Scenario-:
1. Configure squid Server
2. Configure Dan guardian
3. Configure Iptables
4. Configure Proxy server as a router.
Our purpose of proxy server is to sharing internet connection for web browsing performance & configures Dan guardian for content and site blocking.
A. Allow Internal to all user with restricted web site and content.
B. Allow limited user can access all site
C. Publish local server as a web server in different-different port.
D. All user can send receive mail from the Outlook but they can’t access restricted site.
E. Allow vnc, Sql server and Remote Desktop Connection access form to internet to External Network.
F. Allow company’s website access to all users
Process-:
External LAN Card- eth0 (10.10.10.1)
Internal LAN Card- eth1(192.168.10.1)
1. Configure and install Squid Server-:
# yum install squid*
Cp /etc/squid/squid.conf /etc/squid/squid.conf.bkp
Vim /etc/squid/squid.conf
visible hostname vsnl.com
http_port 3128
# Restrict Web access by IP address
Acl special_client src “/etc/squid/special_client_ip_txt” # allow all site access users ‘s ip list
Acl our_networks src 192.168.10.0/24 # allow network
Acl bed url_regex “ /etc/squid/squid/squid-block.acl” # list of block site ‘s name
http_access allow bed special_client # allow access all site to special client list
http_access deny bed our_networks # allow limited access
http_access allow our_networks # allow access to network
vim /etc/squid/special_client_ip_txt
192.168.10.126
192.168.10.200
192.168.10.251
vim /etc/squid/squid_block_acl
orkut.com
yahoo.com
gmial.com
Service squid start
# Service squid stop
# Service squid restart
Install and Configure Dansguardain -:
Yum install dans*
Cp /etc/dansguardain/dansguardian.conf /etc/dansguardain/dansguardian.conf.bkp
Vim /etc/dansguardian/dansguardain.conf
Filter ip = 192.168.10.1
Filter port = 8080
Proxy ip = 127.0.0.1
Proxy port = 3128
Vim /etc/dansguardian/list/bandsitelist
Gmail.com # list of block site
Yahoo.com
Facebook.com
Orkut.com
Vim /etc/dansguardain/list/bannedregexpurllist
# Hard core phase ( for content blocking)
Orkut|youtube|sport|gmail|facebook|orkut|sex|video|virus|audio
Vim /etc/dansguardian/lists/exceptionsitelist
# following site will not be filter by dansguardain. Allow for all users.
www.online-linux.blogspot.com
www.xyz.com
vim/etc/dansguardian/exceptioniplist
# list of ip allow all fitler site.
192.168.10.126
192.168.10.200
192.168.10.251
Configure Iptables-:
# masquerade local lan(eth1)
# redirect all request 80 to 8080 from eth1(local lan)
# publish local website
# allow 80 and 8080 port
$ iptables –t nat –A POSTROUTING –I eth1 –j MASQUERADE
$ iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
$ iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 3128 -j REDIRECT --to-port 8080
$ iptables -t nat -A PREROUTING -p tcp -d 10.10.10.1 --dport 8090 -j DNAT --to-destination 192.168.10.10:8090
$ iptables –I INPUT –s 192.168.10.0/24 –p tcp –-dport 80 –J ACCEPT
$ iptables –I INPUT –s 192.168.10.0/24 –p tcp –dport 8080 –J ACCEPT
Client Site-
Lan setting- 192.168.100.1:8080