[squid-users] Shorewall redirect with Squid and Dansguardian

From: jools <[email protected]>
Date: Tue, 4 Jan 2005 01:45:19 +0000

Hi all,

I've just built Mandrake 10.1 on a Compaq Deskpro that I've built as a
router/firewall and am redirecting port 80 outbound to force users through
the Content Filter. I've run this setup on Mandrake 9.0 and 10.0 without any
problems but this time the following happens.

Squid is accessed through port 3128 and Dansguardian via 8080.

If I set my browser on a client to use the router/firewall proxy port 3128 and
remove the redirect the connection is like lighting. Similarly, If I set the
browser to use port 8080 it's rapid and the filter kicks in if pushed to a
smut site.

If I set the shorewall up on the router using:

REDIRECT loc 3128 tcp 80 -

or

REDIRECT loc 8080 tcp 80 -

in the rules file it takes anywhere between 10 -> 20 seconds to load a page
and often times out. Squid is set up with the http_accel options correctly
configured and I think I'm getting to the point where I can't see the wood
from the trees. Anyone else come up with this problem?

Spec as follows:

Compaq deskpro - 450MHz P2
96MB RAM
Alcatel Speedtouch 330v1 USB DSL modem
Mandrake 10.1 Power Pack
No GUI running at all
Shorewall v2.0.8
Squid v2.5.STABLE6
DansGuardian 2.7.7-8

CPU load is shown as 0 -> 5% when browsing and disk activity is minimal even
when proxying. 50MB RAM in use with no activity in the swap file at all so I
can't see the load being that high.

Cheers,

Jools
Received on Mon Jan 03 2005 - 18:45:21 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST