Hi all, I've been working on getting Dansguardian/Squid configured by the YaST Education module lately. My Dansguardian SCR module writes the configuration files properly, I have per-group filtering setup and configured, but I am having problems getting Dansguardian/Squid to play nicely with SuSEfirewall2. Below is a repost of my blog post on it. If anyone has any ideas and can help or point me to someone who can, I would appreciate it since I've now been stuck on this problem for a number of days and I'm pulling my hair out. Thanks. ----- It's been a busy few weeks. I moved to a new apartment early last week, so my life has been full of boxes and packing materials for quite some time now. Alas, the stress is over and life goes on. Okay, this update is more of a cry for help. I am calling on all SuSEfirewall2 / iptables experts out there. I am working on the Dansguardian filtering for the YaST Education module right now and have everything done on it. The only problem is that I can't get SuSEfirewall2 to play nice with my custom iptables rules to enable forwarding requests on port 80 to 8080 (Dansguardian's port). So here's the deal. I've got Dansguardian on port 8080 and Squid on port 3128. I need it to be a transparent proxy so that kids can't circumvent it easily. Also, the firewall is the client itself since most parents/teachers won't have another system lying around to be a separate firewall system. Therefore, all requests will be originating from the firewall system itself. Now, I have custom iptables rules to forward requests on port 80 to Dansguardian on 8080 (which, in turn, forwards the requests to Squid). The rules are as follows iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080 Thus, we redirect 80 to 8080 in rule 3, and we allow Squid to do its magic in rules 1 and 2. This works PERFECTLY when I don't have SuSEfirewall2 enabled. When I enable the firewall, however, pages just keep loading forever. Now, before anyone tells me that I should be using the PREROUTING chain or tells me to use the FW_REDIRECT setting in /etc/sysconfig/SuSEfirewall2, keep in mind that all requests originate from the firewall itself, and these settings only work for requests originating from other machines. So, I have these custom rules and I've added them to /etc/sysconfig/scripts/SuSEfirewall2-custom in the fw_custom_before_denyall() hook. I then added the following to /etc/sysconfig/SuSEfirewall2: FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" Perfect. I can see that the rules are being loaded by SuSEfirewall2 when I do an iptables -t nat -nvL after starting the firewall. But, as I say, pages just load forever after turning on the firewall. All relevant details are posted in my post in the openSUSE forums at [1]. I would appreciate anyone with knowledge in iptables / SuSEfirewall2 taking a look and posting a reply so that I can stop pulling my hair out and keep on progressing in this project. Thanks to all! [1] http://forums.opensuse.org/network-internet/417523-transparent-proxy-using-s... -- To unsubscribe, e-mail: opensuse-edu+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-edu+help@opensuse.org