https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471420#M79931 Chen,<BR /><BR />For real security you'll need a little bit more than a proxy server.<BR /><BR />For a minimum security do the following:<BR /><BR />Install two NIC Cards to your Linux maschine.<BR />Switch off IP-Forwarding in your Kernel Configuration. <BR />One connected to your internet Router with your offical IP Adress.<BR />One to your internal Network. For the Interneal Network use RFC not-routed IP adresse (192,160.xxxx.xxx, 172.20.xxx.xxx, 10.xxx.xxx.xxx).<BR /><BR />Install Squid for http, https and FTP to the internet. <BR />In squid.conf set the access rules that only your internel network can access the proxy.<BR />Don't start Inetd. Nomally you don't really use it. If you need to configure the Proxy Server remotely use the secure shell (ssh).<BR />Don't install sendmail. If you need sendmail, be carefull. It musst be configured without relaying.<BR /><BR />For more secutrity you can set access rules with "ipchains". But thats not easy.<BR /><BR />For more access to the internet than www and ftp you can use IP Masquerading (aka NAT).<BR /><BR />Hope this helps a little bit<BR /><BR />so long<BR /><BR />Ralf<BR /> Thu, 07 Dec 2000 08:58:55 GMT Ralf Reinartz 2000-12-07T08:58:55Z https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471419#M79930 Currently, i would like to setup a small cyber cafe for my company. I wish to install Linux as my platform and all PCs must go thru my server (also Linux) before can go to internet.<BR />Besides, i also need to clock some phono websides. So, any recommendation for this idea and HOW to implemet it. Is squid fullfil my requirements. ?? Thu, 07 Dec 2000 01:20:13 GMT https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471419#M79930 Kenn Chen 2000-12-07T01:20:13Z https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471420#M79931 Chen,<BR /><BR />For real security you'll need a little bit more than a proxy server.<BR /><BR />For a minimum security do the following:<BR /><BR />Install two NIC Cards to your Linux maschine.<BR />Switch off IP-Forwarding in your Kernel Configuration. <BR />One connected to your internet Router with your offical IP Adress.<BR />One to your internal Network. For the Interneal Network use RFC not-routed IP adresse (192,160.xxxx.xxx, 172.20.xxx.xxx, 10.xxx.xxx.xxx).<BR /><BR />Install Squid for http, https and FTP to the internet. <BR />In squid.conf set the access rules that only your internel network can access the proxy.<BR />Don't start Inetd. Nomally you don't really use it. If you need to configure the Proxy Server remotely use the secure shell (ssh).<BR />Don't install sendmail. If you need sendmail, be carefull. It musst be configured without relaying.<BR /><BR />For more secutrity you can set access rules with "ipchains". But thats not easy.<BR /><BR />For more access to the internet than www and ftp you can use IP Masquerading (aka NAT).<BR /><BR />Hope this helps a little bit<BR /><BR />so long<BR /><BR />Ralf<BR /> Thu, 07 Dec 2000 08:58:55 GMT https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471420#M79931 Ralf Reinartz 2000-12-07T08:58:55Z https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471421#M79932 I did modified the squid.conf and now the squid is started and work well. I can see the log files such as access.log and cache.log in squid directory. But, now, my purpose is to block certain website (e.g. 201.234.43.22)and i can't block the side although i already deny the IP address in squid.conf file.<BR /><BR />Sample <BR />======<BR /><BR />aclname = denied_hosts src 201.234.43.22<BR /><BR />http_access allow all<BR />http_access deny denied_hosts<BR /><BR />How can I block the side with squid.conf Thu, 07 Dec 2000 09:13:44 GMT https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471421#M79932 Kenn Chen 2000-12-07T09:13:44Z https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471422#M79933 You allow all first !.<BR />You must deny first.<BR /><BR />Sample <BR />====== <BR /><BR />aclname = denied_hosts src 201.234.43.22 <BR /><BR />http_access deny denied_hosts <BR />http_access allow all <BR /><BR /> Thu, 07 Dec 2000 10:16:35 GMT https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471422#M79933 Luiz Fernando de Andrad 2000-12-07T10:16:35Z https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471423#M79934 Hi friends ,<BR /><BR /> I do not want to block my clients PCs accessing to internet, BUT, i need to block / filter the website that they are acceessing to, example like porno websites. Is squid.conf can configure it ?? Fri, 08 Dec 2000 01:50:13 GMT https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471423#M79934 Kenn Chen 2000-12-08T01:50:13Z https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471424#M79935 <P>put on denied_hosts acl, the address you want do block !<BR /><BR />ex:<BR /><BR />aclname = denied_hosts src <A href="http://www.sex.com," target="_blank" rel="noopener">,</A> 200.200.100.1<BR /><BR />http_access deny denied_hosts <BR />http_access allow all <BR /><BR /></P> Thu, 04 Jul 2024 06:36:06 GMT https://community.hpe.com/t5/operating-system-linux/proxy-configuration/m-p/2471424#M79935 Luiz Fernando de Andrad 2024-07-04T06:36:06Z