| View previous topic :: View next topic |
| Author |
Message |
StarF
Guru
Joined: 12 Sep 2004
Posts: 368
|
 Posted: Thu Feb 12, 2009 7:30 am Post subject: Squid Proxy guide? |
 |
|
Hi
does there exist any guides on how to set up a squid proxy with antivirus scan, and so on?
tryed to check the wiki, but nothing there? |
|
| Back to top |
|
 |
h0mer`-
Apprentice
Joined: 02 Aug 2004
Posts: 215
|
| Posted: Thu Feb 12, 2009 10:11 am Post subject: |
|
|
I think there is no support for squid running with a virus scan, but you can use dansguardian in addition to squid which is able to scan for viruses.
Configuring squid is not necessary then, if you aint gonna run some special setup. All configuration is done in dansguardian.
Look into the following files.
/etc/dansguardian/dansguardian.conf
/etc/dansguardian/dansguardianf1.conf
Its pretty much self explanatory. |
|
| Back to top |
|
|
StarF
Guru
Joined: 12 Sep 2004
Posts: 368
|
| Posted: Thu Feb 12, 2009 10:23 am Post subject: |
|
|
tnx for the tip..
what about just a guide to squid then? hate poking aroind in something new with out something to keep me on track. |
|
| Back to top |
|
|
h0mer`-
Apprentice
Joined: 02 Aug 2004
Posts: 215
|
| Posted: Thu Feb 12, 2009 1:35 pm Post subject: |
|
|
For squid you only need to edit the /etc/squid/squid.conf file.
Edit the file around line 600+ and add those 2 lines according to your local network setup (order is important)
| Code: |
acl localnet src 192.168.0.0/24
http_access allow localnet
http_access deny all
|
You can also create a seperate acl for each client rather than allowing access from your whole local network.
| Code: |
acl hoshi src 192.168.0.5/32
http_access allow hoshi
|
By default squid runs at port 3128 so you need to put the squidserver ip into your workstations browser settings. In gentoo console mode you can export the proxy by the following:
| Code: | | export http_proxy="http://ipofyoursquidserver:3128" |
|
|
| Back to top |
|
|
StarF
Guru
Joined: 12 Sep 2004
Posts: 368
|
| Posted: Thu Feb 12, 2009 1:50 pm Post subject: |
|
|
i was gonna run it as a transparent proxy. curently trying to set it up via webmin, is it possible to config squid in every way in there?
like if i need to set it up as a transparent proxy and so on? |
|
| Back to top |
|
|
h0mer`-
Apprentice
Joined: 02 Aug 2004
Posts: 215
|
| Posted: Thu Feb 12, 2009 2:05 pm Post subject: |
|
|
Transparent proxy mode has its flaws, because https and ftp traffic doesn't work any more and you cannot use user authentication any more.
| Code: | httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on |
And you need to redirect port 80 to 3128 on your server via iptables or something like that. |
|
| Back to top |
|
|
StarF
Guru
Joined: 12 Sep 2004
Posts: 368
|
| Posted: Thu Feb 12, 2009 2:13 pm Post subject: |
|
|
| h0mer`- wrote: | Transparent proxy mode has its flaws, because https and ftp traffic doesn't work any more and you cannot use user authentication any more.
| Code: | httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on |
And you need to redirect port 80 to 3128 on your server via iptables or something like that. |
tnx for the help. I thought if you allowed it ftp and https trafic would work as always?
the isue is i need a way to control a network, so i can remove bit torrent trafic from my network, and also have some sort of proxy. i need it to be a transparent, so the users cannot get around it. |
|
| Back to top |
|
|
h0mer`-
Apprentice
Joined: 02 Aug 2004
Posts: 215
|
| Posted: Thu Feb 12, 2009 2:24 pm Post subject: |
|
|
| Well if u have control over the gateway from your LAN to WAN then there are many possibilities to achieve your goal, but i really cant decide what would be best with so little information. |
|
| Back to top |
|
|
nativemad
Developer
Joined: 30 Aug 2004
Posts: 918
Location: Switzerland
|
| Posted: Thu Feb 12, 2009 4:00 pm Post subject: |
|
|
You could use a transparent bridge with iptables/ebtables in front of your gateway to achieve that, if you can't manipulate the gateway itself!
_________________
Power to the people! |
|
| Back to top |
|
|
|
Networking & Security
