I am in the same situation

CC: (none) => gstoduto

iirc there some log in /var/log, nothing interesting in them ?

Component: Release (media or process) => RPM Packages

Created attachment 4157 [details]
Log and rules and screen

I have attached the log and various rules and an image

as seen in the image you can not set the white list to enter good sites

to start squid should you have to give the following command from a terminal

#systemctl start squid

The default configuration has changed.
From http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid

"From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in."

Comment out the lines
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

and it will start OK

cc'ing most recent packager.

CC: (none) => derekjenn, luigiwalser
Source RPM: dansguardian squid => squid-3.2.10-1.mga3

Indeed you do have to remove those lines from squid.conf as Derek said.

As for dansguardian and drakguard, I don't know anything about those.  The dansguardian package doesn't have a maintainer.  I know Jani has been working on drakguard lately and has even pushed an update candidate for it to updates_testing, so perhaps he has some insight.

CC: (none) => jani.valimaa

I've only pushed David's work as he doesn't have submit rights yet and I'm mentoring him. I don't really know much about drakguard.

Ahh, thanks Jani.  Looking at SVN, I'm guessing you meant Derek.

Derek, are you having any issues with Squid specifically that you need either my or the squid package maintainer (Daniel Lucio)'s help with?

(In reply to David Walser from comment #8)
> Ahh, thanks Jani.  Looking at SVN, I'm guessing you meant Derek.
> 

Ah, yes, of course.

>Derek, are you having any issues with Squid specifically that you need either my >or the squid package maintainer (Daniel Lucio)'s help with?

This is a squid issue rather than drakguard or dansguardian.

I cc'd you David because you have been working on squid recently and I cannot access the maintainer database yet to see who is the official maintainer.
If Daniel does not have the time I will happily do a squid update.

There's actually already a Squid update in updates_testing.

What's the issue with Squid?

(In reply to Derek Jennings from comment #10)

> If Daniel does not have the time I will happily do a squid update.

https://freeshell.de/~manu67/mageia/intcom.cgi?pkg=squid&co=0&ver=Cauldron
> dlucio

Keywords: (none) => Triaged
CC: (none) => luis.daniel.lucio

Yes, we know who the maintainer is, but it's not clear what problem there supposedly is with Squid itself.  If it's just the configuration problem mentioned in Comment 5, that's not a package problem, that's just something you have to fix yourself if you upgrade from Mageia 2 and you had modified squid.conf.

(In reply to David Walser from comment #13)
> Yes, we know who the maintainer is, but it's not clear what problem there
> supposedly is with Squid itself.  If it's just the configuration problem
> mentioned in Comment 5, that's not a package problem, that's just something
> you have to fix yourself if you upgrade from Mageia 2 and you had modified
> squid.conf.

Yes you are right. There is nothing wrong with the default config file in squid.  Like the OP I must have had an old squid.conf lying around. I had thought I was installing it for the first time.

So can this bug be closed as INVALID?

Closing as INVALID
Please reopen if the advice to resolve the problem in Comment 5 does not help

Status: NEW => RESOLVED
Resolution: (none) => INVALID

During my current work on drakguard I have established that there is an issue with squid 3.2 working with dansguardian and drakguard.

In squid 3.2 there is a change in the way that transparent proxy operates as described in this mail
http://www.squid-cache.org/mail-archive/squid-users/201208/0374.html

Essentially it means that a squid transparent proxy can only work if DNAT is performed on the same box squid is operating on. As 95% of home users will have DNAT operating on their home router then it will not work.

However I have established that drakguard/squid/dansguardian WILL work if I disable transparent/intercept in squid.


REOPENING and assigning to myself for resolution in drakguard.


/etc/shorewall/rules.drakx
ACCEPT+	fw	net	tcp	3128	-	-	-	dansguardian
ACCEPT+	fw	net	tcp	http	-	-	-	squid
REDIRECT	fw	8080	tcp	3128	-
REDIRECT	loc	8080	tcp	3128	-
REDIRECT	fw	8080	tcp	http	-
REDIRECT	loc	8080	tcp	http	-


/etc/squid/squid.conf
acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local machines

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
http_access allow localhost manager
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320
shutdown_lifetime 5 seconds
cache_effective_user squid
cache_effective_group squid

Priority: High => Normal
Status: RESOLVED => REOPENED
Resolution: INVALID => (none)
Assignee: bugsquad => derekjenn
Source RPM: squid-3.2.10-1.mga3 => drakguard
Severity: major => normal

I tested dansguard in update-test and works well for me now

sorry I meant drakguard

thanks

Hello I installed the update packages for testing drakguard and squid.
I no longer have the problem of acl but it is not working yet. I do a search on the internet, google gives me answer as soon as I click on a link whatever it is I errors conexion. Parental control is not functional

(In reply to thierry THunot from comment #20)
> Hello I installed the update packages for testing drakguard and squid.
> I no longer have the problem of acl but it is not working yet. I do a search
> on the internet, google gives me answer as soon as I click on a link
> whatever it is I errors conexion. Parental control is not functional

Dansguardian does not block google searches for inappropriate material. You have to actually click on the link before dansguardian will block it.

If you would rather not click on such links there is a test link you can use at
http://dansguardian.org/downloads/test.zip

Also the user must not be selected in the'Allowed users' column of drakguard.

BTW: The reason google search results are not blocked is because by default google uses ssl encryption and proxy servers do not work with ssl.

The workaround is to configure your browser to use nosslsearch.google.com as its default search engine.

alternatively put an entry in /etc/hosts to make nosslsearch.google.com an alias for www.google.com

(In reply to thierry THunot from comment #20)
> Hello I installed the update packages for testing drakguard and squid.
> I no longer have the problem of acl but it is not working yet. I do a search
> on the internet, google gives me answer as soon as I click on a link
> whatever it is I errors conexion. Parental control is not functional

Hi Thierry. I think I misread your comment the first time. You are saying that when you click on a google search result you see an error screen. Yes?

Is this error screen grey coloured with small text at the bottom saying it is from squid?

If so please confirm you have the correct version of drakguard installed. It should be drakguard-0.7.14-1 

If you have the correct version please post the contents of /etc/squid/squid.conf
and /etc/shorewall/rules.drakx

and are you using mageia 3 or mageia 2?

Hi Derek,
i work on Mageia 3.

rpm -qa|grep drakguard give
drakguard-0.7.14-1.mga3

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Deny requests to certain unsafe ports                                               
http_access deny !Safe_ports                                                          
                                                                                      
# Deny CONNECT to other than secure SSL ports                                         
http_access deny CONNECT !SSL_ports                                                   

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access allow localhost

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
shutdown_lifetime 5 seconds
cache_effective_user squid
cache_effective_group squid



/etc/shorewall/rules.drakx

ACCEPT+ fw      net     tcp     3128    -       -       -       dansguardian
ACCEPT+ fw      net     tcp     http    -       -       -       squid
ACCEPT+ fw      net     tcp     http    -       -       -       root
REDIRECT        fw      8080    tcp     3128    -
REDIRECT        loc     8080    tcp     3128    -
REDIRECT        fw      8080    tcp     http    -
REDIRECT        loc     8080    tcp     http    -

Scuse me but the second time that i reboot my computer!!! and so parental control is ok!!!!!!!!!!! very good work tahnks a lot for this work!!!!!

I do not understand why but now no longer goes

I turned off the PC for 2 hours. I turned on the problem occurred again
also in the virtual machine used for the test
:(

Guiseppo, I need more details.

What symptoms do you see? Can you browse? Do you get any error screens?

What is the status of the shorewall, squid and dansguardian services? They all need to be running.

what are the contents of /etc/shorewall/rules.drakx and /etc/squid/squid.conf?

squid does not start at boot time.

in reality takes about 6 minutes to start.

after 6 minutes everything works fine


configuration files are the same as "comment 24"

[OT]
# ps -AlF | grep squid
1 S root      9085     1  0  80   0 - 14504 wait    3884   2 14:58 ?        00:00:00 squid
4 S squid     9088  9085  0  80   0 - 16827 ep_pol 14056   1 14:58 ?        00:00:00 (squid-1)
4 S squid     9089  9088  0  80   0 -  1061 unix_s   352   0 14:58 ?        00:00:00 (logfile-daemon) /var/log/squid/access.log
4 S squid     9090  9088  0  80   0 -  3292 poll_s  1752   3 14:58 ?        00:00:00 (pinger)
4 S root      9875  5590  0  80   0 -  3047 pipe_w   952   3 15:03 pts/0    00:00:00 grep --color squid

is normal squid is root? [/OT]

(In reply to Giuseppe Stoduto from comment #27)
> squid does not start at boot time.
> 
> in reality takes about 6 minutes to start.
> 
> after 6 minutes everything works fine
> 

Yes I see the same thing. Squid does not start until 6 minutes after booting

That is a squid problem.  Could you open a new bug report on that one please.



journalctl --since 16:19  _SYSTEMD_UNIT=squid.service
-- Logs begin at Thu, 2013-05-23 17:00:10 BST, end at Mon, 2013-07-15 16:33:47 BST. --
Jul 15 16:19:01 Derek.localdomain squid[7211]: Squid Parent: will start 1 kids
Jul 15 16:19:01 Derek.localdomain squid[7211]: Squid Parent: (squid-1) process 7216 started
Jul 15 16:19:01 Derek.localdomain squid[7218]: Squid Parent: will start 1 kids
Jul 15 16:19:01 Derek.localdomain squid[7218]: Squid Parent: (squid-1) process 7221 started
Jul 15 16:19:01 Derek.localdomain squid[7211]: Squid Parent: (squid-1) process 7216 exited with status 0
Jul 15 16:19:02 Derek.localdomain squid[7188]: init_cache_dir ... Starting squid: .[  OK  ]
Jul 15 16:21:04 Derek.localdomain squid[7218]: Squid Parent: (squid-1) process 7221 exited with status 0
Jul 15 16:21:05 Derek.localdomain squid[7847]: Stopping squid: ....[  OK  ]
-- Reboot --
Jul 15 16:27:11 Derek.localdomain squid[4527]: Squid Parent: will start 1 kids
Jul 15 16:27:11 Derek.localdomain squid[4527]: Squid Parent: (squid-1) process 4530 started
Jul 15 16:27:11 Derek.localdomain squid[4532]: Squid Parent: will start 1 kids
Jul 15 16:27:11 Derek.localdomain squid[4532]: Squid Parent: (squid-1) process 4535 started
Jul 15 16:27:11 Derek.localdomain squid[4527]: Squid Parent: (squid-1) process 4530 exited with status 0
Jul 15 16:27:12 Derek.localdomain squid[4516]: init_cache_dir ... Starting squid: .[  OK  ]

I opened a new bug report as suggested

https://bugs.mageia.org/show_bug.cgi?id=10772

thank you

resolved with dansguardian-2.10.1.1-9.1.mga3.src.rpm see bug 10884

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED