{"id":1270,"date":"2012-08-31T17:48:02","date_gmt":"2012-08-31T09:48:02","guid":{"rendered":"http:\/\/rmohan.com\/?p=1270"},"modified":"2012-08-31T17:48:02","modified_gmt":"2012-08-31T09:48:02","slug":"configure-squid-with-dansguardian","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=1270","title":{"rendered":"Configure Squid with Dansguardian"},"content":{"rendered":"<p>Scenario-: 1. Configure squid Server 2. Configure Dan guardian 3. Configure Iptables 4. Configure Proxy server as a router.<br \/>Our purpose of proxy server is to sharing internet connection for web browsing performance &amp; configures Dan guardian for content and site blocking.<br \/>A. Allow Internal to all user with restricted web site and content. B. Allow limited user can access all site C. Publish local server as a web server in different-different port. D. All user can send receive mail from the Outlook but they can\u2019t access restricted site. E. Allow vnc, Sql server and Remote Desktop Connection access form to internet to External Network. F. Allow company\u2019s website access to all users <\/p>\n<p>Process-:<br \/> External LAN Card- eth0 (10.10.10.1) Internal LAN Card- eth1(192.168.10.1)<br \/>1. Configure and install Squid Server-:<br \/># yum install squid*<br \/>Cp \/etc\/squid\/squid.conf \/etc\/squid\/squid.conf.bkp<br \/>Vim \/etc\/squid\/squid.conf<br \/>visible hostname vsnl.com http_port 3128<br \/># Restrict Web access by IP address<br \/>Acl special_client src \u201c\/etc\/squid\/special_client_ip_txt\u201d # allow all site access users \u2018s ip list Acl our_networks src 192.168.10.0\/24 # allow network Acl bed url_regex \u201c \/etc\/squid\/squid\/squid-block.acl\u201d # list of block site \u2018s name http_access allow bed special_client # allow access all site to special client list http_access deny bed our_networks # allow limited access http_access allow our_networks # allow access to network<br \/>vim \/etc\/squid\/special_client_ip_txt 192.168.10.126 192.168.10.200 192.168.10.251 vim \/etc\/squid\/squid_block_acl orkut.com yahoo.com gmial.com<br \/>Service squid start # Service squid stop # Service squid restart<br \/> Install and Configure Dansguardain -: Yum install dans*<br \/>Cp \/etc\/dansguardain\/dansguardian.conf \/etc\/dansguardain\/dansguardian.conf.bkp<br \/>Vim \/etc\/dansguardian\/dansguardain.conf <br \/>Filter ip = 192.168.10.1 Filter port = 8080 Proxy ip = 127.0.0.1 Proxy port = 3128<br \/>Vim \/etc\/dansguardian\/list\/bandsitelist Gmail.com # list of block site Yahoo.com Facebook.com Orkut.com Vim \/etc\/dansguardain\/list\/bannedregexpurllist<br \/># Hard core phase ( for content blocking)<br \/>Orkut|youtube|sport|gmail|facebook|orkut|sex|video|virus|audio<br \/>Vim \/etc\/dansguardian\/lists\/exceptionsitelist # following site will not be filter by dansguardain. Allow for all users.<br \/>www.online-linux.blogspot.com www.xyz.com<br \/>vim\/etc\/dansguardian\/exceptioniplist<br \/># list of ip allow all fitler site.<br \/>192.168.10.126 192.168.10.200 192.168.10.251<br \/>Configure Iptables-: # masquerade local lan(eth1) # redirect all request 80 to 8080 from eth1(local lan) # publish local website # allow 80 and 8080 port <br \/>$ iptables \u2013t nat \u2013A POSTROUTING \u2013I eth1 \u2013j MASQUERADE $ iptables -t nat -A PREROUTING -i eth1 -p tcp &#8211;dport 80 -j REDIRECT &#8211;to-port 8080 $ iptables -t nat -A PREROUTING -i eth1 -p tcp &#8211;dport 3128 -j REDIRECT &#8211;to-port 8080 $ iptables -t nat -A PREROUTING -p tcp -d 10.10.10.1 &#8211;dport 8090 -j DNAT &#8211;to-destination 192.168.10.10:8090 $ iptables \u2013I INPUT \u2013s 192.168.10.0\/24 \u2013p tcp \u2013-dport 80 \u2013J ACCEPT $ iptables \u2013I INPUT \u2013s 192.168.10.0\/24 \u2013p tcp \u2013dport 8080 \u2013J ACCEPT<\/p>\n<p>Client Site-<br \/>Lan setting- 192.168.100.1:8080<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Scenario-: 1. Configure squid Server 2. Configure Dan guardian 3. Configure Iptables 4. Configure Proxy server as a router.Our purpose of proxy server is to sharing internet connection for web browsing performance &amp; configures Dan guardian for content and site blocking.A. Allow Internal to all user with restricted web site and content. B. Allow limited [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1270"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1270"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1270\/revisions"}],"predecessor-version":[{"id":1271,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1270\/revisions\/1271"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}