
redirect http://10.10.10.1/redirect.html
}
dest denylocal {
domainlist denylocal/domains
redirect http://127.0.0.1/redirect.html
}
dest good {
}
dest local {
}
#dest adult {
# domainlist adult/domains
# urllist adult/urls
# expressionlist adult/expressions
# redirect http://admin.foo.bar.de/cgi-bin/squidGuard.cgi?clientaddr=...
#}
acl {
admin {
pass !denylocal all
}
default {
pass local none
# rewrite dmz
# redirect http://admin.foo.bar.de/cgi-bin/squidGuard.cgi?clientaddr=...
}
вот конфиг базы...
mail.ru
vkontakte.ru
запускаю squidGuard -d -C all
root@ubuntu:~# squidGuard -d -C all
2011-11-25 01:42:09 [4032] New setting: dbhome: /var/lib/squidguard/db
2011-11-25 01:42:09 [4032] New setting: logdir: /var/log/squid
2011-11-25 01:42:09 [4032] init domainlist /var/lib/squidguard/db/adv/domains
2011-11-25 01:42:09 [4032] create new dbfile /var/lib/squidguard/db/adv/domains.db
2011-11-25 01:42:09 [4032] init urllist /var/lib/squidguard/db/adv/urls
2011-11-25 01:42:09 [4032] create new dbfile /var/lib/squidguard/db/adv/urls.db
2011-11-25 01:42:09 [4032] init domainlist /var/lib/squidguard/db/denylocal/domains
2011-11-25 01:42:09 [4032] create new dbfile /var/lib/squidguard/db/denylocal/domains.db
2011-11-25 01:42:09 [4032] destblock good missing active content, set inactive
2011-11-25 01:42:09 [4032] destblock local missing active content, set inactive
2011-11-25 01:42:09 [4032] squidGuard 1.4 started (1322214129.181)
2011-11-25 01:42:09 [4032] db update done
2011-11-25 01:42:09 [4032] squidGuard stopped (1322214129.284)
root@ubuntu:~#
смущает последняя строка...если запускаю squidGuard -d
root@ubuntu:~# squidGuard -d
2011-11-25 01:43:19 [4040] New setting: dbhome: /var/lib/squidguard/db
2011-11-25 01:43:19 [4040] New setting: logdir: /var/log/squid
2011-11-25 01:43:19 [4040] init domainlist /var/lib/squidguard/db/adv/domains
2011-11-25 01:43:19 [4040] loading dbfile /var/lib/squidguard/db/adv/domains.db
2011-11-25 01:43:19 [4040] init urllist /var/lib/squidguard/db/adv/urls
2011-11-25 01:43:19 [4040] loading dbfile /var/lib/squidguard/db/adv/urls.db
2011-11-25 01:43:19 [4040] init domainlist /var/lib/squidguard/db/denylocal/domains
2011-11-25 01:43:19 [4040] loading dbfile /var/lib/squidguard/db/denylocal/domains.db
2011-11-25 01:43:19 [4040] destblock good missing active content, set inactive
2011-11-25 01:43:19 [4040] destblock local missing active content, set inactive
2011-11-25 01:43:19 [4040] squidGuard 1.4 started (1322214199.613)
2011-11-25 01:43:19 [4040] Info: recalculating alarm in 22601 seconds
2011-11-25 01:43:19 [4040] squidGuard ready for requests (1322214199.619)
и все...управление терминалу не передает....какие у кого мысли по всему этому поводу....2 день уже сижу на этих граблях....перекапал пол интернета...писал конфиги по готовым шаблонам.....либо squid отваливался, либо на squidguard ругался....в итоге решил оставить своей конфиг сквида...